Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, April 10, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 1 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Chief Strategist and CSO, Security Mentor, Named One of the World's Top 100 IT Security Influencers for 2019 by CISO Platform
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    8:00 am
    SecureWorld PLUS Part 1 - Getting Started With Digital Forensics
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    MCJ Program Director and Instructor of Computer Science/Criminal Justice, DeSales University
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Attendees will learn how to properly seize and analyze electronic evidence. The course will cover protecting the integrity of digital evidence, maintaining the chain of custody, creating forensic images, analyzing evidence, and reporting relevant findings. Students will have the opportunity to participate in practical exercises to gain hands-on experience with handling electronic evidence and using digital forensics tools. Attendees will be provided with resources that they can use when handling incidents that involve electronic evidence.
    8:30 am
    Cyber Risk with a Smile
    • session level icon
    speaker photo
    Cyber Risk Program Manager, Christiana Care Health System
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Christiana Care Health System (CCHS) is one of the largest health care providers in the mid-Atlantic region, serving all of Delaware and parts of PA, MD and NJ. This presentation will provide an overview regarding how CCHS implements a successful cyber risk program.

    8:30 am
    Jumping the Canyon From Technical to Leadership and Landing Successfully
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Making the jump from a technical role to a leadership role, and lessons learned from the other side. Technology is easy, security in principle is not difficult – the challenge is working with other people, understanding the culture and determining who you are and want to be.

    8:30 am
    Social Engineering Your Way to More Security Budget
    • session level icon
    speaker photo
    CISO, CISO4hire
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Information security has always taken attacker technologies and re-purposed them to use as security tools. We can learn from what attackers have been able to do with psychology and use it to further security within our organizations.

    8:30 am
    GDPR Compliance 101
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    This presentation outlines the requirements of the EU General Data Protection Regulation and highlights key compliance challenges.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE:
    • session level icon
    speaker photo
    CISO, Pharmaceuticals and R&D, GSK (GlaxoSmithKline)
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    11:15 am
    A Security Professional's Experience as a Juror in the Bill Cosby Trial
    • session level icon
    speaker photo
    VP, Security, OnSolve
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Physical security is a critical element of any trial. From their selection through their return home, the personal safety of jurors is a top consideration. The stakes grow even higher in a high-profile case with a sequestered jury whose verdict stays in the spotlight far longer than your average trial.

    This session is a personal account from the foreperson in the trial against Bill Cosby, a trial that was watched around the world and commanded intense media attention. Cheryl Carmel, who also happens to have years of experience in the security industry, will discuss her experience serving on the jury and its effect on her sense of security and privacy. As a Vice President of Security, Cheryl has studied and experienced security as both a provider and receiver. Join her for her unique perspective on both sides of the issue.

    11:15 am
    baramundi: Innovative Endpoint Management
    • session level icon
    A Holistic Approach to Vulnerability Management, Patching, OS-Upgrades, and Software Distribution
    speaker photo
    Executive Sales Manager, baramundi Software USA Inc.
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Zero Day Vulnerability, Windows Fall Anniversary Update, Office 365 Migration: Are any of these topics causing you to lose sleep? This seminar will show you how you can automate OS-migrations, software deployment projects, and effective security exploit management all from one easy to use Endpoint Management Suite. This solution assists in making you the expert!

    11:15 am
    RESILIENCE: Not Just for Computers, for YOU
    • session level icon
    Resilience is a critical skill of a successful pro and you can build it for yourself.
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    For many, if not most of us, we either fear failure, or we are figuring out how to recover from it. Karen’s own personal crisis as the CISO of Microsoft is what drives her to share radical resilience strategies for pros so you can roll with the punches and find the best path for you health, wealth and relationships.

    11:15 am
    It is Cloudy Out There!
    • session level icon
    speaker photo
    Cloud Security Architect, The Vanguard Group
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Has your organization already moved to public cloud, or considering? If so, you need to attend this talk to understand how it’s different than the on-prem security. You need to know what assets, users and data you have in the cloud. You also need to pay attention to what controls are missing in the cloud. This presentation will walk though some of the issues and tips of cloud security.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    12:15 pm
    LUNCH KEYNOTE — Securing the Human: Threat Landscape in the Healthcare Industry
    • session level icon
    speaker photo
    CISO , Christiana Care Health System
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    This presentation will provide an overview of the current threat landscape in the industry and:

    • Identify motivators for targeting the industry
    • The role of consumerism and the shift in risk
    • Why information security is not a technology issue but a patient safety issue
    • The challenges in securing the human versus securing the data center

     

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.

    1:15 pm
    Panel: Cloudy With a Chance of Breach
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    Everything old is new again. Migrating to the cloud certainly is not a new thing. It is for some smaller companies that are just now able to afford making the move to the cloud. Cloud boasts a secure, disaster proof option for companies to store their data offsite with access to that data from practically anywhere. So, who’s fault is it when the data is compromised? What if your information is stolen from the cloud because another user’s data was at fault? At the end of the day, isn’t the cloud just someone else’s computer? Join this panel discussion as they guide you through the pros and cons in migrating to the cloud.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Implementing a Successful Privileged Access Management Program - Lessons Learned
    • session level icon
    speaker photo
    IT Program Manager, Aetna
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Exploitation of privileged access is the #1 root cause of most large scale breaches in the recent past. Organizations are at risk of exploitation as there are typically limited controls (tools, processes) to manage privileged access and little to no comprehensive view of these controls. A well-run Privileged Access management program can considerably mitigate the intentional/unintentional misuse of privileged access at all levels in the IT Stack (Host, Database, Network, Applications). This session will provide pointers on how to run a successful multi-year Privileged Access Management Program.

    3:00 pm
    Third-Party Vendor Risk Management, Lessons Learned, and Best Practices
    • session level icon
    speaker photo
    IT Risk Lead, Campbell Soup Company
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Modern business today relies on third parties to reduce overhead and cost. This can include the transfer of critical data which sometimes include “Crown Jewels.” How businesses evaluates these vendors should be built into the procurement process, but also take in to account how the vendor responds to these requests—and not just from you, but from every other company they are hosting, processing, and transferring data for.

    Learn how you can streamline the process and create value for both your company and your vendor(s).

    3:00 pm
    A Survey of U.S. Domestic Security and Privacy Laws: The Evolving Landscape
    • session level icon
    speaker photo
    Managing Partner, XPAN Law Group, LLC
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    A Survey of U.S. Domestic Security and Privacy Laws: The Evolving Landscape. The US legal framework for cybersecurity and data privacy continues to evolve, trying to stay abreast of the ever evolving and changing technologies. In the past year, State and Federal regulatory changes have altered the legal and compliance oblgiations of many companies across a variety of industries. Additionally, the courts are starting to adopt opinions that are placed more liability on companies for the protection of sensitive personal data. This presentation will provide an overview of key regulatory and legal changes both at the State and Federal level and discuss how companies should prepare to meet these evolving obligations.

    3:00 pm
    I.A.M. What I Am: Building a Strong Identity and Access Management Program
    • session level icon
    speaker photo
    Director, Data Protection and Security Governance, Health Partners Plans
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Identity and Access Management has risen from a necessary evil to the “new perimeter” as applications migrate to the cloud. Having the right people aligned to your business processes with sound technology will propel your IAM program from the back office to business enabling function. This presentation will guide you on how to mature your existing identity and access management program, pitfalls to avoid, and tips to get your stakeholders on board.

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:00 pm
    SecureWorld PLUS Part 2 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Chief Strategist and CSO, Security Mentor, Named One of the World's Top 100 IT Security Influencers for 2019 by CISO Platform
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    3:00 pm
    SecureWorld PLUS Part 2 - Getting Started with Digital Forensics
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    MCJ Program Director and Instructor of Computer Science/Criminal Justice, DeSales University
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Attendees will learn how to properly seize and analyze electronic evidence. The course will cover protecting the integrity of digital evidence, maintaining the chain of custody, creating forensic images, analyzing evidence, and reporting relevant findings. Students will have the opportunity to participate in practical exercises to gain hands-on experience with handling electronic evidence and using digital forensics tools. Attendees will be provided with resources that they can use when handling incidents that involve electronic evidence.
  • Thursday, April 11, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 3 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Chief Strategist and CSO, Security Mentor, Named One of the World's Top 100 IT Security Influencers for 2019 by CISO Platform
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    8:00 am
    SecureWorld PLUS Part 3 - Getting Started with Digital Forensics
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    MCJ Program Director and Instructor of Computer Science/Criminal Justice, DeSales University
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    Attendees will learn how to properly seize and analyze electronic evidence. The course will cover protecting the integrity of digital evidence, maintaining the chain of custody, creating forensic images, analyzing evidence, and reporting relevant findings. Students will have the opportunity to participate in practical exercises to gain hands-on experience with handling electronic evidence and using digital forensics tools. Attendees will be provided with resources that they can use when handling incidents that involve electronic evidence.

    8:30 am
    Blockchain and Data Protection Laws: Can They Co-Exist?
    • session level icon
    speaker photo
    Managing Partner, XPAN Law Group, LLC
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Blockchain and Data Protection Laws: Can they Co-Exist? With the increasing emphasis on data privacy, and the adoption of data protection regulations, Blockchain faces hurtles in complying with these regulatory obligations while allowing for the continued evolution of the technology. This presentation will discuss the ways in which Blockchain needs to take into account core privacy principles, and discuss the practical implications of various data protection regulations, including the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other regulatory requirements.
    8:30 am
    Insider Threat Report: Out of Sight Should Never Be out of Mind
    • session level icon
    speaker photo
    Senior Manager, Verizon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Within the panoply of cybersecurity incidents, insider threat activities are an exceptional challenge. These threat actors enjoy trust, privilege, and access. Add a detrimental motivation and disaster ensues. This presentation covers the Verizon “Insider Threat Report; ” a compilation of data breach data, scenario, and experience-driven insights into recognizing, mitigating, and investigating insider threat activities.

     

    8:30 am
    Blockchain + IoT = <3
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Blockchain technology is very young and often times overhyped. In this talk we will cut through the hype and explore the use of blockchain technology to secure IoT devices. No previous understanding of blockchain technology is required to attend.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE:
    • session level icon
    speaker photo
    Criminal Investigator, United States Secret Service
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    11:15 am
    Business and the Beast
    • session level icon
    speaker photo
    Director, Cybersecurity Risk Management, Thermo Fisher Scientific
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Technology has created not just new jobs requiring new skills – it has fundamentally changed the way we work on a daily basis. However, for every company pushing the boundaries of technology, there are many more holding on to the traditional views of what a business should be and how it should operate. Cybersecurity teams are not insulated from these changes, and our industry is subject to entrenched and outdated modes of operation as many others. This talk is about the beasts – the myriad of changes and advancements occurring across business that are challenging the fundamental ways businesses have been operating for generations.
    11:15 am
    EU GDPR: Enforcement Landscape, Key Security Risks, and Recommendations
    • session level icon
    speaker photo
    Partner, Park Legal LLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    The GDPR has been in effect since May 25, 2018. Hear from a presenter who sits on a team with the EU and other data protection regulators about the number of complaints and security breach reports that various EU member states have received since the GDPR took effect, as well as enforcement under that regulation. The presenter will also discuss key triggers for enforcement, particularly in relation to IT security, and will provide recommendations to help organizations successfully address the complex GDPR and member state requirements for IT security.
    11:15 am
    Trials and Tribulations of Identity Access Management
    • session level icon
    Lock it down! Making sure access is granted only to those who need it without losing your mind.
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Logical security is a key aspect of securing our environments, however it’s also known as the low hanging fruit of issues companies are facing in 2018. This discussion will focus on outlining the various components of a well secured IAM program and where to start and baby steps to lock down your enterprise. We’ll also discuss various industry tools to help automate these processes.

    11:15 am
    Rethinking Network Security With a Software-Defined Perimeter
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Traditional network security is failing us. This session introduces a new, open network security model, the Software-Defined Perimeter. This architecture, published by the Cloud Security Alliance, verifies and secures all user access to network resources, improving security and compliance for both on-premises and cloud environments.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    12:15 pm
    LUNCH KEYNOTE: The 7 Cybersecurity Habits of Digital Disruptors
    • session level icon
    speaker photo
    VP of Security Strategies, IDC
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    Cybersecurity in the age of digital transformation is a balancing act – too much security risks heavy overhead and impedance of new initiatives, but too little security risks catastrophic breach. Mature transformers – digital disruptors – have cracked the code for cybersecurity and demonstrate 7 habits that help them protect their digital transformation initiatives.
    1:15 pm
    Panel: Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.

    1:15 pm
    Panel: Access Control – The End of the Password?
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    “Open Sesame!” Whether you recognize the term coming from Ali Baba or one of the forty thieves, this timeless password ranks up there with “password123” or “admin” on your home wireless router. Passwords were created to keep us safe or keep something safe for us. Back in the day you were able to look the person in the eye when they said the password. You knew (roughly) what you were getting, and you could perform a risk assessment (of sorts) on the speaker. Now, with some many ways at getting our information, the password is going the way of the dodo.  Is 2FA good enough? Zero Trust? Pass phrases? Perhaps your own voice is the password? I don’t know the answer, but I’d be willing to bet that some of the experts on this panel will be able to help you decide what to do with the password dilemma.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    An Introduction to IoT Penetration Testing
    • session level icon
    speaker photo
    Cybersecurity Manager & Research Lead, Kreischer Miller
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    IoT devices are one of the biggest challenges for security professionals now and will continue to be in the future. The secure engineering and implementation of these devices is critical as more insecure devices come to market. As technology professionals we need to have an idea how these devices effect our organization. In this talk we will explore the basic principles of IoT PenTesting, what is in an effective toolset, reverse engineering, and analyzing popular IoT protocols with software defined radios.

    3:00 pm
    A Shared Leadership Approach to IT/Security
    • session level icon
    It's time to deputize everyone as IT/Security agents!
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Wayne

    IT/Security is a company-wide responsibility, with company-wide exposure. Our IT/Security teams CAN’T do this alone. I provide tools, templates, visuals, on-boarding procedures, and new job descriptions—all easily implemented to provide a Shared Leadership Approach to IT/Security. We don’t have to pay outside vendors to secure our data when we can do it ourselves, internally! I will be providing a fast-moving, 30-slide presentation with handouts to take back to your company to begin the transformation right now.

    3:00 pm
    The Weaponization of AI
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Although AI is being hailed as the new silver bullet for cyber defense, it is also the source of many fears as to its weaponization and use in the hands of cyber criminals and other malicious attackers. Risks include the creation and use of highly intelligent malware. Risks also include both the increasing autonomous nature of vehicles and others devices. This session will explore these risks and their potential impact on our society and world.
Exhibitors
  • ASIS
    Booth: TBD

    ASIS International is the world’s largest membership association for security professionals. With hundreds of chapters across the globe, ASIS is recognized as the premier source for learning, networking, standards, and research. ASIS ensures its members and the security community have access to the intelligence and resources necessary to protect their people, property, and information assets. www.asisonline.org

  • baramundi software USA, Inc.
    Booth: TBD

    baramundi software USA, Inc. provides companies and organizations with efficient, secure, and cross-platform management of workstation environments. Around the world, over 2,000 customers of all sizes and from every sector benefit from the independent German manufacturer’s many years of experience and outstanding products. These are compiled into an integrated, future-orientated unified endpoint management approach in the baramundi Management Suite: endpoint management, mobile device management, and endpoint security are provided via a shared interface, using a single database, and according to global standards.

  • Big Switch Networks
    Booth: TBD

    Big Switch Networks is the next-gen networking company. Big Monitoring Fabric is an NPB that enables pervasive visibility and security across all workloads: physical, VM , container or cloud. Big Mon Inline enables pervasive security in the DMZ while offering lower-cost and SDN-centric operational simplicity. Tech partnerships include: A10, Palo Alto Networks, Symantec, FireEye, ExtraHop, Riverbed.

  • Carbon Black
    Booth: TBD

    Carbon Black is Transforming Security Through Big Data and Analytics in the Cloud Growing trends in mobility and cloud have made the endpoint the new perimeter. New and emerging attacks are beating traditional defenses, and security teams are too reactive and held back by their technologies. Carbon Black is leveraging the power of big data and analytics to solve the challenges surrounding endpoint security. With the Cb Predictive Security Cloud platform, we are transforming cybersecurity to deliver a new generation of cloud-delivered security solutions designed to protect against the most advanced threats.

     

  • Cequence
    Booth: TBD

    Cequence Security delivers automated software solutions to protect the web, mobile, and API application services that hyper-connected organizations rely on to support business processes and customer engagements. Recognized as a 2018 Gartner Cool Vendor, we strengthen the security posture of our customers and improve the productivity and efficiency of their IT staff.

  • Cobalt.io
    Booth: TBD

    At Cobalt, we use a combination of data, technology and talent to meet the security challenges of the modern web or mobile application, and ensure we provide the smartest, most efficient services possible. From Cobalt Central, our powerful vulnerability dashboard, to Cobalt Insights, which gives you an intelligent overview of your application security program, we are driven by great technology.

  • Comodo Cybersecurity
    Booth: TBD

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • CRANIUM
    Booth: TBD

    CRANIUM is specialized in privacy and security solutions and services. CRANIUM builds bridges between IT, legal and business and provides profound end-to-end solutions on both tactical and operational levels. CRANIUM supports and familiarizes your organization with the compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and other national and international data protection regulations. We also offer protection against cyber-attacks and possible data breaches. CRANIUM also acts as a Legal (GDPR) representative for non-EU based companies (Art. 27 of the GDPR) and we have an in-house training academy, CRANIUM Campus, accredited by IAPP.

  • Darktrace
    Booth: TBD

    Darktrace is the world’s leading AI company for cyber defense. With over 7,000 deployments worldwide, the Enterprise Immune System is relied on to detect and fight back against cyber-attacks in real time. The self-learning AI takes one hour to install, works across the cloud, SaaS, corporate networks, IoT and industrial systems, and protects against the full range of cyber-threats and vulnerabilities, from insider threats and ransomware, to stealthy and silent attackers. Darktrace has 800 employees and 40 offices worldwide, with headquarters in San Francisco, and Cambridge, UK.

  • Delta Risk
    Booth: TBD

    Delta Risk was founded in 2007 from a vision of strategic and operational effectiveness to assist private sector and government organizations in understanding their current cyber security posture and building advanced cyber defense and risk management capabilities. We are a global provider of strategic, operational, and advisory solutions, including managed security services and security consulting services. Delta Risk is a Chertoff Group company.

  • DeSales University Cyber Security Program
    Booth: TBD

    DeSales University offers an exciting digital forensics certificate program, composed of four courses, that teaches students how to recover evidence from various types of electronic devices. Students receive hands-on experience with popular forensic tools and are prepared to address the legal and investigative issues involved with seizing and handling digital evidence. Graduates of the certificate program can add more courses toward a master’s degree in criminal justice or information systems. All courses are online, allowing students with busy schedules greater flexibility.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Electronic Crimes Task Force
    Booth:

    The role of the U.S. Secret Service has gradually evolved since the agency’s 1865 inception, from its initial mandate — suppressing the counterfeiting of U.S. currency — to protecting the integrity of the nation’s financial payment systems. During this time, as methods of payment have evolved, so has the scope of the Secret Service’s mission. Computers and other chip devices are now the facilitators of criminal activity or the target of such, compelling the involvement of the Secret Service in combating cyber crime. The perpetrators involved in the exploitation of such technology range from traditional fraud artists to violent criminals – all of whom recognize new opportunities to expand and diversify their criminal portfolio.

  • Global Cyber Alliance
    Booth: TBD

    The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

  • GuidePoint Security LLC
    Booth: TBD

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

  • HTCIA Delaware Valley Chapter
    Booth:

    The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge, about methods, processes, and techniques relating to investigation and security in advanced technologies among its membership.

    By becoming a member of the HTCIA you will affiliate yourself with a professional organization which will help you fully understand and address issues associated with investigations, apprehensions and methodologies associated with the newest breed of high tech criminals. With the explosion in use of computers and the Internet, there is an uprising in criminal activities that utilize these powerful tools. From computer viruses to data processing fraud, there are many growing threats that expose our society to a new kind of criminal activity.

  • InfoSec-Conferences.com
    Booth: n/a

    We’re the InfoSec Community’s #1 ‘Go To’ resource for Cybersecurity Conferences. Since 2012 we’ve provided Cybersecurity Professionals with accurate event listings that are manually checked and updated every day.

  • InfraGard Philadelphia
    Booth:

    InfraGard is a partnership between the FBI and the private sector. It is an association of people from businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. Philadelphia InfraGard Members Alliance (IMA) provides a forum for the exchange of information between the government, the owners and operators of the national infrastructure, and others concerned with the protection of the national infrastructure. Philadelphia IMA supports eastern Pennsylvania and southern New Jersey. Membership is free and new members are welcome.

  • ISACA Philadelphia
    Booth:

    The Philadelphia Chapter of ISACA has a membership base of more than 1,600 individuals primarily located in the Philadelphia and the surrounding suburbs, extending into Delaware and Southern New Jersey. The membership of the Chapter includes professionals working in various industries and capacities. From students through experienced C-level executives, the Philadelphia Chapter provides, training, networking and social events to this diverse group who share the common goal of providing expertise in IT audit, security, risk, and governance topics to their colleagues. The Chapter conducts events on a monthly basis led by an active, vibrant and dedicated group of volunteers and is actively seeking business partners to help provide value and knowledge to its members.

  • (ISC)2
    Booth: TBD

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • ISSA Delaware Valley
    Booth:

    Our chapter serves the Delaware Valley and Mid-Atlantic region. This is comprised of Eastern Pennsylvania, Northern Maryland, Southern New Jersey, and Delaware.
    We are making history as we continue to grow the chapter with your membership, and bring exciting programs to you. If you have not already been involved in the membership meetings, we encourage you to do so. Hopefully, you will walk away with more ideas to take back to your organizations, or you may come away with a sense of – “Hey, we had that same problem”, or “Our company is not alone in dealing with these issues.”

  • Ixia, a Keysight Business
    Booth: TBD

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Jazz Networks
    Booth: TBD

    Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.

  • Lastline
    Booth: TBD

    Lastline provides breach protection products that are innovating the way companies defend against advanced malware with fewer resources and at lower cost. We deliver the visibility, context, analysis, and integrations enterprise security teams need to quickly and completely eradicate malware-based threats before damaging and costly data breaches occur. Headquartered in Redwood City, California with offices throughout North America, Europe and Asia, Lastline’s technology is used by Global 5000 enterprises, is offered directly and through resellers and security service providers, and is integrated into leading third-party security technologies worldwide. www.lastline.com

  • Optiv
    Booth: TBD

    Optiv is the largest holistic pure-play cyber security solutions provider in North America. Our diverse and talented employees are committed to helping businesses, governments and educational institutions plan, build and run successful security programs through the right combination of products, services and solutions related to security program strategy, enterprise risk and consulting, threat and vulnerability management, enterprise incident management, security architecture and implementation, training, identity and access management, and managed security.

    Created in 2015 as a result of the Accuvant and FishNet Security merger, Optiv has served more than 12,000 clients of various sizes across multiple industries, offers an extensive geographic footprint, and has premium partnerships with more than 300 of the leading security product manufacturers.

  • OWASP
    Booth:

    The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

  • PACT
    Booth:

    Philadelphia Alliance for Capital and Technologies (PACT)’s vision is to be the go-to resource for fast growing companies, and a driver of entrepreneurship and innovation in the Philadelphia region. PACT provides its members with valuable content and connections to capital, coaching, and customers that will accelerate their growth and success, and to collaborate with other organizations to drive innovation and entrepreneurship in the region. Visit www.philadelphiapact.com for more information.

  • Rapid7
    Booth: TBD

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • SecureAuth
    Booth: TBD

    SecureAuth enables companies to determine identities with absolute confidence. Whether you’re seeking to continuously secure employee,
    customer or partner access, SecureAuth’s flexible and adaptive platform makes everything fast, frictionless and pain-free. Guaranteed.

  • Sonatype
    Booth: TBD

    Every day, developers rely on millions of third party and open source building blocks – known as components – to build the software that runs our world. Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don’t have to make the tradeoff between going fast and being secure. More than 120,000 organizations use Sonatype’s Nexus solutions to support agile, Continuous Delivery, and DevOps practices globally

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tenable
    Booth: TBD

    Tenable™, Inc. is the Cyber Exposure company. Over 24,000 organizations of all sizes around the globe rely on Tenable to manage and measure their modern attack surface to accurately understand and reduce cyber risk. As the creator of Nessus®, Tenable built its platform from the ground up to deeply understand assets, networks and vulnerabilities, extending this knowledge and expertise into Tenable.io™ to deliver the world’s first platform to provide live visibility into any asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, large government agencies and mid-sized organizations across the private and public sectors. Learn more at tenable.com.

  • Trend Micro
    Booth: TBD

    As a global leader in cloud security, Trend Micro develops Internet content security and threat management solutions that make the world safe for businesses and consumers to exchange digital information. With more than 20 years of experience, we’re recognized as the market leader in server security for delivering top-ranked client, server, and cloud-based security solutions that stop threats faster and protect data in physical, virtualized, and cloud environments.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Dan Lohrmann
    Chief Strategist and CSO, Security Mentor, Named One of the World's Top 100 IT Security Influencers for 2019 by CISO Platform

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Joe Walsh
    MCJ Program Director and Instructor of Computer Science/Criminal Justice, DeSales University

    Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for eleven years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor’s degree in Information Systems, a master’s degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D.

  • speaker photo
    Vince Fitzpatrick
    Cyber Risk Program Manager, Christiana Care Health System

    Vince Fitzpatrick has experience greater than some and less than others. Currently he is the Cyber Risk Program Manager at Christiana Care Health System (CCHS), one of the largest health care providers in the mid-Atlantic region, serving all of Delaware and parts of PA, MD, and NJ.

  • speaker photo
    Bryan Bechard
    CISO, CISO4hire

    Bryan has been working in infosec for 20 years as an individual contributor and management of security professionals. Currently he is the CISO of an auto finance company and Board member of ISC2 Philly chapter. Current certs: CISSP, CSSLP, CRISC.

  • speaker photo
    Dawn-Marie Hutchinson
    CISO, Pharmaceuticals and R&D, GSK (GlaxoSmithKline)

    Dawn-Marie Hutchinson brings more than 15 years of enterprise information technology experience to her role as CISO of GSK. She is an innovative business partner with extensive experience serving on Enterprise Risk Management teams. Hutchinson is an expert in providing data privacy and security solutions to manage information risk, improve IT governance and strengthen internal controls. Hutchinson’s extensive experience in information security and privacy program development has served the healthcare, insurance, retail and higher education sectors.

    While serving on the HITRUST working group for Data De-Identification, Hutchinson established standards and controls for the anonymization of patient level data and is credited with authoring the white paper for defining those levels, as well as use cases for the secondary uses of medical data. Additionally, she served on the HITRUST Privacy working group tasked with revising the HITRUST Common Security Framework to include additional privacy controls and the inclusion of NIST application recommendations.

    Prior to joining GSK, Hutchinson was the CSO at Comm Solutions and also led the information security program at Urban Outfitters, based in Philadelphia. Her tenure in IT also includes work at Walt Disney World, Co., Banknorth Group, Inc., Independence Blue Cross, Protiviti, and Optiv.

    Hutchinson currently sits on the Cyber Security Canon Committee, was the recipient of the CRM Women’s Power 50 award and hold accreditations that include Certified Information Security Manager (CISM), Certified in Risk and Information System Controls (CRISC), Certified Information Systems Auditor (CISA) and former Payment Card Industry Qualified Security Assessor (QSA). She is also a 2013 Master’s of Business Administration graduate of the Saint Joseph’s University Haub School of Business.

  • speaker photo
    Cheryl Carmel
    VP, Security, OnSolve

    In her role as vice president of security, Ms. Carmel is responsible for developing, maintaining and continual improvement for the GRC, security and privacy programs at OnSolve. Ms. Carmel is a member of ISC2, where she holds her CISSP and participates in the Safe and Secure Online cyber-security youth education program; International Association of Privacy Professionals, where she holds her CIPT (CIPP/IT) as well as members of ISSA, OWASP and InfraGard

  • speaker photo
    Robert Troup
    Executive Sales Manager, baramundi Software USA Inc.

    Bob Troup is Executive Sales Manager for baramundi Software USA Inc., Headquartered in Framingham, MA,. Bob is a 30-year industry veteran in corporate networking and endpoint management sales and consulting with companies including, Ivanti, VMWare, Auria Corp., and Xyplex. He specializes in solutions and deployment consulting for complex networks and cloud-based software environments.

  • speaker photo
    Vana Khurana
    Cloud Security Architect, The Vanguard Group

    Vana Khurana, Cloud Security Architect, The Vanguard Group, CISSP, AWS Certified Architect (A), CCSP, CCSK, GSEC. Director of Training and Board Member of Cloud Security Alliance Delaware Valley Chapter. Also, an Adjunct Faculty at Temple University, Philadelphia.

  • speaker photo
    Anahi Santiago
    CISO , Christiana Care Health System

    Anahi Santiago is the Chief Information Security Officer at Christiana Care Health System, the largest healthcare provider in the state of Delaware. Prior CCHS, she spent over 10 years as the Information Security and Privacy Officer at Einstein Healthcare Network. In her role as CISO she has overall responsibility for the organization's cybersecurity and assurance program. Santiago leads a team of information security professionals in supporting CCHS's strategic initiatives by collaborating with clinical and business leaders, managing cybersecurity risks, implementing policies and controls, generating overall awareness and fostering a culture of security and safety.

  • speaker photo
    Tariq Shaikh
    IT Program Manager, Aetna

    Tariq Shaikh leads the Privileged Access Management practice for Aetna as part of their Global Security team. Tariq has more than 20 years of technology experience and is a certified project manager and information systems security professional. Tariq is an SME in the Privileged Access Management space and has spoken extensively about it at industry conferences. He also leads a security academy for Aetna that aims to educate participants about cyber security and protect and advance the profession.

  • speaker photo
    Bernie McGuinness
    IT Risk Lead, Campbell Soup Company

    Bernie is a cybersSecurity professional with over 20 years’ experience, both hands on and regulatory compliance of multiple complex systems within the Department of Defense and the commercial space. He provides in-depth knowledge on Third-Party Risk Management, Information Security, Assurance, Audit, and IT Operations, within industry. Holder of a CISSP, CRISC, and CTPRP.

  • speaker photo
    Jordan Fischer
    Managing Partner, XPAN Law Group, LLC

    Jordan L. Fischer is co-founder and managing partner of XPAN Law Group, LLC, a Women-Owned boutique law firm. She focuses her practice on international data privacy and cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations and the General Data Protection Regulation (GDPR). Jordan has extensive experience in the intersection of law and technology. She is also an Assistant Professor of Law at the Thomas R. Kline School of Law at Drexel University.

  • speaker photo
    Jim Menkevich
    Director, Data Protection and Security Governance, Health Partners Plans

    Jim Menkevich is an Information Security, Privacy, and Risk Management professional with 19+ years of experience. Through his career, he has led teams in Cybersecurity, Enterprise Architecture, Systems Integration, and Application Development. Jim specializes in applying methodologies, frameworks, and ideas outside of the intended domain, which generates new and fresh angles to address industry challenges. When he’s not working, Jim enjoys writing poetry, running, and spending time with his family. Jim is currently the Director of Data Protection and Security Governance at Health Partners Plans in Philadelphia.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Dan Lohrmann
    Chief Strategist and CSO, Security Mentor, Named One of the World's Top 100 IT Security Influencers for 2019 by CISO Platform

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Joe Walsh
    MCJ Program Director and Instructor of Computer Science/Criminal Justice, DeSales University

    Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for eleven years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor’s degree in Information Systems, a master’s degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Dan Lohrmann
    Chief Strategist and CSO, Security Mentor, Named One of the World's Top 100 IT Security Influencers for 2019 by CISO Platform

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Joe Walsh
    MCJ Program Director and Instructor of Computer Science/Criminal Justice, DeSales University

    Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for eleven years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor’s degree in Information Systems, a master’s degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D.

  • speaker photo
    Jordan Fischer
    Managing Partner, XPAN Law Group, LLC

    Jordan L. Fischer is co-founder and managing partner of XPAN Law Group, LLC, a Women-Owned boutique law firm. She focuses her practice on international data privacy and cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations and the General Data Protection Regulation (GDPR). Jordan has extensive experience in the intersection of law and technology. She is also an Assistant Professor of Law at the Thomas R. Kline School of Law at Drexel University.

  • speaker photo
    John Grim
    Senior Manager, Verizon

    John, the primary author of the Verizon Insider Threat Report, has over 16 years of experience investigating data breaches and cybersecurity incidents within the government and civilian security sectors. John manages a highly technical investigative response team who investigates data breaches and advises on containment / eradication / remediation measures for customers worldwide.

  • speaker photo
    Hazel Cerra
    Criminal Investigator, United States Secret Service
  • speaker photo
    Bryan Inagaki
    Director, Cybersecurity Risk Management, Thermo Fisher Scientific

    Bryan's path to information security was anything but direct, and he took a few detours in the worlds of small business, federal law enforcement and financial services before finding himself fully entrenched in the industry. As a physical security professional first and an information security professional second, Bryan enjoys the challenge of mixing the real with the intangible and taking lessons learned from time spent in critical threat areas to make his teams more effective and efficient.

  • speaker photo
    Joan Antokol
    Partner, Park Legal LLC

    Joan is a partner at Park Legal LLC, a law firm with offices in New Jersey and Indianapolis. Since 2002 and continuing, she has been one of the only outside counsel invited to be a member of a regulator team chaired by the Berlin Data Protection Commissioner, which includes members of the Supervisory Authorities from each EU member state, as well as a growing number of other countries around the world. Joan is a frequent speaker at data privacy conferences in the US and EU, and has published a number of articles. She counsels multinationals and other clients on a wide variety of data privacy and security topics, and handles many security breaches.

  • speaker photo
    Pete Lindstrom
    VP of Security Strategies, IDC

    Pete Lindstrom is VP of Security Strategies for IDC, where he conducts research on digital trust, risk measurement and cybersecurity economics in the age of digital transformation. Pete has spent over 25 years as a security professional and is known for his practical approaches to addressing security challenges. He is a U.S. Marine veteran and graduate of the University of Notre Dame.

  • speaker photo
    Charles Sgrillo
    Cybersecurity Manager & Research Lead, Kreischer Miller

    Charles is the cybersecurity manager & practice lead at Kreischer Miller. With 10+ years’ experience in IT, Charles has held positions in the field such as Principal Consultant, Security Systems Specialist, and Red Team Penetration Tester. Charles is a Certified Ethical Hacker, a Certified Information Systems Security Professional, and has extensive experience in offensive security techniques and defensive strategies. Charles is currently a professor at Drexel researching cyber and information security. His research has explored topics such as digital forensics, red team penetration testing, deep learning, IoT, and software defined radio. His graduate research thesis demonstrated the effects physical security systems can play in penetration testing and security assessments.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Invest in yourself

Join your InfoSec peers for high-quality, affordable training and collaboration. Sign up today!