Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, April 10, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    8:00 am
    Advisory Council Breakfast Roundtable – (VIP / INVITE ONLY)
    • session level icon
    Topic: Leveraging Security Metrics and KRIs for Economic Decision Making
    speaker photo
    VP of Security Strategies, IDC
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: Keystone

    This session is for Advisory Council members only.

    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Hemlock

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 1 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Chief Strategist and CSO, Security Mentor, Named One of the World's Top 100 IT Security Influencers for 2019 by CISO Platform
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Harrisburg

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    8:00 am
    SecureWorld PLUS Part 1 - Getting Started with Digital Forensics
    • session level icon
    Earn 16 CPEs in this in-depth 3-part course
    speaker photo
    MCJ Program Director and Instructor of Computer Science/Criminal Justice, DeSales University
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Liberty
    Attendees will learn how to properly seize and analyze electronic evidence. The course will cover protecting the integrity of digital evidence, maintaining the chain of custody, creating forensic images, analyzing evidence, and reporting relevant findings. Students will have the opportunity to participate in practical exercises to gain hands-on experience with handling electronic evidence and using digital forensics tools. Attendees will be provided with resources that they can use when handling incidents that involve electronic evidence.
    8:30 am
    Cyber Risk With a Smile
    • session level icon
    speaker photo
    Cyber Risk Program Manager, Christiana Care Health System
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Mt. Davis

    Christiana Care Health System (CCHS) is one of the largest health care providers in the mid-Atlantic region, serving all of Delaware and parts of PA, MD and NJ. This presentation will provide an overview regarding how CCHS implements a successful cyber risk program.

    8:30 am
    Social Engineering Your Way to More Security Budget
    • session level icon
    speaker photo
    Fractional CISO, CISO4hire
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Conestoga

    Information security has always taken attacker technologies and re-purposed them to use as security tools. We can learn from what attackers have been able to do with psychology and use it to further security within our organizations.

    8:30 am
    Panel: Get Connected, Re-Connect, and Stay Connected
    • session level icon
    speaker photo
    Delaware Valley Chapter President, Cloud Security Alliance
    speaker photo
    Philadelphia Women and Cyber Security
    speaker photo
    Chief Learning Officer, Security Shell
    speaker photo
    Data Protection Advisory Council
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Buchanan

    Enjoy the refreshments while having a discussion with Rob Wilner of Cloud Security Alliance – Delaware Valley Chapter, Rosemary Christian of Philadelphia Women and Cyber Security, Charles Sgrillo of Security Shell, and Joshua Marpet of Data Protection Advisory Council about what each of their respective organizations have done for you lately. At the same time, they would like to learn about new ideas and improvements from you, their constituents! Other members of each organization will will also be present to answer questions and connect with as well.

    9:30 am
    OPENING KEYNOTE: The U.S. Secret Service Response to the Cyber Threat
    • session level icon
    speaker photo
    Senior Special Agent, United States Secret Service
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    Learn how the United States Secret Service responds to the emerging cyber threat—from romance schemes, network intrusions, financial fraud, and much more. We will examine scenarios when you should call law enforcement and understand how we will respond.
    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable (VIP / Invite Only)
    • session level icon
    Topic: How to Make Security Part of Every Users Responsibility
    speaker photo
    Chief Information Security Leader, Independence Blue Cross
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Keystone

    This session is for Advisory Council Members only.

    11:15 am
    A Security Professional's Experience as a Juror in the Bill Cosby Trial
    • session level icon
    speaker photo
    VP, Security, OnSolve
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Keynote Theater

    Physical security is a critical element of any trial. From their selection through their return home, the personal safety of jurors is a top consideration. The stakes grow even higher in a high-profile case with a sequestered jury whose verdict stays in the spotlight far longer than your average trial.

    This session is a personal account from the foreperson in the trial against Bill Cosby, a trial that was watched around the world and commanded intense media attention. Cheryl Carmel, who also happens to have years of experience in the security industry, will discuss her experience serving on the jury and its effect on her sense of security and privacy. As a Vice President of Security, Cheryl has studied and experienced security as both a provider and receiver. Join her for her unique perspective on both sides of the issue.

    11:15 am
    [GuidePoint Security] Principles of an Effective Cloud Security Strategy
    • session level icon
    speaker photo
    Principal, Information Assurance, GuidePoint Security
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Hemlock

    With public cloud continuing to rapidly expand through the release of new services, deployment models, and architectures information security organizations continue to find themselves looking for effective cloud security controls. GuidePoint’s Cloud Security Practice Director will describe how organizations have identified cloud security controls, designed frameworks and maturity models, and have implemented effective strategies based on real world experience and leadership.

    11:15 am
    [baramundi] Innovative Endpoint Management
    • session level icon
    A Holistic Approach to Vulnerability Management, Patching, OS-Upgrades and Software Distribution
    speaker photo
    Executive Sales Manager, baramundi Software USA Inc.
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Quaker

    Zero Day Vulnerability, Windows Feature Updates, Office 365 Migration: Are any of these topics causing you to lose sleep? This seminar will show you how you can automate OS-migrations, software deployment projects, and patch management all from one easy to use Endpoint Management Suite.

    11:15 am
    [Trend Micro] EDR, MDR, and Mitre Att&ck, Oh My!
    • session level icon
    speaker photo
    Lead Cybersecurity Consultant, Trend Micro
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Conestoga

    Today’s advanced threats are designed to bypass traditional cybersecurity defenses and compromise sensitive corporate data. Technologies such as EDR, MDR paired with the Mitre Atta&ck knowledge base allow, organizations to go beyond traditional anti-malware testing and never fall a step behind evolving threat actors. Join us for a high-level beginner talk that will be hosted by Tim Miller, Sales Engineer at Trend Micro.

    11:15 am
    It Is Cloudy Out There!
    • session level icon
    speaker photo
    Cloud Security Architect, The Vanguard Group
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Mt. Davis

    Has your organization already moved to public cloud, or considering it? If so, you need to attend this talk to understand how it’s different than on-prem security. You need to know what assets, users, and data you have in the cloud. You also need to pay attention to what controls are missing in the cloud. This presentation will walk though some of the issues and tips for cloud security.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Topic: Communicating Risk Effectively in Business Terms
    speaker photo
    Sr. Information Technology Manager, TD Ameritrade
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Keystone

    This session is for Advisory Council Members only.

    12:15 pm
    LUNCH KEYNOTE — Securing the Human: Threat Landscape in the Healthcare Industry
    • session level icon
    speaker photo
    CISO , Christiana Care Health System
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    This presentation will provide an overview of the current threat landscape in the industry and:

    • Identify motivators for targeting the industry
    • The role of consumerism and the shift in risk
    • Why information security is not a technology issue but a patient safety issue
    • The challenges in securing the human versus securing the data center

     

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
    Panelists:
    Scott Register, Ixia
    John McClurg Cylance
    Mike Rogers Symantec
    Tim Miller, Trend Micro
    Moderator: Dan Reither

    1:15 pm
    Panel: Cloudy With a Chance of Breach
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Buchanan

    Everything old is new again. Migrating to the cloud certainly is not a new thing. It is for some smaller companies that are just now able to afford making the move to the cloud. Cloud boasts a secure, disaster proof option for companies to store their data offsite with access to that data from practically anywhere. So, who’s fault is it when the data is compromised? What if your information is stolen from the cloud because another user’s data was at fault? At the end of the day, isn’t the cloud just someone else’s computer? Join this panel discussion as they guide you through the pros and cons in migrating to the cloud.
    Panelists:
    John DiLullo,Lastline
    Gus Coronel,Check Point
    Pete Molett, AccessIT Group
    Dwayne Wenger, Big Switch
    Mike Piscopo,Delta Risk
    Moderator: Anahi Santiago

    1:15 pm
    [Check Point] A Security Blueprint for Public Cloud
    • session level icon
    speaker photo
    Sr. Cloud Security Architect, Check Point Software Technologies
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Conestoga
    Cloud has a surprising number of attack vectors. This presentation will provide practical examples for identifying and securing public cloud deployments in order to maximize protection and reduce overall labor and cost.

     

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Implementing a Successful Privileged Access Management Program - Lessons Learned
    • session level icon
    speaker photo
    IT Program Manager, Aetna
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Mt. Davis

    Exploitation of privileged access is the #1 root cause of most large scale breaches in the recent past. Organizations are at risk of exploitation as there are typically limited controls (tools, processes) to manage privileged access and little to no comprehensive view of these controls. A well-run Privileged Access management program can considerably mitigate the intentional/unintentional misuse of privileged access at all levels in the IT Stack (Host, Database, Network, Applications). This session will provide pointers on how to run a successful multi-year Privileged Access Management Program.

    3:00 pm
    Third-Party Vendor Risk Management, Lessons Learned, and Best Practices
    • session level icon
    speaker photo
    IT Risk Lead, Campbell Soup Company
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Conestoga

    Modern business today relies on third parties to reduce overhead and cost. This can include the transfer of critical data which sometimes include “Crown Jewels.” How businesses evaluates these vendors should be built into the procurement process, but also take in to account how the vendor responds to these requests—and not just from you, but from every other company they are hosting, processing, and transferring data for.

    Learn how you can streamline the process and create value for both your company and your vendor(s).

    3:00 pm
    A Survey of U.S. Domestic Security and Privacy Laws: The Evolving Landscape
    • session level icon
    speaker photo
    Managing Partner, XPAN Law Group, LLC
    speaker photo
    Associate, XPAN Law Group
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Buchanan

    A Survey of U.S. Domestic Security and Privacy Laws: The Evolving Landscape. The US legal framework for cybersecurity and data privacy continues to evolve, trying to stay abreast of the ever evolving and changing technologies. In the past year, State and Federal regulatory changes have altered the legal and compliance oblgiations of many companies across a variety of industries. Additionally, the courts are starting to adopt opinions that are placed more liability on companies for the protection of sensitive personal data. This presentation will provide an overview of key regulatory and legal changes both at the State and Federal level and discuss how companies should prepare to meet these evolving obligations.

    3:00 pm
    I.A.M. What I Am: Building a Strong Identity and Access Management Program
    • session level icon
    speaker photo
    Director, Data Protection and Security Governance, Health Partners Plans
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Quaker

    Identity and Access Management has risen from a necessary evil to the “new perimeter” as applications migrate to the cloud. Having the right people aligned to your business processes with sound technology will propel your IAM program from the back office to business enabling function. This presentation will guide you on how to mature your existing identity and access management program, pitfalls to avoid, and tips to get your stakeholders on board.

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Hemlock

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:00 pm
    SecureWorld PLUS Part 2 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Chief Strategist and CSO, Security Mentor, Named One of the World's Top 100 IT Security Influencers for 2019 by CISO Platform
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Harrisburg

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    3:00 pm
    SecureWorld PLUS Part 2 - Getting Started with Digital Forensics
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    MCJ Program Director and Instructor of Computer Science/Criminal Justice, DeSales University
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Liberty
    Attendees will learn how to properly seize and analyze electronic evidence. The course will cover protecting the integrity of digital evidence, maintaining the chain of custody, creating forensic images, analyzing evidence, and reporting relevant findings. Students will have the opportunity to participate in practical exercises to gain hands-on experience with handling electronic evidence and using digital forensics tools. Attendees will be provided with resources that they can use when handling incidents that involve electronic evidence.
    4:00 pm
    Social Hour
    • session level icon
    Join GuidePoint and partners for a complimentary happy hour inside the venue.
    Registration Level:
    • session level iconOpen Sessions
    4:00 pm - 6:00 pm
    Location / Room: Valley Tavern Inn, Radisson Hotel in Valley Forge

    Join GuidePoint and partners for a social hour after Day 1. Come discuss the day’s events, network with security peers, and enjoy beverages and hors d’oeuvres. Compliments of GuidePoint and partners.
    Register Now

    Valley Tavern Inn, Radisson Hotel
    1160 First Ave, King of Prussia, PA 19406
    (Inside the venue)
    April 10th at 4:00 p.m.
  • Thursday, April 11, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Hemlock

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 3 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Chief Strategist and CSO, Security Mentor, Named One of the World's Top 100 IT Security Influencers for 2019 by CISO Platform
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Harrisburg

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    8:00 am
    SecureWorld PLUS Part 3 - Getting Started with Digital Forensics
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    MCJ Program Director and Instructor of Computer Science/Criminal Justice, DeSales University
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Liberty

    Attendees will learn how to properly seize and analyze electronic evidence. The course will cover protecting the integrity of digital evidence, maintaining the chain of custody, creating forensic images, analyzing evidence, and reporting relevant findings. Students will have the opportunity to participate in practical exercises to gain hands-on experience with handling electronic evidence and using digital forensics tools. Attendees will be provided with resources that they can use when handling incidents that involve electronic evidence.

    8:30 am
    Blockchain and Data Protection Laws: Can They Co-Exist?
    • session level icon
    speaker photo
    Managing Partner, XPAN Law Group, LLC
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Mt. Davis
    Blockchain and Data Protection Laws: Can they Co-Exist? With the increasing emphasis on data privacy, and the adoption of data protection regulations, Blockchain faces hurtles in complying with these regulatory obligations while allowing for the continued evolution of the technology. This presentation will discuss the ways in which Blockchain needs to take into account core privacy principles, and discuss the practical implications of various data protection regulations, including the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other regulatory requirements.
    8:30 am
    Insider Threat Report: Out of Sight Should Never Be out of Mind
    • session level icon
    speaker photo
    Senior Manager, Verizon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Conestoga
    Within the panoply of cybersecurity incidents, insider threat activities are an exceptional challenge. These threat actors enjoy trust, privilege, and access. Add a detrimental motivation and disaster ensues. This presentation covers the Verizon “Insider Threat Report,” a compilation of data breach data, scenario, and experience-driven insights into recognizing, mitigating, and investigating insider threat activities.

     

    8:30 am
    Practical Threat Hunting Techniques: Proactive Security Analysis
    • session level icon
    speaker photo
    Partner, Information Security, DFDR Consulting
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Buchanan

    Threat hunting and projecting risk is a frequent issue for administrators and security teams. Many weaknesses and vulnerabilities can’t be found with scanner or software platform. This gap is where malicious actors live.

    By leveraging open-source tools, common techniques, and technical knowledge, modern organizations can assess their technical exposures and take proactive measures to prevent attacks. From understanding how malicious parties target organizations and find weaknesses to discovering the next phishing attack before it happens by culling DNS / Registrar records, this session will show practical application of malicious tools and attacks with a technical focus.

    9:30 am
    OPENING KEYNOTE: The Alphabet Soup DRIVING Good Data Governance
    • session level icon
    speaker photo
    CISO, Pharmaceuticals and R&D, GSK (GlaxoSmithKline)
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    The future of privacy is isn’t in regulations it is in good data hygiene. Privacy by design is slated to be replaced by “Ethics by design” building upfront and transparent uses of data into products requires strong data governance. As more and more companies move toward digital transformation how will your data strategy play into the success or failure of those plans. Are you ready for next gen data governance?

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable (VIP / Invite Only)
    • session level icon
    Topic: Controlling Information Security
    speaker photo
    Asst. Professor, Drexel University
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Keystone

    This session is for Advisory Council Members only.

    11:15 am
    Business and the Beast
    • session level icon
    speaker photo
    Director, Cybersecurity Risk Management, Thermo Fisher Scientific
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Buchanan
    Technology has created not just new jobs requiring new skills – it has fundamentally changed the way we work on a daily basis. However, for every company pushing the boundaries of technology, there are many more holding on to the traditional views of what a business should be and how it should operate. Cybersecurity teams are not insulated from these changes, and our industry is subject to entrenched and outdated modes of operation as many others. This talk is about the beasts – the myriad of changes and advancements occurring across business that are challenging the fundamental ways businesses have been operating for generations.
    11:15 am
    EU GDPR: Enforcement Landscape, Key Security Risks, and Recommendations
    • session level icon
    speaker photo
    Partner, Park Legal LLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Conestoga
    The GDPR has been in effect since May 25, 2018. Hear from a presenter who sits on a team with the EU and other data protection regulators about the number of complaints and security breach reports that various EU member states have received since the GDPR took effect, as well as enforcement under that regulation. The presenter will also discuss key triggers for enforcement, particularly in relation to IT security, and will provide recommendations to help organizations successfully address the complex GDPR and member state requirements for IT security.
    11:15 am
    [BTB Security] You're Doing It Wrong: Get More Out of Your Penetration Test
    • session level icon
    speaker photo
    Chief Information Security Advisor, BTB Security
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Quaker

    PenTests, Red/Purple Teaming, Threat Hunting, and whatever we come up with next can all be valuable tools for identifying risks. However, they’re often misunderstood and misused, and some vendors and service providers intentionally make it worse. Why talk about technical security testing in 2019? Don’t standards exist? Yes, but by understanding where common approaches fail, you’ll get more out of your next engagement and your security partners.

    11:15 am
    [Cequence Security] The New #1 Cyber Threat: The Relentless Evolution of Bots and the Arms Race in AI to Detect and Defend
    • session level icon
    speaker photo
    Solutions Architect, Cequence Security
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Mt. Davis
    This presentation will focus on the current state of Bot automation and the different attack modalities currently conducted through machine automation. Attacker tools, infrastructure, and compromised credentials will be examined as to how they were used in a real-world example of such an attack on a major retailer. From detection to mitigation, we will explore the use of Machine Learning algorithms and Artificial Intelligence as valuable countermeasures against this ever-evolving threat.
    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Topic: Safe Use of Collaboration Tools With External Parties
    speaker photo
    Information Security Leader, JANUS Associates, Inc.
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Keystone

    This session is for Advisory Council Members only.

    12:15 pm
    LUNCH KEYNOTE: The 7 Cybersecurity Habits of Digital Disruptors
    • session level icon
    speaker photo
    VP of Security Strategies, IDC
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    Cybersecurity in the age of digital transformation is a balancing act – too much security risks heavy overhead and impedance of new initiatives, but too little security risks catastrophic breach. Mature transformers – digital disruptors – have cracked the code for cybersecurity and demonstrate 7 habits that help them protect their digital transformation initiatives.
    1:15 pm
    Panel: Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
    Panelists:
    Ron Schlect, BTB Security
    Eric Bucher, Cequence
    Matthew Cilento, Securonix
    Hassanain Kapadia, Palo Alto Networks
    John Maloney, AccessIT Group
    Moderator: Frank Piscitello

    1:15 pm
    Panel: Access Control – The End of the Password?
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Buchanan

    “Open Sesame!” Whether you recognize the term coming from Ali Baba or one of the forty thieves, this timeless password ranks up there with “password123” or “admin” on your home wireless router. Passwords were created to keep us safe or keep something safe for us. Back in the day you were able to look the person in the eye when they said the password. You knew (roughly) what you were getting, and you could perform a risk assessment (of sorts) on the speaker. Now, with some many ways at getting our information, the password is going the way of the dodo.  Is 2FA good enough? Zero Trust? Pass phrases? Perhaps your own voice is the password? I don’t know the answer, but I’d be willing to bet that some of the experts on this panel will be able to help you decide what to do with the password dilemma.
    Panelists:
    Joeseph Walsh, DeSales
    George Makin, Federal Reserve
    Nancy Hunter
    George Makin
    Moderator: Bob McCosky

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    An Introduction to IoT Penetration Testing
    • session level icon
    speaker photo
    Chief Learning Officer, Security Shell
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Conestoga

    IoT devices are one of the biggest challenges for security professionals now and will continue to be in the future. The secure engineering and implementation of these devices is critical as more insecure devices come to market. As technology professionals we need to have an idea how these devices effect our organization. In this talk we will explore the basic principles of IoT PenTesting, what is in an effective toolset, reverse engineering, and analyzing popular IoT protocols with software defined radios.

    3:00 pm
    Managing a Hack: Orchestrating Incident Response to Preserve Brand Reputation
    • session level icon
    speaker photo
    SVP and Cybersecurity Practice Lead, Affect
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Buchanan
    A cyber attack can be devastating – resulting in the loss of revenue, interrupted business continuity and significant damages to brand reputation and corporate morale. Incident response is no longer relegated to IT and must involve executives across the entire organization – from the board, to the marketing department, to technical teams.

    This session will address the critical tactics involved in communicating a cybersecurity incident to the public – focusing on the orchestration of technical, legal and communications executives. This session will be an interactive discussion on the corporate communications challenges that executives face in the wake of a breach.

    3:00 pm
    Insider Threat Detection and Response
    • session level icon
    speaker photo
    Director of Cyber Operations, BlackRock
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Mt. Davis

    From cybercriminal recruiting for insiders on the Dark Web to nation-state operatives, insider threats are an increasing risk facing many firms today.
    We will discuss the latest technologies and techniques that can be used to detect various types of insiders as well as what to do once you actually find them.

Exhibitors
  • AccessIT Group: Partner Pavilion Sponsor
    Booth: 126

    AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.

    AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.

  • AppViewX
    Booth: 504

    AppViewX is the most advanced certificate and key lifecycle automation platform. With their certificate lifecycle automation and management platform, CERT+, your enterprise can protect itself from cyber-attacks that can happen easily due to misused keys or expiring certificates. AppViewX CERT+ provides automated discovery, enrollment, monitoring, validation, expiry notification, renewal, provisioning, remediation, reporting and revocation of SSL/TLS certificates across networks including app servers, web servers, ADCs, proxies, firewalls, client and mobile devices. CERT+ helps enterprise IT manage and automate the entire lifecycle of their internal and external PKI.

  • ASIS
    Booth: TBD

    ASIS International is the world’s largest membership association for security professionals. With hundreds of chapters across the globe, ASIS is recognized as the premier source for learning, networking, standards, and research. ASIS ensures its members and the security community have access to the intelligence and resources necessary to protect their people, property, and information assets. www.asisonline.org

  • AttackIQ
    Booth: GuidePoint Pavilion: 240

    AttackIQ, a leader in the emerging market of continuous security validation, built the industry’s first platform that enables organizations to measure the effectiveness of their security controls.

  • Avanan
    Booth: GuidePoint Pavilion: 216

    Avanan: Email Security—Reinvented.
    Avanan catches the advanced phishing attacks that evade default and advanced security. The invisible, multi-layered solution enables full-suite protection for cloud collaboration software such as Office 365™, G-Suite™, and Slack™. Deploying in one click via API, the platform prevents Business Email Compromise and blocks phishing, malware, data leakage, account takeover, and shadow IT across the enterprise. Avanan replaces the need for legacy solutions like Secure Email Gateways and Cloud Access Security Brokers with a patented solution that goes far beyond any other Cloud Email Security Supplement.

  • baramundi software USA, Inc.
    Booth: 402

    baramundi Software provides companies and organizations with efficient, secure, and cross-platform management of workstation environments.

    The baramundi Management Suite (bMS) combines all important features for Endpoint Management: Patch Management, Software Deployment, OS-Installation, Enterprise Mobility Management, Vulnerability Assessment, and more. bMS optimizes IT management processes by automating routine tasks and providing an extensive overview of the status of the network and endpoints. In doing so, it relieves pressure on IT administrators and ensures that users always have the necessary rights and applications on all platforms and form factors; whether on PCs, servers, notebooks, mobile devices or Macs.

    Over 3,000 customers around the world benefit from nearly two decades of experience and the easy-to-use software solution.

  • Big Switch Networks
    Booth: 102

    Big Switch Networks is the next-gen networking company. Big Monitoring Fabric is an NPB that enables pervasive visibility and security across all workloads: physical, VM , container or cloud. Big Mon Inline enables pervasive security in the DMZ while offering lower-cost and SDN-centric operational simplicity. Tech partnerships include: A10, Palo Alto Networks, Symantec, FireEye, ExtraHop, Riverbed.

  • Bitglass
    Booth: GuidePoint Pavilion: 212

    Your company’s move to the cloud delivers flexibility and cost savings, but that doesn’t mean you should lose control of your data. Bitglass’ Cloud Access Security Broker (CASB) solution enables your enterprise to adopt cloud apps while ensuring data security and regulatory compliance. Bitglass secures your data in the cloud, at access, on any device.

    Bitglass was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.

  • BitSight Technologies
    Booth: GuidePoint Pavilion: 242

    BitSight Technologies is transforming how companies manage information security risk with objective, evidence-based security ratings. The company’s Security Rating Platform continuously analyzes vast amounts of external data on security behaviors in order to help organizations manage third party risk, benchmark performance, and assess and negotiate cyber insurance premiums.For more information, please visit www.bitsighttech.com or follow us on Twitter (@BitSight)

  • BlackBerry
    Booth: 100

    BlackBerry Limited (NYSE: BB; TSX: BB) enables the Enterprise of Things by providing the technology that allows endpoints to trust one another, communicate securely, and maintain privacy. Based in Waterloo, Ontario, the company was founded in 1984 and operates globally. For more information, visit www.BlackBerry.com and follow @BlackBerry.

  • Bromium
    Booth: 600

    Bromium uses virtualization-based security to protect our customers. Our patented hardware-enforced containerization delivers application isolation and control stopping malware in its tracks. Unlike traditional security, Bromium automatically isolates threats and adapts to new attacks using behavioral analysis and instantly shares threat intelligence to eliminate the impact of malware.

  • BTB Security
    Booth: 406

    Merging new technologies with business goals doesn’t have to equal lapses in security. BTB works with our clients to determine their corporate objectives—and keeps the organization secure.

    Our full suite of services detect, defend and defeat security breaches across the enterprise. And with the dedicated research support of RIOT Labs, we uncover truly-actionable intelligence and innovative offensive tactics that strengthen our services and propel our industry forward.

  • Carbon Black
    Booth: 104

    Carbon Black is Transforming Security Through Big Data and Analytics in the Cloud Growing trends in mobility and cloud have made the endpoint the new perimeter. New and emerging attacks are beating traditional defenses, and security teams are too reactive and held back by their technologies. Carbon Black is leveraging the power of big data and analytics to solve the challenges surrounding endpoint security. With the Cb Predictive Security Cloud platform, we are transforming cybersecurity to deliver a new generation of cloud-delivered security solutions designed to protect against the most advanced threats.

     

  • Cequence
    Booth: 403

    Cequence Security delivers automated software solutions to protect the web, mobile, and API application services that hyper-connected organizations rely on to support business processes and customer engagements. Recognized as a 2018 Gartner Cool Vendor, we strengthen the security posture of our customers and improve the productivity and efficiency of their IT staff.

  • Check Point Security
    Booth: AccessIT Pavilion: 120

    Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. We are committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.

  • Cloud Security Alliance (CSA)
    Booth: TBD

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Cobalt.io
    Booth: 602

    Cobalt’s Pentest as a Service (PtaaS) Platform transforms traditional pentesting into a data-driven vulnerability management engine. Fueled by a global talent pool of certified freelancers, our modern pentest platform delivers actionable results that empowers agile teams to pinpoint, track, and remediate vulnerabilities.

  • Cofense
    Booth: GuidePoint Pavilion: 234

    With more than 90% of breaches attributed to successful phishing campaigns, it’s easy for organizations to point to the everyday employee as the root cause – as the problem to be solved. We disagree. CofenseTM believes employees –  humans – should be empowered as part of the solution to help strengthen defenses and gather real-time attack intelligence to stop attacks in progress.

  • Comodo Cybersecurity
    Booth: 200

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • CRANIUM
    Booth: 606

    CRANIUM is specialized in privacy and security solutions and services. CRANIUM builds bridges between IT, legal and business and provides profound end-to-end solutions on both tactical and operational levels. CRANIUM supports and familiarizes your organization with the compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and other national and international data protection regulations. We also offer protection against cyber-attacks and possible data breaches. CRANIUM also acts as a Legal (GDPR) representative for non-EU based companies (Art. 27 of the GDPR) and we have an in-house training academy, CRANIUM Campus, accredited by IAPP.

  • CrowdStrike
    Booth: GuidePoint Pavilion: 230

    CrowdStrike Inc. (Nasdaq: CRWD), a global cybersecurity leader, is redefining security for the cloud era with an endpoint protection platform built from the ground up to stop breaches. The CrowdStrike Falcon® platform’s single lightweight-agent architecture leverages cloud-scale artificial intelligence (AI) and offers real-time protection and visibility across the enterprise, preventing attacks on endpoints on or off the network. Powered by the proprietary CrowdStrike Threat Graph®, CrowdStrike Falcon correlates over two trillion endpoint-related events per week in real time from across the globe, fueling one of the world’s most advanced data platforms for security.

    With CrowdStrike, customers benefit from better protection, better performance and immediate time-to-value delivered by the cloud-native Falcon platform.

    There’s only one thing to remember about CrowdStrike: We stop breaches.

    Qualifying organizations can gain full access to Falcon Prevent™ by starting a free trial. Learn more: https://www.crowdstrike.com/

  • BlackBerry Cylance
    Booth: AccessIT Pavilion: 108

    BlackBerry Cylance develops artificial intelligence to deliver prevention-first, predictive security products and smart, simple, secure solutions that change how organizations approach endpoint security. BlackBerry Cylance provides full spectrum predictive threat prevention and visibility across the enterprise to combat the most notorious and advanced cybersecurity attacks. With AI-based malware prevention, threat hunting, automated detection and response, and expert security services, BlackBerry Cylance protects the endpoint without increasing staff workload or costs. We call it the Science of Safe. Learn more at www.cylance.com.

  • Darktrace
    Booth: 512

    Darktrace is the world’s leading AI company for cyber defense. With over 7,000 deployments worldwide, the Enterprise Immune System is relied on to detect and fight back against cyber-attacks in real time. The self-learning AI takes one hour to install, works across the cloud, SaaS, corporate networks, IoT and industrial systems, and protects against the full range of cyber-threats and vulnerabilities, from insider threats and ransomware, to stealthy and silent attackers. Darktrace has 800 employees and 40 offices worldwide, with headquarters in San Francisco, and Cambridge, UK.

  • Delta Risk
    Booth: 302

    Delta Risk was founded in 2007 from a vision of strategic and operational effectiveness to assist private sector and government organizations in understanding their current cyber security posture and building advanced cyber defense and risk management capabilities. We are a global provider of strategic, operational, and advisory solutions, including managed security services and security consulting services. Delta Risk is a Chertoff Group company.

  • Demisto
    Booth: 106

    Demisto is the only Security Orchestration, Automation and Response (SOAR) Platform that combines orchestration, incident management and interactive investigation into a seamless experience. By using Demisto, security teams can build future-proof security operations to reduce MTTR, create consistent incident management processes, and increase analyst productivity.

  • DeSales University Cyber Security Program
    Booth: 502

    DeSales University offers an exciting digital forensics certificate program, composed of four courses, that teaches students how to recover evidence from various types of electronic devices. Students receive hands-on experience with popular forensic tools and are prepared to address the legal and investigative issues involved with seizing and handling digital evidence. Graduates of the certificate program can add more courses toward a master’s degree in criminal justice or information systems. All courses are online, allowing students with busy schedules greater flexibility.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Electronic Crimes Task Force
    Booth:

    The role of the U.S. Secret Service has gradually evolved since the agency’s 1865 inception, from its initial mandate — suppressing the counterfeiting of U.S. currency — to protecting the integrity of the nation’s financial payment systems. During this time, as methods of payment have evolved, so has the scope of the Secret Service’s mission. Computers and other chip devices are now the facilitators of criminal activity or the target of such, compelling the involvement of the Secret Service in combating cyber crime. The perpetrators involved in the exploitation of such technology range from traditional fraud artists to violent criminals – all of whom recognize new opportunities to expand and diversify their criminal portfolio.

  • ExtraHop
    Booth: GuidePoint Pavilion: 236

    ExtraHop is a force multiplier for IT teams struggling with increasing complexity. With the ExtraHop platform, organizations can regain control over the security and performance of their applications and infrastructure, and capitalize on their data analytics opportunity to improve business operations and results. Learn more at www.extrahop.com

  • F5
    Booth: AccessIT Pavilion: 114

    F5 provides solutions for an application world. F5 helps organizations seamlessly scale cloud, data center, telecommunications, and software defined networking (SDN) deployments to successfully deliver applications and services to anyone, anywhere, at any time. F5 solutions broaden the reach of IT through an open, extensible framework and a rich partner ecosystem of leading technology and orchestration vendors. This approach lets customers pursue the infrastructure model that best fits their needs over time. The world’s largest businesses, service providers, government entities, and consumer brands rely on F5 to stay ahead of cloud, security, and mobility trends

  • ForeScout Technologies, Inc.
    Booth: AccessIT Pavilion: 112

    ForeScout Technologies, Inc. has pioneered an agentless approach to network security to address the explosive growth of the Internet of Things (IoT), cloud computing and operational technologies (OT). We offer a highly scalable, heterogeneous platform that provides Global 2000 enterprises and government agencies with agentless visibility and control of today’s vast array of physical and virtual devices the instant they connect to the network. Our technology continuously assesses, remediates and monitors devices and works with disparate security tools to help accelerate incident response, break down silos, automate workflows and optimize existing investments. As of June 30, 2018, more than 2,900 customers in over 80 countries improve their network security and compliance posture with ForeScout solutions.

  • Gemalto
    Booth: GuidePoint Pavilion: 238

    Today’s enterprises depend on the cloud, data and software to make decisive decisions. That’s why the most respected brands and largest organizations in the world rely on Thales to help them protect their most sensitive information and software wherever it is created, accessed or stored – from the cloud and data centers to devices and across networks. As the global leader in cloud and data protection, our solutions enable organizations to move to the cloud securely, achieve compliance with confidence, and create more value from their software in the devices and services used by millions of consumers every day.

  • Gigamon
    Booth: AccessIT Pavilion: 118

    Gigamon is leading the convergence of network and security operations to reduce complexity and increase efficiency of security stacks. Our GigaSECURE® Security Delivery Platform is a next generation network packet broker that makes threats more visible – across cloud, hybrid and on-premises environments, deploy resources faster and maximize the performance of security tools.

  • Gigamon
    Booth: GuidePoint Pavilion: 218

    Gigamon is leading the convergence of network and security operations to reduce complexity and increase efficiency of security stacks. Our GigaSECURE® Security Delivery Platform is a next generation network packet broker that makes threats more visible – across cloud, hybrid and on-premises environments, deploy resources faster and maximize the performance of security tools.

  • Global Cyber Alliance
    Booth: TBD

    The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

  • GuidePoint Security LLC
    Booth: 246

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

  • HTCIA Delaware Valley Chapter
    Booth:

    The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge, about methods, processes, and techniques relating to investigation and security in advanced technologies among its membership.

    By becoming a member of the HTCIA you will affiliate yourself with a professional organization which will help you fully understand and address issues associated with investigations, apprehensions and methodologies associated with the newest breed of high tech criminals. With the explosion in use of computers and the Internet, there is an uprising in criminal activities that utilize these powerful tools. From computer viruses to data processing fraud, there are many growing threats that expose our society to a new kind of criminal activity.

  • Imperva
    Booth: GuidePoint Pavilion: 210

    Imperva is a leading provider of data and application security solutions that protect business-critical information in the cloud and on-premises. Cybercriminals constantly change their tactics. But what they are after, and how they ultimately make money, doesn’t change. They are after data. They make their money through extortion, via DDoS and ransomware, and through theft via data breaches. Today, data and applications are the fundamental assets of any enterprise. Data are the intellectual property and apps are what run the business. Imperva has a singular purpose: protect these critical assets from the ever-changing attacks of the cybercrime industry.

  • InfoSec-Conferences.com
    Booth: n/a

    We’re the InfoSec community’s #1 ‘Go To’ resource for cybersecurity conference listings. Since 2012 we’ve provided cybersecurity professionals with accurate event listings that are manually checked and updated every day.

  • InfraGard Philadelphia
    Booth:

    InfraGard is a partnership between the FBI and the private sector. It is an association of people from businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. Philadelphia InfraGard Members Alliance (IMA) provides a forum for the exchange of information between the government, the owners and operators of the national infrastructure, and others concerned with the protection of the national infrastructure. Philadelphia IMA supports eastern Pennsylvania and southern New Jersey. Membership is free and new members are welcome.

  • Intsights
    Booth: GuidePoint Pavilion: 224

    We are an intelligence driven security provider offering a subscription-based service which delivers rapid, accurate cyberthreat intelligence and incident mitigation in real time.

  • ISACA Philadelphia
    Booth:

    The Philadelphia Chapter of ISACA has a membership base of more than 1,600 individuals primarily located in the Philadelphia and the surrounding suburbs, extending into Delaware and Southern New Jersey. The membership of the Chapter includes professionals working in various industries and capacities. From students through experienced C-level executives, the Philadelphia Chapter provides, training, networking and social events to this diverse group who share the common goal of providing expertise in IT audit, security, risk, and governance topics to their colleagues. The Chapter conducts events on a monthly basis led by an active, vibrant and dedicated group of volunteers and is actively seeking business partners to help provide value and knowledge to its members.

  • (ISC)2
    Booth: TBD

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • ISSA Delaware Valley
    Booth:

    Our chapter serves the Delaware Valley and Mid-Atlantic region. This is comprised of Eastern Pennsylvania, Northern Maryland, Southern New Jersey, and Delaware.
    We are making history as we continue to grow the chapter with your membership, and bring exciting programs to you. If you have not already been involved in the membership meetings, we encourage you to do so. Hopefully, you will walk away with more ideas to take back to your organizations, or you may come away with a sense of – “Hey, we had that same problem”, or “Our company is not alone in dealing with these issues.”

  • Ixia, a Keysight Business
    Booth: 400

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Jazz Networks
    Booth: 202

    Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.

  • Lastline
    Booth: 500

    Lastline delivers innovative AI-powered network security that detects and defeats advanced threats entering or operating within a network. We protect network, email, cloud, and web infrastructures, minimizing the risk of damaging and costly data breaches with fewer resources and at lower cost.

  • Mimecast
    Booth: 506

    Mimecast Is Making Email Safer For Business.

    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service. Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • Okta
    Booth: AccessIT Pavilion: 110

    Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

  • Okta
    Booth: GuidePoint Pavilion: 206

    Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

  • Optiv
    Booth: 300

    The world’s most trusted and reputable security solutions integrator, Optiv enables its clients to realize stronger, simpler and less costly cyber security programs. The company combines decades of real-world business, security strategy and technical experiences with in-depth security products knowledge to bring order to the cyber security chaos.

  • OWASP
    Booth:

    The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

  • PACT
    Booth:

    Philadelphia Alliance for Capital and Technologies (PACT)’s vision is to be the go-to resource for fast growing companies, and a driver of entrepreneurship and innovation in the Philadelphia region. PACT provides its members with valuable content and connections to capital, coaching, and customers that will accelerate their growth and success, and to collaborate with other organizations to drive innovation and entrepreneurship in the region. Visit www.philadelphiapact.com for more information.

  • Rapid7
    Booth: 228

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • RedSeal
    Booth: GuidePoint Pavilion: 208

    At RedSeal, our vision is to become the essential analytics and decision-making platform for building digitally resilient organizations people can trust. We do this by becoming the measure by which every organization can quantify its digital resilience. As thought leaders on resilience, we envision every organization starting the security discussion with the question “What’s our Digital Resilience Score?” Founded in 2004, RedSeal is headquartered in Sunnyvale, California.

  • SecureAuth
    Booth: GuidePoint Pavilion: 222

    SecureAuth enables companies to determine identities with absolute confidence. Whether you’re seeking to continuously secure employee,
    customer or partner access, SecureAuth’s flexible and adaptive platform makes everything fast, frictionless and pain-free. Guaranteed.

  • Security Scorecard
    Booth: GuidePoint Pavilion: 226

    SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their third-parties through continuous, non-intrusive monitoring. SecurityScorecard’s proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Application Security, Malware, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Information.

  • Securonix
    Booth: GuidePoint Pavilion: 232

    Securonix is redefining the next generation of cyber-threat detection using the power of machine learning and big data. Our purpose-built security analytics platform uses machine learning to track and create baselines of user, account, and system behavior and detects the most advanced insider threats, cyber threats, and fraud activities in real time. Built on a Hadoop platform, the Securonix solution provides an open platform with unlimited scalability. Securonix provides incident orchestration capabilities with playbooks that enable automated incident response. Globally, customers use Securonix to address their insider threat, cyber threat, cloud security, fraud, and application security monitoring requirements. Visit www.securonix.com.

  • Sonatype
    Booth: 604

    Every day, developers rely on millions of third party and open source building blocks – known as components – to build the software that runs our world. Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don’t have to make the tradeoff between going fast and being secure. More than 120,000 organizations use Sonatype’s Nexus solutions to support agile, Continuous Delivery, and DevOps practices globally

  • Splunk
    Booth: GuidePoint Pavilion: 220

    You see servers and devices, apps and logs, traffic and clouds. We see data—everywhere. Splunk® offers the leading platform for Operational Intelligence. It enables the curious to look closely at what others ignore—machine data—and find what others never see: insights that can help make your company more productive, profitable, competitive and secure. What can you do with Splunk?
    Just ask.

  • Symantec
    Booth: AccessIT Pavilion: 116

    Symantec is the world’s leading cyber security company. Organizations worldwide look to Symantec for strategic, integrated solutions to defend against sophisticated attacks, and more than 50 million people rely on Symantec’s Norton and LifeLock product suites to protect their digital lives at home. For more information, please visit www.symantec.com.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tenable
    Booth: 301

    Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

  • Thycotic
    Booth: GuidePoint Pavilion: 204

    Thycotic empowers more than 10,000 organizations around the globe,
    from small businesses to the Fortune 500, to protect privileged accounts. We make enterprise-level privilege management accessible for everyone by eliminating dependency on complex security tools and prioritizing productivity, flexibility and control. You’ll achieve more with Thycotic – even in your first 30 days -than with any other privilege security tool.

  • Trend Micro
    Booth: 408

    Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.

  • Varonis
    Booth: GuidePoint Pavilion: 244

    Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • Venafi
    Booth: GuidePoint Pavilion: 214

    Venafi secures and protects keys and certificates so they can’t be used by bad guys in cyber attacks. Criminals want to gain trusted status and go undetected. This makes keys and certificates a prime target. Criminals steal and compromise keys and certificates that are not properly protected, and use them to circumvent security controls. This has become the attack of choice. As a Gartner-recognized Cool Vendor, Venafi delivered the first trust protection platform to secure cryptographic keys and digital certificates that businesses and governments depend on for secure communications, commerce, computing, and mobility. Venafi finds all keys and certificates and puts them under surveillance to detect anomalies. Vulnerable keys and certificates are fixed to prevent attack. Ongoing remediation is performed automatically. Venafi strengthens defenses of today’s critical security controls.

  • Zix Corp
    Booth: GuidePoint Pavilion: 224

    Zix Corporation is a security technology company that provides email encryption services, email data loss prevention (DLP) and mobile applications designed to address bring your own device (BYOD) corporate technology trend. Headquartered in Dallas, Texas, the company serves customers that include divisions of the U.S. Treasury, federal financial regulators, health insurance providers and hospitals, and financial companies. As of December 2011, the company has served over thirty Blue Cross Blue Shield organizations, 1,200 hospitals, 1,600 banks, credit unions and associations. Federal Financial Institutions Examination Council (FFIEC) regulators are also the customers of the company. CIPROMS has signed a three-year renewal for the company in 2014.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Pete Lindstrom
    VP of Security Strategies, IDC

    Pete Lindstrom is VP of Security Strategies for IDC, where he conducts research on digital trust, risk measurement and cybersecurity economics in the age of digital transformation. Pete has spent over 25 years as a security professional and is known for his practical approaches to addressing security challenges. He is a U.S. Marine veteran and graduate of the University of Notre Dame.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Dan Lohrmann
    Chief Strategist and CSO, Security Mentor, Named One of the World's Top 100 IT Security Influencers for 2019 by CISO Platform

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Joe Walsh
    MCJ Program Director and Instructor of Computer Science/Criminal Justice, DeSales University

    Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for eleven years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor’s degree in Information Systems, a master’s degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D.

  • speaker photo
    Vince Fitzpatrick
    Cyber Risk Program Manager, Christiana Care Health System

    Vince Fitzpatrick has experience greater than some and less than others. Currently he is the Cyber Risk Program Manager at Christiana Care Health System (CCHS), one of the largest health care providers in the mid-Atlantic region, serving all of Delaware and parts of PA, MD, and NJ.

  • speaker photo
    Bryan Bechard
    Fractional CISO, CISO4hire

    Bryan has been working in InfoSec for 20 years as an individual contributor and management of security professionals. Currently, he is the CISO of an auto finance company and Board member of the (ISC)2 Philadelphia chapter. Current certs: CISSP, CSSLP, CRISC.

  • speaker photo
    Moderator: Robert Wilner
    Delaware Valley Chapter President, Cloud Security Alliance
  • speaker photo
    Rosemary Christian
    Philadelphia Women and Cyber Security
  • speaker photo
    Charles Sgrillo
    Chief Learning Officer, Security Shell

    Charles is Senior Red Team Analyst in Vanguard’s Global Risk & Security Division. With 10+ years’ experience in IT, Charles has held positions in the field such as Principal Consultant, Security Systems Specialist, and Red Team Penetration Tester. Charles is a Certified Ethical Hacker, a Certified Information Systems Security Professional, and has extensive experience in offensive security techniques and defensive strategies. Charles is currently a professor at Drexel researching cyber and information security. His research has explored topics such as digital forensics, red team penetration testing, deep learning, IoT, and software defined radio. His graduate research thesis demonstrated the effects physical security systems can play in penetration testing and security assessments.

  • speaker photo
    Joshua Marpet
    Data Protection Advisory Council
  • speaker photo
    Hazel Cerra
    Senior Special Agent, United States Secret Service

    Hazel Cerra is a Senior Special Agent (SSA) with the United States Secret Service out of the Philadelphia Field Office assigned to the Financial Fraud Division. She has over 19 years of experience in protection and investigations. She began her career investigating counterfeit currency, identity theft and credit card fraud. In 2009, she was transferred to the Former President William Clinton protective detail where she traveled around the world in support of the Clinton Global Initiative. SSA Cerra is trained in Network Intrusions, Point of Sale Systems, and Critical Systems Protection. She earned a BS in Science from NJCU and is currently pursuing her MBA from Johns Hopkins University.

  • speaker photo
    Dave Snyder
    Chief Information Security Leader, Independence Blue Cross
  • speaker photo
    Cheryl Carmel
    VP, Security, OnSolve

    In her role as vice president of security, Ms. Carmel is responsible for developing, maintaining and continual improvement for the GRC, security and privacy programs at OnSolve. Ms. Carmel is a member of ISC2, where she holds her CISSP and participates in the Safe and Secure Online cyber-security youth education program; International Association of Privacy Professionals, where she holds her CIPT (CIPP/IT) as well as members of ISSA, OWASP and InfraGard

  • speaker photo
    Bryan Orme
    Principal, Information Assurance, GuidePoint Security

    Bryan Orme leads the Information Assurance consulting organization; which includes Application Security, Cloud Security, Governance, Risk, and Compliance Services, Threat and Attack Simulation, Incident Response and Forensics. Additionally, Bryan leads the internal IT and Information Security teams as well as the Project Management Office and Services Operations. Bryan also serves on the Board of Directors of deepwatch, a Managed Security Services Provider. Since 2001, his primary focus has been on designing and implementing comprehensive Information Security programs and assisting clients with building business-aligned Information Security programs to mitigate risks associated with today’s increasingly sophisticated array of threats. Bryan has extensive backgrounds in multiple disciplines within Information Security, including Security Program Strategy, Application Security, Penetration Testing, PCI DSS, Incident Response and Forensics, and Vendor Management. Prior to joining GuidePoint, Bryan was the Director of Information Security for Capital One. His accomplishments there included building and leading the Application Security, Vendor Management, and PCI DSS Programs. He is a frequent speaker at industry conferences including OWASP, SecureWorld, HP Protect, ISSA, ISACA, and HIMSS on a wide array of Information Security topics. Bryan also served as a member of multiple Special Interest Groups of the PCI Security Standards Council. He earned a Bachelor’s degree from James Madison University and a MBA from the Robert H. Smith School of Business at the University of Maryland. Bryan holds QSA, CISSP, and CISM certifications.

  • speaker photo
    Axel Peters
    Executive Sales Manager, baramundi Software USA Inc.

    Axel Peters is Executive Sales Manager for baramundi software USA Inc., headquartered in Framingham, MA. Axel has his degree in IT Management and over six years of experience in professional Endpoint Management. In this time, he has advised over 250 customers from small businesses to global enterprises in Europe. He is well aware of the challenges IT departments face today in order to keep their infrastructure up-to-date, safe, and efficient.

  • speaker photo
    Tim Miller
    Lead Cybersecurity Consultant, Trend Micro

    Tim has over 10 years’ experience in Information Security and 33 years working with computer technology. He started his career with the Apple IIe in his first computer class, through achieving his master’s degree in Network Communications Management. Tim has been with Trend Micro for three years, and his experience in Information Security includes Endpoint Protection, CEH (Certified Ethical Hacker), risk assessments, Endpoint Detection and Response, IDS/IPS, malware prevention, and teaching others about threats.

  • speaker photo
    Vana Khurana
    Cloud Security Architect, The Vanguard Group

    Vana Khurana, Cloud Security Architect, The Vanguard Group, CISSP, AWS Certified Architect (A), CCSP, CCSK, GSEC. Director of Training and Board Member of Cloud Security Alliance Delaware Valley Chapter. Also, an Adjunct Faculty at Temple University, Philadelphia.

  • speaker photo
    Louise O’Donnell
    Sr. Information Technology Manager, TD Ameritrade
  • speaker photo
    Anahi Santiago
    CISO , Christiana Care Health System

    Anahi Santiago is the Chief Information Security Officer at Christiana Care Health System, the largest healthcare provider in the state of Delaware. Prior CCHS, she spent over 10 years as the Information Security and Privacy Officer at Einstein Healthcare Network. In her role as CISO she has overall responsibility for the organization's cybersecurity and assurance program. Santiago leads a team of information security professionals in supporting CCHS's strategic initiatives by collaborating with clinical and business leaders, managing cybersecurity risks, implementing policies and controls, generating overall awareness and fostering a culture of security and safety.

  • speaker photo
    Gustavo Coronel
    Sr. Cloud Security Architect, Check Point Software Technologies

    Gustavo (Gus) Coronel is a Senior Cloud Security Architect with Check Point Software Technologies and has been involved with network security for over 25 years. His first foray into network security was serving as the first Firewall Administrator at the US Department of Transportation in 1994. Intrusion Detection, Vulnerability Assessments, Protocol Analysis, Incidence Response, Forensics and Secure Network Design projects quickly followed. He joined Check Point’s Federal Group in 2009 and has been securing public cloud deployments full time since 2015.

  • speaker photo
    Tariq Shaikh
    IT Program Manager, Aetna

    Tariq Shaikh leads the Privileged Access Management practice for Aetna as part of their Global Security team. Tariq has more than 20 years of technology experience and is a certified project manager and information systems security professional. Tariq is an SME in the Privileged Access Management space and has spoken extensively about it at industry conferences. He also leads a security academy for Aetna that aims to educate participants about cyber security and protect and advance the profession.

  • speaker photo
    Bernie McGuinness
    IT Risk Lead, Campbell Soup Company

    Bernie is a cybersSecurity professional with over 20 years’ experience, both hands on and regulatory compliance of multiple complex systems within the Department of Defense and the commercial space. He provides in-depth knowledge on Third-Party Risk Management, Information Security, Assurance, Audit, and IT Operations, within industry. Holder of a CISSP, CRISC, and CTPRP.

  • speaker photo
    Jordan Fischer
    Managing Partner, XPAN Law Group, LLC

    Jordan L. Fischer is co-founder and managing partner of XPAN Law Group, LLC, a Women-Owned boutique law firm. She focuses her practice on international data privacy and cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations and the General Data Protection Regulation (GDPR). Jordan has extensive experience in the intersection of law and technology. She is also an Assistant Professor of Law at the Thomas R. Kline School of Law at Drexel University.

  • speaker photo
    Antona Dumas
    Associate, XPAN Law Group

    Antonia M. Dumas is an associate at XPAN Law Group, a certified Women’s Business Enterprise (“WBE”) and Women Owned Small Business (“WOSB”). At XPAN, Antonia works with clients to create proactive, streamlined, and global approaches to cybersecurity and data privacy. She performs audits, assessments and gap analysis of a client’s existing contractual and technological infrastructure. Domestically, she conducts cyber-regulatory compliance assessments, including HIPAA and state-specific regulations. She assists in the implementation of cyber best practices, including drafting cybersecurity policies and procedures. She also helps conduct international privacy compliance assessments under the European Union General Data Protection Regulation (“GDPR”). Antonia has experience in a variety of different sectors through which she has gained an insight into potential cybersecurity and data privacy vulnerabilities. Additionally, she contributes a unique global perspective from living, studying, and working abroad in Spain for several years.

  • speaker photo
    Jim Menkevich
    Director, Data Protection and Security Governance, Health Partners Plans

    Jim Menkevich is an Information Security, Privacy, and Risk Management professional with 19+ years of experience. Through his career, he has led teams in Cybersecurity, Enterprise Architecture, Systems Integration, and Application Development. Jim specializes in applying methodologies, frameworks, and ideas outside of the intended domain, which generates new and fresh angles to address industry challenges. When he’s not working, Jim enjoys writing poetry, running, and spending time with his family. Jim is currently the Director of Data Protection and Security Governance at Health Partners Plans in Philadelphia.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Dan Lohrmann
    Chief Strategist and CSO, Security Mentor, Named One of the World's Top 100 IT Security Influencers for 2019 by CISO Platform

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Joe Walsh
    MCJ Program Director and Instructor of Computer Science/Criminal Justice, DeSales University

    Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for eleven years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor’s degree in Information Systems, a master’s degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D.

  • speaker photo
    Happy Hour
  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Dan Lohrmann
    Chief Strategist and CSO, Security Mentor, Named One of the World's Top 100 IT Security Influencers for 2019 by CISO Platform

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Joe Walsh
    MCJ Program Director and Instructor of Computer Science/Criminal Justice, DeSales University

    Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for eleven years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor’s degree in Information Systems, a master’s degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D.

  • speaker photo
    Jordan Fischer
    Managing Partner, XPAN Law Group, LLC

    Jordan L. Fischer is co-founder and managing partner of XPAN Law Group, LLC, a Women-Owned boutique law firm. She focuses her practice on international data privacy and cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations and the General Data Protection Regulation (GDPR). Jordan has extensive experience in the intersection of law and technology. She is also an Assistant Professor of Law at the Thomas R. Kline School of Law at Drexel University.

  • speaker photo
    John Grim
    Senior Manager, Verizon

    John, the primary author of the Verizon Insider Threat Report, has over 16 years of experience investigating data breaches and cybersecurity incidents within the government and civilian security sectors. John manages a highly technical investigative response team who investigates data breaches and advises on containment / eradication / remediation measures for customers worldwide.

  • speaker photo
    Ken Pyle
    Partner, Information Security, DFDR Consulting

    Ken Pyle is a partner of DFDR Consulting specializing in Information Security, Computer Forensics, Enterprise Virtualization and Network Engineering. Ken has an extensive background in Network Penetration and Remediation, Compliance and Secure Design. Prior to joining DFDR, he served as a Security and Network Engineer for several Information Technology companies and as the IT Director/Security Engineer of a large accounting firm. Ken has consulted with financial institutions, banks, government defense contractors and other highly secure facilities on issues of Information Security, Computer Forensics and Secure Network Design.

  • speaker photo
    Dawn-Marie Hutchinson
    CISO, Pharmaceuticals and R&D, GSK (GlaxoSmithKline)

    Dawn-Marie Hutchinson brings more than 15 years of enterprise information technology experience to her role as CISO of GSK. She is an innovative business partner with extensive experience serving on Enterprise Risk Management teams. Hutchinson is an expert in providing data privacy and security solutions to manage information risk, improve IT governance and strengthen internal controls. Hutchinson’s extensive experience in information security and privacy program development has served the healthcare, insurance, retail and higher education sectors.

    While serving on the HITRUST working group for Data De-Identification, Hutchinson established standards and controls for the anonymization of patient level data and is credited with authoring the white paper for defining those levels, as well as use cases for the secondary uses of medical data. Additionally, she served on the HITRUST Privacy working group tasked with revising the HITRUST Common Security Framework to include additional privacy controls and the inclusion of NIST application recommendations.

    Prior to joining GSK, Hutchinson was the CSO at Comm Solutions and also led the information security program at Urban Outfitters, based in Philadelphia. Her tenure in IT also includes work at Walt Disney World, Co., Banknorth Group, Inc., Independence Blue Cross, Protiviti, and Optiv.

    Hutchinson currently sits on the Cyber Security Canon Committee, was the recipient of the CRM Women’s Power 50 award and hold accreditations that include Certified Information Security Manager (CISM), Certified in Risk and Information System Controls (CRISC), Certified Information Systems Auditor (CISA) and former Payment Card Industry Qualified Security Assessor (QSA). She is also a 2013 Master’s of Business Administration graduate of the Saint Joseph’s University Haub School of Business.

  • speaker photo
    Robert McKosky
    Asst. Professor, Drexel University

    Dr. Robert McKosky served as the Director of Information Security at MBNA America and was the Technical Program Director for the Network Infrastructure Laboratory at GTE. He has organized and participated in various simulated attacks (Tiger Teams) to identify weaknesses in security systems. Mac has consulted to the CTIA, NSA, Secret Service, FBI, CIA, Scotland Yard, the Royal Canadian Mounted Police, and various state and local law enforcement organizations. Mac is a Certified Secure Software Lifecycle Professional (CSSLP) and a Certified Information System Security Professional (CISSP) and was one of the authors of the original certification exam.

  • speaker photo
    Bryan Inagaki
    Director, Cybersecurity Risk Management, Thermo Fisher Scientific

    Bryan's path to information security was anything but direct, and he took a few detours in the worlds of small business, federal law enforcement and financial services before finding himself fully entrenched in the industry. As a physical security professional first and an information security professional second, Bryan enjoys the challenge of mixing the real with the intangible and taking lessons learned from time spent in critical threat areas to make his teams more effective and efficient.

  • speaker photo
    Joan Antokol
    Partner, Park Legal LLC

    Joan is a partner at Park Legal LLC, a law firm with offices in New Jersey and Indianapolis. Since 2002 and continuing, she has been one of the only outside counsel invited to be a member of a regulator team chaired by the Berlin Data Protection Commissioner, which includes members of the Supervisory Authorities from each EU member state, as well as a growing number of other countries around the world. Joan is a frequent speaker at data privacy conferences in the US and EU, and has published a number of articles. She counsels multinationals and other clients on a wide variety of data privacy and security topics, and handles many security breaches.

  • speaker photo
    Matt Wilson
    Chief Information Security Advisor, BTB Security

    Matt Wilson is the Chief Information Security Advisor for BTB, based in southeastern Pennsylvania. Matt has spent his entire career in IT and has over 14 years of experience within Information Security. Throughout his career, Matt has fostered the development of assessment methodologies, toolsets, and techniques for the delivery of security assessments, penetration testing, application assessments, compliance assessments, security awareness trainings, and policy review and development. More recently, Matt has been actively engaged in the continued maturation of BTB’s CISO Advisory Practice and RADAR Managed Detection & Response service.

  • speaker photo
    Eric Bucher
    Solutions Architect, Cequence Security

    Eric Bucher has over 15 years of experience in the security industry with a technical concentration in financial fraud, advanced persistent threats, forensics, exfiltration, DLP, and overall attack surfaces.

  • speaker photo
    Roger Vann
    Information Security Leader, JANUS Associates, Inc.
  • speaker photo
    Pete Lindstrom
    VP of Security Strategies, IDC

    Pete Lindstrom is VP of Security Strategies for IDC, where he conducts research on digital trust, risk measurement and cybersecurity economics in the age of digital transformation. Pete has spent over 25 years as a security professional and is known for his practical approaches to addressing security challenges. He is a U.S. Marine veteran and graduate of the University of Notre Dame.

  • speaker photo
    Charles Sgrillo
    Chief Learning Officer, Security Shell

    Charles is Senior Red Team Analyst in Vanguard’s Global Risk & Security Division. With 10+ years’ experience in IT, Charles has held positions in the field such as Principal Consultant, Security Systems Specialist, and Red Team Penetration Tester. Charles is a Certified Ethical Hacker, a Certified Information Systems Security Professional, and has extensive experience in offensive security techniques and defensive strategies. Charles is currently a professor at Drexel researching cyber and information security. His research has explored topics such as digital forensics, red team penetration testing, deep learning, IoT, and software defined radio. His graduate research thesis demonstrated the effects physical security systems can play in penetration testing and security assessments.

  • speaker photo
    Katie Creaser
    SVP and Cybersecurity Practice Lead, Affect

    Katie is a Sr. Vice President, Cybersecurity Lead at Affect, where she provides counsel to clients that are looking to bring PR and social media into their communications program as part of a thoughtful, holistic strategy. Katie is passionate about helping brands of all shapes and sizes find unique and creative ways to tell their story. She works closely with Affect’s technology and healthcare clients to ensure that their value resonates with customers by creating compelling content for every medium.

    Katie has managed public relations campaigns across a diverse range of industries including mobile device management, network and data security, application delivery, enterprise software and IT infrastructure. Katie also spearheads Affect’s social media practice – and has developed social media campaigns for Omni Hotels & Resorts, Caron Treatment Centers and Regus. She has managed programs that have earned accolades from PRSA, the SABRE awards and BtoB Magazine.

    Prior to joining Affect, Katie served as assistant program manager for the Capital Roundtable, an event production company for the private equity, investment banking, venture capital, legal, hedge fund and professional advisory communities in New York City. She started her career at KPR, a pharmaceutical advertising agency and part of the Omnicom network – where she supported the Janssen Pharmaceuticals, Forest Laboratories and Merck accounts. Katie holds a BA in Public Relations from Marist College.

  • speaker photo
    Jay Robinson
    Director of Cyber Operations, BlackRock

    BlackRock's Cyber Operations team manages the global 24x7 operations center responsible for cyber monitoring, incident response, cyber intelligence, cyber forensics, and vulnerability management.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store