googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });

16th Annual | #SWPHL19

SecureWorld Philadelphia 2019

April 10-11, 2019 | Radisson Hotel Valley Forge

EVENT DETAILS

Click here to view registration types and pricing (PDF)

Download Now

Conference Agenda

Day 1
Day 2

Filter by registration level:

Open Sessions
Conference Pass
SecureWorld Plus
VIP / Exclusive

Wednesday, April 10, 2019

7:00 am

Registration open

Registration Level:

Open Sessions

7:00 am - 3:00 pm

Location / Room: Registration Desk

Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

8:00 am

Exhibitor Hall open

Registration Level:

Open Sessions

8:00 am - 3:00 pm

Location / Room: Exhibitor Floor

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

8:00 am

Advisory Council Breakfast Roundtable – (VIP / INVITE ONLY)

Pete Lindstrom, Instructor

Leader in Cybersecurity Strategy, Innovation, and Economics

Registration Level:

VIP / Exclusive

8:00 am - 9:15 am

Location / Room: Keystone

This session is for Advisory Council members only.

8:00 am

[SecureWorld PLUS] Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework

Earn 16 CPEs With This in-Depth 3-Part Course

Larry Wilson, CISSP, CISA, Instructor

Sr. Cybersecurity Consultant, Wilson Cyber

Registration Level:

SecureWorld Plus

8:00 am - 9:30 am

Location / Room: Hemlock

The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

This innovative education and training program includes the following key elements:

An introduction to the key components of the NIST Cybersecurity Framework
How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
How to use the framework to protect critical information assets
A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

The class will help individuals and organizations acquire knowledge, skills and abilities to:

Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
Identify required workforce skills and develop career pathways for improving skills and experience

About the Instructor – Larry Wilson:

Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

The program and its author have won the following industry awards:

Security Magazine’s Most Influential People in Security, 2016
SANS People Who Made a Difference in Cybersecurity Award, 2013
Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

8:00 am

SecureWorld PLUS Part 1 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success

Earn 16 CPEs With This in-Depth 3-Part Course

Dan Lohrmann

CSO, Security Mentor; Former CISO, State of Michigan

Registration Level:

SecureWorld Plus

8:00 am - 9:30 am

Location / Room: Harrisburg

Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

Part 1: Information Security Awareness Fundamentals and War Stories
What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

Part 3: Reinventing Your Information Security Awareness Program
So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful toolkits are covered.

8:00 am

SecureWorld PLUS Part 1 - Getting Started with Digital Forensics

Earn 16 CPEs in this in-depth 3-part course

Moderator: Joe Walsh

M.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University

Registration Level:

SecureWorld Plus

8:00 am - 9:30 am

Location / Room: Liberty

Attendees will learn how to properly seize and analyze electronic evidence. The course will cover protecting the integrity of digital evidence, maintaining the chain of custody, creating forensic images, analyzing evidence, and reporting relevant findings. Students will have the opportunity to participate in practical exercises to gain hands-on experience with handling electronic evidence and using digital forensics tools. Attendees will be provided with resources that they can use when handling incidents that involve electronic evidence.

8:30 am

Cyber Risk With a Smile

Vince Fitzpatrick

Director of Information Security, ChristianaCare

Registration Level:

Conference Pass

8:30 am - 9:15 am

Location / Room: Mt. Davis

Christiana Care Health System (CCHS) is one of the largest health care providers in the mid-Atlantic region, serving all of Delaware and parts of PA, MD and NJ. This presentation will provide an overview regarding how CCHS implements a successful cyber risk program.

8:30 am

Social Engineering Your Way to More Security Budget

Bryan Bechard

CISO, Flagship Credit Acceptance

Registration Level:

Conference Pass

8:30 am - 9:15 am

Location / Room: Conestoga

Information security has always taken attacker technologies and re-purposed them to use as security tools. We can learn from what attackers have been able to do with psychology and use it to further security within our organizations.

8:30 am

Panel: Get Connected, Re-Connect, and Stay Connected

Robert Wilner

President, Delaware Valley Chapter, Cloud Security Alliance

Rosemary Christian

DevSecOps Engineering Coach, Comcast

Charles Sgrillo

Professor of Cybersecurity, Drexel University

Joshua Marpet

Data Protection Advisory Council

Registration Level:

Open Sessions

8:30 am - 9:15 am

Location / Room: Buchanan

Enjoy the refreshments while having a discussion with Rob Wilner of Cloud Security Alliance – Delaware Valley Chapter, Rosemary Christian of Philadelphia Women and Cyber Security, Charles Sgrillo of Security Shell, and Joshua Marpet of Data Protection Advisory Council about what each of their respective organizations have done for you lately. At the same time, they would like to learn about new ideas and improvements from you, their constituents! Other members of each organization will will also be present to answer questions and connect with as well.

9:30 am

OPENING KEYNOTE: The U.S. Secret Service Response to the Cyber Threat

Hazel Cerra

Assistant to the Special Agent in Charge, United States Secret Service

Registration Level:

Open Sessions

9:30 am - 10:15 am

Location / Room: Keynote Theater

Learn how the United States Secret Service responds to the emerging cyber threat—from romance schemes, network intrusions, financial fraud, and much more. We will examine scenarios when you should call law enforcement and understand how we will respond.

10:15 am

Conference Break / Exhibitor Product Demonstration

Registration Level:

Open Sessions

10:15 am - 11:15 am

Location / Room: Exhibitor Floor

Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

11:00 am

Advisory Council Roundtable (VIP / Invite Only)

Dave Snyder

Chief Information Security Leader, Independence Blue Cross

Registration Level:

VIP / Exclusive

11:00 am - 12:00 pm

Location / Room: Keystone

This session is for Advisory Council Members only.

11:15 am

A Security Professional's Experience as a Juror in the Bill Cosby Trial

Cheryl Carmel, Moderator

Owner, Carmel Consulting LLC

Registration Level:

Conference Pass

11:15 am - 12:00 pm

Location / Room: Keynote Theater

Physical security is a critical element of any trial. From their selection through their return home, the personal safety of jurors is a top consideration. The stakes grow even higher in a high-profile case with a sequestered jury whose verdict stays in the spotlight far longer than your average trial.

This session is a personal account from the foreperson in the trial against Bill Cosby, a trial that was watched around the world and commanded intense media attention. Cheryl Carmel, who also happens to have years of experience in the security industry, will discuss her experience serving on the jury and its effect on her sense of security and privacy. As a Vice President of Security, Cheryl has studied and experienced security as both a provider and receiver. Join her for her unique perspective on both sides of the issue.

11:15 am

[GuidePoint Security] Principles of an Effective Cloud Security Strategy

Bryan Orme

Principal & Partner, GuidePoint Security

Registration Level:

Open Sessions

11:15 am - 12:00 pm

Location / Room: Hemlock

With public cloud continuing to rapidly expand through the release of new services, deployment models, and architectures information security organizations continue to find themselves looking for effective cloud security controls. GuidePoint’s Cloud Security Practice Director will describe how organizations have identified cloud security controls, designed frameworks and maturity models, and have implemented effective strategies based on real world experience and leadership.

11:15 am

[baramundi] Innovative Endpoint Management

A Holistic Approach to Vulnerability Management, Patching, OS-Upgrades and Software Distribution

Axel Peters

Executive Sales Manager, baramundi Software USA Inc.

Registration Level:

Open Sessions

11:15 am - 12:00 pm

Location / Room: Quaker

Zero Day Vulnerability, Windows Feature Updates, Office 365 Migration: Are any of these topics causing you to lose sleep? This seminar will show you how you can automate OS-migrations, software deployment projects, and patch management all from one easy to use Endpoint Management Suite.

11:15 am

[Trend Micro] EDR, MDR, and Mitre Att&ck, Oh My!

Tim Miller

Lead Cybersecurity Consultant, Trend Micro

Registration Level:

Open Sessions

11:15 am - 12:00 pm

Location / Room: Conestoga

Today’s advanced threats are designed to bypass traditional cybersecurity defenses and compromise sensitive corporate data. Technologies such as EDR, MDR paired with the Mitre Atta&ck knowledge base allow, organizations to go beyond traditional anti-malware testing and never fall a step behind evolving threat actors. Join us for a high-level beginner talk that will be hosted by Tim Miller, Sales Engineer at Trend Micro.

11:15 am

It Is Cloudy Out There!

Vana Khurana

Sr. Solutions Architect, Security Specialist, Cloud Security Alliance Delaware Valley

Registration Level:

Conference Pass

11:15 am - 12:00 pm

Location / Room: Mt. Davis

Has your organization already moved to public cloud, or considering it? If so, you need to attend this talk to understand how it’s different than on-prem security. You need to know what assets, users, and data you have in the cloud. You also need to pay attention to what controls are missing in the cloud. This presentation will walk though some of the issues and tips for cloud security.

12:00 pm

Advisory Council Lunch Roundtable – (VIP / Invite Only)

Louise O’Donnell

Sr. Information Technology Manager, TD Ameritrade

Registration Level:

VIP / Exclusive

12:00 pm - 1:00 pm

Location / Room: Keystone

This session is for Advisory Council Members only.

12:15 pm

LUNCH KEYNOTE — Securing the Human: Threat Landscape in the Healthcare Industry

Anahi Santiago

CISO, ChristianaCare Health System

Registration Level:

Open Sessions

12:15 pm - 1:00 pm

Location / Room: Keynote Theater

This presentation will provide an overview of the current threat landscape in the industry and:

Identify motivators for targeting the industry
The role of consumerism and the shift in risk
Why information security is not a technology issue but a patient safety issue
The challenges in securing the human versus securing the data center

1:15 pm

Panel: Building a Better Mouse Trap (Emerging Threats)

Registration Level:

Open Sessions

1:15 pm - 2:15 pm

Location / Room: Keynote Theater

To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
Panelists:
Scott Register, Ixia
John McClurg Cylance
Mike Rogers Symantec
Tim Miller, Trend Micro
Moderator: Dan Reither

1:15 pm

Panel: Cloudy With a Chance of Breach

Registration Level:

Open Sessions

1:15 pm - 2:15 pm

Location / Room: Buchanan

Everything old is new again. Migrating to the cloud certainly is not a new thing. It is for some smaller companies that are just now able to afford making the move to the cloud. Cloud boasts a secure, disaster proof option for companies to store their data offsite with access to that data from practically anywhere. So, who’s fault is it when the data is compromised? What if your information is stolen from the cloud because another user’s data was at fault? At the end of the day, isn’t the cloud just someone else’s computer? Join this panel discussion as they guide you through the pros and cons in migrating to the cloud.
Panelists:
John DiLullo,Lastline
Gus Coronel,Check Point
Pete Molett, AccessIT Group
Dwayne Wenger, Big Switch
Mike Piscopo,Delta Risk
Moderator: Anahi Santiago

1:15 pm

[Check Point] A Security Blueprint for Public Cloud

Gustavo Coronel

Sr. Cloud Security Architect, Check Point Software Technologies

Registration Level:

Open Sessions

1:15 pm - 2:15 pm

Location / Room: Conestoga

Cloud has a surprising number of attack vectors. This presentation will provide practical examples for identifying and securing public cloud deployments in order to maximize protection and reduce overall labor and cost.

2:15 pm

Conference Break / Exhibitor Product Demonstration

Registration Level:

Open Sessions

2:15 pm - 3:00 pm

Location / Room: Exhibitor Floor

Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

3:00 pm

Implementing a Successful Privileged Access Management Program - Lessons Learned

Tariq Shaikh

IT Program Manager, Aetna

Registration Level:

Conference Pass

3:00 pm - 3:45 pm

Location / Room: Mt. Davis

Exploitation of privileged access is the #1 root cause of most large scale breaches in the recent past. Organizations are at risk of exploitation as there are typically limited controls (tools, processes) to manage privileged access and little to no comprehensive view of these controls. A well-run Privileged Access management program can considerably mitigate the intentional/unintentional misuse of privileged access at all levels in the IT Stack (Host, Database, Network, Applications). This session will provide pointers on how to run a successful multi-year Privileged Access Management Program.

3:00 pm

Third-Party Vendor Risk Management, Lessons Learned, and Best Practices

Bernie McGuinness

IT Risk Lead, Campbell Soup Company

Registration Level:

Conference Pass

3:00 pm - 3:45 pm

Location / Room: Conestoga

Modern business today relies on third parties to reduce overhead and cost. This can include the transfer of critical data which sometimes include “Crown Jewels.” How businesses evaluates these vendors should be built into the procurement process, but also take in to account how the vendor responds to these requests—and not just from you, but from every other company they are hosting, processing, and transferring data for.

Learn how you can streamline the process and create value for both your company and your vendor(s).

3:00 pm

A Survey of U.S. Domestic Security and Privacy Laws: The Evolving Landscape

Jordan Fischer, Instructor

Founding Partner & Owner, Fischer Law, LLC

Antona Dumas

Associate, XPAN Law Group

Registration Level:

Conference Pass

3:00 pm - 3:45 pm

Location / Room: Buchanan

A Survey of U.S. Domestic Security and Privacy Laws: The Evolving Landscape. The US legal framework for cybersecurity and data privacy continues to evolve, trying to stay abreast of the ever evolving and changing technologies. In the past year, State and Federal regulatory changes have altered the legal and compliance oblgiations of many companies across a variety of industries. Additionally, the courts are starting to adopt opinions that are placed more liability on companies for the protection of sensitive personal data. This presentation will provide an overview of key regulatory and legal changes both at the State and Federal level and discuss how companies should prepare to meet these evolving obligations.

3:00 pm

I.A.M. What I Am: Building a Strong Identity and Access Management Program

Jim Menkevich

Sr. Sales Engineer, Netskope

Registration Level:

Conference Pass

3:00 pm - 3:45 pm

Location / Room: Quaker

Identity and Access Management has risen from a necessary evil to the “new perimeter” as applications migrate to the cloud. Having the right people aligned to your business processes with sound technology will propel your IAM program from the back office to business enabling function. This presentation will guide you on how to mature your existing identity and access management program, pitfalls to avoid, and tips to get your stakeholders on board.

3:00 pm

[SecureWorld PLUS] Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework

SecureWorld PLUS Registrants ONLY

Larry Wilson, CISSP, CISA, Instructor

Sr. Cybersecurity Consultant, Wilson Cyber

Registration Level:

SecureWorld Plus

3:00 pm - 4:30 pm

Location / Room: Hemlock

This innovative education and training program includes the following key elements:

An introduction to the key components of the NIST Cybersecurity Framework
How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
How to use the framework to protect critical information assets
A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

The class will help individuals and organizations acquire knowledge, skills and abilities to:

Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
Identify required workforce skills and develop career pathways for improving skills and experience

About the Instructor – Larry Wilson:

Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

The program and its author have won the following industry awards:

Security Magazine’s Most Influential People in Security, 2016
SANS People Who Made a Difference in Cybersecurity Award, 2013
Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

3:00 pm

SecureWorld PLUS Part 2 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success

SecureWorld PLUS Registrants ONLY

Dan Lohrmann

CSO, Security Mentor; Former CISO, State of Michigan

Registration Level:

SecureWorld Plus

3:00 pm - 4:30 pm

Location / Room: Harrisburg

3:00 pm

SecureWorld PLUS Part 2 - Getting Started with Digital Forensics

SecureWorld PLUS Registrants ONLY

Moderator: Joe Walsh

M.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University

Registration Level:

SecureWorld Plus

3:00 pm - 4:30 pm

Location / Room: Liberty

4:00 pm

GuidePoint Reception

Join us for complimentary drinks and appetizers inside the venue

Happy Hour

Registration Level:

Open Sessions

4:00 pm - 6:00 pm

Location / Room: Valley Tavern Inn, Radisson Hotel in Valley Forge

Join GuidePoint and partners for a social hour after Day 1. Come discuss the day’s events, network with security peers, and enjoy beverages and
hors d’oeuvres. Compliments of GuidePoint and partners.
Register Now

Valley Tavern Inn, Radisson Hotel

(Inside the venue)

March 18th • 4 – 7 p.m.

Thursday, April 11, 2019

7:00 am

Registration open

Registration Level:

Open Sessions

7:00 am - 3:00 pm

Location / Room: Registration Desk

Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

8:00 am

Exhibitor Hall open

Registration Level:

Open Sessions

8:00 am - 3:00 pm

Location / Room: Exhibitor Floor

8:00 am

[SecureWorld PLUS] Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework

SecureWorld PLUS Registrants ONLY

Larry Wilson, CISSP, CISA, Instructor

Sr. Cybersecurity Consultant, Wilson Cyber

Registration Level:

SecureWorld Plus

8:00 am - 9:30 am

Location / Room: Hemlock

This innovative education and training program includes the following key elements:

An introduction to the key components of the NIST Cybersecurity Framework
How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
How to use the framework to protect critical information assets
A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

The class will help individuals and organizations acquire knowledge, skills and abilities to:

Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
Identify required workforce skills and develop career pathways for improving skills and experience

About the Instructor – Larry Wilson:

Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

The program and its author have won the following industry awards:

Security Magazine’s Most Influential People in Security, 2016
SANS People Who Made a Difference in Cybersecurity Award, 2013
Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

8:00 am

SecureWorld PLUS Part 3 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success

SecureWorld PLUS Registrants ONLY

Dan Lohrmann

CSO, Security Mentor; Former CISO, State of Michigan

Registration Level:

SecureWorld Plus

8:00 am - 9:30 am

Location / Room: Harrisburg

8:00 am

SecureWorld PLUS Part 3 - Getting Started with Digital Forensics

SecureWorld PLUS Registrants ONLY

Moderator: Joe Walsh

M.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University

Registration Level:

SecureWorld Plus

8:00 am - 9:30 am

Location / Room: Liberty

8:30 am

Blockchain and Data Protection Laws: Can They Co-Exist?

Jordan Fischer, Instructor

Founding Partner & Owner, Fischer Law, LLC

Registration Level:

Conference Pass

8:30 am - 9:15 am

Location / Room: Mt. Davis

Blockchain and Data Protection Laws: Can they Co-Exist? With the increasing emphasis on data privacy, and the adoption of data protection regulations, Blockchain faces hurtles in complying with these regulatory obligations while allowing for the continued evolution of the technology. This presentation will discuss the ways in which Blockchain needs to take into account core privacy principles, and discuss the practical implications of various data protection regulations, including the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other regulatory requirements.

8:30 am

Insider Threat Report: Out of Sight Should Never Be out of Mind

John Grim

Head of Research, Development, Innovation, Verizon Threat Research Advisory Center

Registration Level:

Conference Pass

8:30 am - 9:15 am

Location / Room: Conestoga

Within the panoply of cybersecurity incidents, insider threat activities are an exceptional challenge. These threat actors enjoy trust, privilege, and access. Add a detrimental motivation and disaster ensues. This presentation covers the Verizon “Insider Threat Report,” a compilation of data breach data, scenario, and experience-driven insights into recognizing, mitigating, and investigating insider threat activities.

8:30 am

Practical Threat Hunting Techniques: Proactive Security Analysis

Ken Pyle

Partner, Information Security, DFDR Consulting

Registration Level:

Conference Pass

8:30 am - 9:15 am

Location / Room: Buchanan

Threat hunting and projecting risk is a frequent issue for administrators and security teams. Many weaknesses and vulnerabilities can’t be found with scanner or software platform. This gap is where malicious actors live.

By leveraging open-source tools, common techniques, and technical knowledge, modern organizations can assess their technical exposures and take proactive measures to prevent attacks. From understanding how malicious parties target organizations and find weaknesses to discovering the next phishing attack before it happens by culling DNS / Registrar records, this session will show practical application of malicious tools and attacks with a technical focus.

9:30 am

OPENING KEYNOTE: The Alphabet Soup DRIVING Good Data Governance

Dawn-Marie Hutchinson

CISO, Pharmaceuticals and R&D, GSK (GlaxoSmithKline)

Registration Level:

Open Sessions

9:30 am - 10:15 am

Location / Room: Keynote Theater

The future of privacy is isn’t in regulations it is in good data hygiene. Privacy by design is slated to be replaced by “Ethics by design” building upfront and transparent uses of data into products requires strong data governance. As more and more companies move toward digital transformation how will your data strategy play into the success or failure of those plans. Are you ready for next gen data governance?

10:15 am

Conference Break / Exhibitor Product Demonstration

Registration Level:

Open Sessions

10:15 am - 11:15 am

Location / Room: Exhibitor Floor

Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

11:00 am

Advisory Council Roundtable (VIP / Invite Only)

Robert McKosky

Asst. Professor, Drexel University

Registration Level:

VIP / Exclusive

11:00 am - 12:00 pm

Location / Room: Keystone

This session is for Advisory Council Members only.

11:15 am

Business and the Beast

Bryan Inagaki

Sr. Director, Cybersecurity Risk Management & Solutions, Thermo Fisher Scientific

Registration Level:

Conference Pass

11:15 am - 12:00 pm

Location / Room: Buchanan

Technology has created not just new jobs requiring new skills – it has fundamentally changed the way we work on a daily basis. However, for every company pushing the boundaries of technology, there are many more holding on to the traditional views of what a business should be and how it should operate. Cybersecurity teams are not insulated from these changes, and our industry is subject to entrenched and outdated modes of operation as many others. This talk is about the beasts – the myriad of changes and advancements occurring across business that are challenging the fundamental ways businesses have been operating for generations.

11:15 am

EU GDPR: Enforcement Landscape, Key Security Risks, and Recommendations

Joan Antokol

Partner, Park Legal LLC

Registration Level:

Conference Pass

11:15 am - 12:00 pm

Location / Room: Conestoga

The GDPR has been in effect since May 25, 2018. Hear from a presenter who sits on a team with the EU and other data protection regulators about the number of complaints and security breach reports that various EU member states have received since the GDPR took effect, as well as enforcement under that regulation. The presenter will also discuss key triggers for enforcement, particularly in relation to IT security, and will provide recommendations to help organizations successfully address the complex GDPR and member state requirements for IT security.

11:15 am

[BTB Security] You're Doing It Wrong: Get More Out of Your Penetration Test

Matt Wilson

Chief Information Security Advisor, BTB Security

Registration Level:

Open Sessions

11:15 am - 12:00 pm

Location / Room: Quaker

PenTests, Red/Purple Teaming, Threat Hunting, and whatever we come up with next can all be valuable tools for identifying risks. However, they’re often misunderstood and misused, and some vendors and service providers intentionally make it worse. Why talk about technical security testing in 2019? Don’t standards exist? Yes, but by understanding where common approaches fail, you’ll get more out of your next engagement and your security partners.

11:15 am

[Cequence Security] The New #1 Cyber Threat: The Relentless Evolution of Bots and the Arms Race in AI to Detect and Defend

Eric Bucher

Solutions Architect, Cequence Security

Registration Level:

Conference Pass

11:15 am - 12:00 pm

Location / Room: Mt. Davis

This presentation will focus on the current state of Bot automation and the different attack modalities currently conducted through machine automation. Attacker tools, infrastructure, and compromised credentials will be examined as to how they were used in a real-world example of such an attack on a major retailer. From detection to mitigation, we will explore the use of Machine Learning algorithms and Artificial Intelligence as valuable countermeasures against this ever-evolving threat.

12:00 pm

Advisory Council Lunch Roundtable – (VIP / Invite Only)

Roger Vann

Information Security Leader, JANUS Associates, Inc.

Registration Level:

VIP / Exclusive

12:00 pm - 1:00 pm

Location / Room: Keystone

This session is for Advisory Council Members only.

12:15 pm

LUNCH KEYNOTE: The 7 Cybersecurity Habits of Digital Disruptors

Pete Lindstrom, Instructor

Leader in Cybersecurity Strategy, Innovation, and Economics

Registration Level:

Open Sessions

12:15 pm - 1:00 pm

Location / Room: Keynote Theater

Cybersecurity in the age of digital transformation is a balancing act – too much security risks heavy overhead and impedance of new initiatives, but too little security risks catastrophic breach. Mature transformers – digital disruptors – have cracked the code for cybersecurity and demonstrate 7 habits that help them protect their digital transformation initiatives.

1:15 pm

Panel: Shifting Landscape of Attack Vectors

Registration Level:

Open Sessions

1:15 pm - 2:15 pm

Location / Room: Keynote Theater

If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
Panelists:
Ron Schlect, BTB Security
Eric Bucher, Cequence
Matthew Cilento, Securonix
Hassanain Kapadia, Palo Alto Networks
John Maloney, AccessIT Group
Moderator: Frank Piscitello

1:15 pm

Panel: Access Control – The End of the Password?

Registration Level:

Open Sessions

1:15 pm - 2:15 pm

Location / Room: Buchanan

“Open Sesame!” Whether you recognize the term coming from Ali Baba or one of the forty thieves, this timeless password ranks up there with “password123” or “admin” on your home wireless router. Passwords were created to keep us safe or keep something safe for us. Back in the day you were able to look the person in the eye when they said the password. You knew (roughly) what you were getting, and you could perform a risk assessment (of sorts) on the speaker. Now, with some many ways at getting our information, the password is going the way of the dodo. Is 2FA good enough? Zero Trust? Pass phrases? Perhaps your own voice is the password? I don’t know the answer, but I’d be willing to bet that some of the experts on this panel will be able to help you decide what to do with the password dilemma.
Panelists:
Joeseph Walsh, DeSales
George Makin, Federal Reserve
Nancy Hunter
George Makin
Moderator: Bob McCosky

2:15 pm

Conference Break / Exhibitor Product Demonstration

Registration Level:

Open Sessions

2:15 pm - 3:00 pm

Location / Room: Exhibitor Floor

Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

2:30 pm

Dash for Prizes & CyberHunt

Registration Level:

Open Sessions

2:30 pm - 2:45 pm

Location / Room: Exhibitor Floor

Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

3:00 pm

An Introduction to IoT Penetration Testing

Charles Sgrillo

Professor of Cybersecurity, Drexel University

Registration Level:

Conference Pass

3:00 pm - 3:45 pm

Location / Room: Conestoga

IoT devices are one of the biggest challenges for security professionals now and will continue to be in the future. The secure engineering and implementation of these devices is critical as more insecure devices come to market. As technology professionals we need to have an idea how these devices effect our organization. In this talk we will explore the basic principles of IoT PenTesting, what is in an effective toolset, reverse engineering, and analyzing popular IoT protocols with software defined radios.

3:00 pm

Managing a Hack: Orchestrating Incident Response to Preserve Brand Reputation

Katie Creaser

SVP and Cybersecurity Practice Lead, Affect

Registration Level:

Conference Pass

3:00 pm - 3:45 pm

Location / Room: Buchanan

A cyber attack can be devastating – resulting in the loss of revenue, interrupted business continuity and significant damages to brand reputation and corporate morale. Incident response is no longer relegated to IT and must involve executives across the entire organization – from the board, to the marketing department, to technical teams.

This session will address the critical tactics involved in communicating a cybersecurity incident to the public – focusing on the orchestration of technical, legal and communications executives. This session will be an interactive discussion on the corporate communications challenges that executives face in the wake of a breach.

3:00 pm

Insider Threat Detection and Response

Jay Robinson

Director of Cyber Operations, BlackRock

Registration Level:

Conference Pass

3:00 pm - 3:45 pm

Location / Room: Mt. Davis

From cybercriminal recruiting for insiders on the Dark Web to nation-state operatives, insider threats are an increasing risk facing many firms today.
We will discuss the latest technologies and techniques that can be used to detect various types of insiders as well as what to do once you actually find them.

Keynote & Speaker Information

SecureWorld Philadelphia

April 10-11, 2019

Exhibitors

AccessIT Group: Partner Pavilion Sponsor
Booth: 126
AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.

AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.
AppViewX
Booth: 504
AppViewX is the most advanced certificate and key lifecycle automation platform. With their certificate lifecycle automation and management platform, CERT+, your enterprise can protect itself from cyber-attacks that can happen easily due to misused keys or expiring certificates. AppViewX CERT+ provides automated discovery, enrollment, monitoring, validation, expiry notification, renewal, provisioning, remediation, reporting and revocation of SSL/TLS certificates across networks including app servers, web servers, ADCs, proxies, firewalls, client and mobile devices. CERT+ helps enterprise IT manage and automate the entire lifecycle of their internal and external PKI.
ASIS
Booth: TBD
ASIS International is the world’s largest membership association for security professionals. With hundreds of chapters across the globe, ASIS is recognized as the premier source for learning, networking, standards, and research. ASIS ensures its members and the security community have access to the intelligence and resources necessary to protect their people, property, and information assets. www.asisonline.org
AttackIQ
Booth: GuidePoint Pavilion: 240
AttackIQ, the leading independent vendor of breach and attack simulation solutions, built the industry’s first Security Optimization Platform for continuous security control validation and improving security program effectiveness and efficiency. AttackIQ is trusted by leading organizations worldwide to identify security improvements and verify that cyberdefenses work as expected, aligned with the MITRE ATT&CK framework. The Company is committed to giving back to the cybersecurity community through its free AttackIQ Academy, open Preactive Security Exchange, and partnership with MITRE Engenuity’s Center for Threat Informed Defense.
Avanan
Booth: GuidePoint Pavilion: 216
Avanan: Email Security—Reinvented.

Avanan catches the advanced phishing attacks that evade default and advanced security. The invisible, multi-layered solution enables full-suite protection for cloud collaboration software such as Office 365™, G-Suite™, and Slack™. Deploying in one click via API, the platform prevents Business Email Compromise and blocks phishing, malware, data leakage, account takeover, and shadow IT across the enterprise. Avanan replaces the need for legacy solutions like Secure Email Gateways and Cloud Access Security Brokers with a patented solution that goes far beyond any other Cloud Email Security Supplement.
baramundi software USA, Inc.
Booth: 402
baramundi Software provides companies and organizations with efficient, secure, and cross-platform management of workstation environments.

The baramundi Management Suite (bMS) combines all important features for Endpoint Management: Patch Management, Software Deployment, OS-Installation, Enterprise Mobility Management, Vulnerability Assessment, and more. bMS optimizes IT management processes by automating routine tasks and providing an extensive overview of the status of the network and endpoints. In doing so, it relieves pressure on IT administrators and ensures that users always have the necessary rights and applications on all platforms and form factors; whether on PCs, servers, notebooks, mobile devices or Macs.

Over 3,000 customers around the world benefit from nearly two decades of experience and the easy-to-use software solution.
Big Switch Networks
Booth: 102
Big Switch Networks is the next-gen networking company. Big Monitoring Fabric is an NPB that enables pervasive visibility and security across all workloads: physical, VM , container or cloud. Big Mon Inline enables pervasive security in the DMZ while offering lower-cost and SDN-centric operational simplicity. Tech partnerships include: A10, Palo Alto Networks, Symantec, FireEye, ExtraHop, Riverbed.
Bitglass
Booth: GuidePoint Pavilion: 212
Your company’s move to the cloud delivers flexibility and cost savings, but that doesn’t mean you should lose control of your data. Bitglass’ Cloud Access Security Broker (CASB) solution enables your enterprise to adopt cloud apps while ensuring data security and regulatory compliance. Bitglass secures your data in the cloud, at access, on any device.

Bitglass was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.
BitSight
Booth: GuidePoint Pavilion: 242
BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog, or follow @BitSight on X.
BlackBerry Cybersecurity
Booth: 100
BlackBerry Cybersecurity is a leader in endpoint security, endpoint management, encryption, and embedded systems, protecting enterprises and governments around the world. Our end-to-end approach is deeply rooted in Cylance® AI and machine learning, providing continuous preventative protection, detection, and instant response. We extend protection for your organization against current and future cyberthreats by combining network and endpoint telemetry and by delivering innovative solutions in the areas of cybersecurity, safety, and data privacy.
Bromium
Booth: 600
Bromium uses virtualization-based security to protect our customers. Our patented hardware-enforced containerization delivers application isolation and control stopping malware in its tracks. Unlike traditional security, Bromium automatically isolates threats and adapts to new attacks using behavioral analysis and instantly shares threat intelligence to eliminate the impact of malware.
BTB Security
Booth: 406
Merging new technologies with business goals doesn’t have to equal lapses in security. BTB works with our clients to determine their corporate objectives—and keeps the organization secure.

Our full suite of services detect, defend and defeat security breaches across the enterprise. And with the dedicated research support of RIOT Labs, we uncover truly-actionable intelligence and innovative offensive tactics that strengthen our services and propel our industry forward.
Carbon Black
Booth: 104
Carbon Black is Transforming Security Through Big Data and Analytics in the Cloud Growing trends in mobility and cloud have made the endpoint the new perimeter. New and emerging attacks are beating traditional defenses, and security teams are too reactive and held back by their technologies. Carbon Black is leveraging the power of big data and analytics to solve the challenges surrounding endpoint security. With the Cb Predictive Security Cloud platform, we are transforming cybersecurity to deliver a new generation of cloud-delivered security solutions designed to protect against the most advanced threats.
Cequence
Booth: 403
Cequence Security delivers automated software solutions to protect the web, mobile, and API application services that hyper-connected organizations rely on to support business processes and customer engagements. Recognized as a 2018 Gartner Cool Vendor, we strengthen the security posture of our customers and improve the productivity and efficiency of their IT staff.
Check Point Software Technologies
Booth: AccessIT Pavilion: 120
Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.
Cloud Security Alliance (CSA)
Booth: TBD
The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.
Cobalt
Booth: 602
Cobalt’s Pentest as a Service (PtaaS) platform is modernizing traditional pentesting. By combining a SaaS platform with an exclusive community of testers, we deliver the real-time insights you need to remediate risk quickly and innovate securely.
Cofense
Booth: GuidePoint Pavilion: 234
Cofense^® provides the world’s most effective email threat detection and remediation solutions. Cofense PhishMe® and the Cofense Phishing Detection and Response Platform (PDR), are powered by over 35 million Cofense-trained employees who report phishing and other dangerous email threats in real time. Exclusive to Cofense, our network detects and eradicates threats other email security systems miss and removes them from our customer inboxes. For more information, visit www.cofense.com or connect with Cofense on X and LinkedIn.
Comodo Cybersecurity
Booth: 200
In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.
CRANIUM
Booth: 606
CRANIUM is specialized in privacy and security solutions and services. CRANIUM builds bridges between IT, legal and business and provides profound end-to-end solutions on both tactical and operational levels. CRANIUM supports and familiarizes your organization with the compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and other national and international data protection regulations. We also offer protection against cyber-attacks and possible data breaches. CRANIUM also acts as a Legal (GDPR) representative for non-EU based companies (Art. 27 of the GDPR) and we have an in-house training academy, CRANIUM Campus, accredited by IAPP.
CrowdStrike
Booth: GuidePoint Pavilion: 230
CrowdStrike sets the standard for cybersecurity in the cloud era. The CrowdStrike Falcon® platform protects and enables the people, processes, and technologies that drive modern enterprise, delivering superior protection, better performance, reduced complexity, and immediate time-to-value. CrowdStrike secures the most critical areas of enterprise risk—endpoints and cloud workloads, identity, and data—to keep organizations ahead of today’s adversaries and stop breaches.
<
Booth: AccessIT Pavilion: 108
Darktrace
Booth: 512
Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.

The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.
Delta Risk
Booth: 302
Delta Risk is breaking the mold for managed security, delivering Security Operations Center (SOC)-as-a-Service and security services that bridge the gap to a modern security approach. We enable any size organization to leverage our expert security operations team and respond to endpoint, network, and cloud security threats 24×7. ActiveEye, our proprietary platform, uses Security Orchestration Automation and Response (SOAR) to cut through the noise and address the most critical threats faster. The ActiveEye Portal is the cornerstone of our customer-centric approach, providing clients a transparent view into SOC activities and Key Performance Indicators (KPIs) that demonstrate the value of our co-managed security approach.
Demisto
Booth: 106
Demisto is the only Security Orchestration, Automation and Response (SOAR) Platform that combines orchestration, incident management and interactive investigation into a seamless experience. By using Demisto, security teams can build future-proof security operations to reduce MTTR, create consistent incident management processes, and increase analyst productivity.
DeSales University Cyber Security Program
Booth: 502
DeSales University offers an exciting digital forensics certificate program, composed of four courses, that teaches students how to recover evidence from various types of electronic devices. Students receive hands-on experience with popular forensic tools and are prepared to address the legal and investigative issues involved with seizing and handling digital evidence. Graduates of the certificate program can add more courses toward a master’s degree in criminal justice or information systems. All courses are online, allowing students with busy schedules greater flexibility.
EC-Council
Booth:
International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.
Electronic Crimes Task Force
Booth:
The role of the U.S. Secret Service has gradually evolved since the agency’s 1865 inception, from its initial mandate — suppressing the counterfeiting of U.S. currency — to protecting the integrity of the nation’s financial payment systems. During this time, as methods of payment have evolved, so has the scope of the Secret Service’s mission. Computers and other chip devices are now the facilitators of criminal activity or the target of such, compelling the involvement of the Secret Service in combating cyber crime. The perpetrators involved in the exploitation of such technology range from traditional fraud artists to violent criminals – all of whom recognize new opportunities to expand and diversify their criminal portfolio.
ExtraHop
Booth: GuidePoint Pavilion: 236
ExtraHop is a force multiplier for IT teams struggling with increasing complexity. With the ExtraHop platform, organizations can regain control over the security and performance of their applications and infrastructure, and capitalize on their data analytics opportunity to improve business operations and results. Learn more at www.extrahop.com
F5
Booth: AccessIT Pavilion: 114
F5 provides solutions for an application world. F5 helps organizations seamlessly scale cloud, data center, telecommunications, and software defined networking (SDN) deployments to successfully deliver applications and services to anyone, anywhere, at any time. F5 solutions broaden the reach of IT through an open, extensible framework and a rich partner ecosystem of leading technology and orchestration vendors. This approach lets customers pursue the infrastructure model that best fits their needs over time. The world’s largest businesses, service providers, government entities, and consumer brands rely on F5 to stay ahead of cloud, security, and mobility trends
ForeScout Technologies, Inc.
Booth: AccessIT Pavilion: 112
ForeScout Technologies, Inc. has pioneered an agentless approach to network security to address the explosive growth of the Internet of Things (IoT), cloud computing and operational technologies (OT). We offer a highly scalable, heterogeneous platform that provides Global 2000 enterprises and government agencies with agentless visibility and control of today’s vast array of physical and virtual devices the instant they connect to the network. Our technology continuously assesses, remediates and monitors devices and works with disparate security tools to help accelerate incident response, break down silos, automate workflows and optimize existing investments. As of June 30, 2018, more than 2,900 customers in over 80 countries improve their network security and compliance posture with ForeScout solutions.
Gemalto
Booth: GuidePoint Pavilion: 238
Today’s enterprises depend on the cloud, data and software to make decisive decisions. That’s why the most respected brands and largest organizations in the world rely on Thales to help them protect their most sensitive information and software wherever it is created, accessed or stored – from the cloud and data centers to devices and across networks. As the global leader in cloud and data protection, our solutions enable organizations to move to the cloud securely, achieve compliance with confidence, and create more value from their software in the devices and services used by millions of consumers every day.
Gigamon
Booth: AccessIT Pavilion: 118
Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com.
Gigamon
Booth: GuidePoint Pavilion: 218
Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com.
Global Cyber Alliance
Booth: TBD
The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org
GuidePoint Security LLC
Booth: 246
GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com
HTCIA Delaware Valley Chapter
Booth:
The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge, about methods, processes, and techniques relating to investigation and security in advanced technologies among its membership.

By becoming a member of the HTCIA you will affiliate yourself with a professional organization which will help you fully understand and address issues associated with investigations, apprehensions and methodologies associated with the newest breed of high tech criminals. With the explosion in use of computers and the Internet, there is an uprising in criminal activities that utilize these powerful tools. From computer viruses to data processing fraud, there are many growing threats that expose our society to a new kind of criminal activity.
Imperva
Booth: GuidePoint Pavilion: 210
Imperva is a leading provider of data and application security solutions that protect business-critical information in the cloud and on-premises. Cybercriminals constantly change their tactics. But what they are after, and how they ultimately make money, doesn’t change. They are after data. They make their money through extortion, via DDoS and ransomware, and through theft via data breaches. Today, data and applications are the fundamental assets of any enterprise. Data are the intellectual property and apps are what run the business. Imperva has a singular purpose: protect these critical assets from the ever-changing attacks of the cybercrime industry.
InfoSec-Conferences.com
Booth: n/a
We’re the InfoSec community’s #1 ‘Go To’ resource for cybersecurity conference listings. Since 2012 we’ve provided cybersecurity professionals with accurate event listings that are manually checked and updated every day.
Philadelphia InfraGard Members Alliance
Booth:
InfraGard is a partnership between the FBI and the private sector. It is an association of people from businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. Philadelphia InfraGard Members Alliance (IMA) provides a forum for the exchange of information between the government, the owners and operators of the national infrastructure, and others concerned with the protection of the national infrastructure. Philadelphia IMA supports eastern Pennsylvania and southern New Jersey. Membership is free and new members are welcome.
IntSights
Booth: GuidePoint Pavilion: 224
IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the open, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world.
ISACA Philadelphia
Booth:
The Philadelphia Chapter of ISACA has a membership base of more than 1,600 individuals primarily located in the Philadelphia and the surrounding suburbs, extending into Delaware and Southern New Jersey. The membership of the Chapter includes professionals working in various industries and capacities. From students through experienced C-level executives, the Philadelphia Chapter provides, training, networking and social events to this diverse group who share the common goal of providing expertise in IT audit, security, risk, and governance topics to their colleagues. The Chapter conducts events on a monthly basis led by an active, vibrant and dedicated group of volunteers and is actively seeking business partners to help provide value and knowledge to its members.
ISC2
Booth: TBD
ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, ISC2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation, The Center for Cyber Safety and Education™.
ISSA Delaware Valley
Booth:
Our chapter serves the Delaware Valley and Mid-Atlantic region. This is comprised of Eastern Pennsylvania, Northern Maryland, Southern New Jersey, and Delaware.
We are making history as we continue to grow the chapter with your membership, and bring exciting programs to you. If you have not already been involved in the membership meetings, we encourage you to do so. Hopefully, you will walk away with more ideas to take back to your organizations, or you may come away with a sense of – “Hey, we had that same problem”, or “Our company is not alone in dealing with these issues.”
Ixia, a Keysight Business
Booth: 400
We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.
Jazz Networks
Booth: 202
Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.
Lastline
Booth: 500
Lastline delivers innovative AI-powered network security that detects and defeats advanced threats entering or operating within a network. We protect network, email, cloud, and web infrastructures, minimizing the risk of damaging and costly data breaches with fewer resources and at lower cost.
Mimecast
Booth: 506
Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.
Okta
Booth: AccessIT Pavilion: 110
Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.
Okta
Booth: GuidePoint Pavilion: 206
Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.
Optiv
Booth: 300
Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.
OWASP
Booth:
The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
PACT
Booth:
Philadelphia Alliance for Capital and Technologies (PACT)’s vision is to be the go-to resource for fast growing companies, and a driver of entrepreneurship and innovation in the Philadelphia region. PACT provides its members with valuable content and connections to capital, coaching, and customers that will accelerate their growth and success, and to collaborate with other organizations to drive innovation and entrepreneurship in the region. Visit www.philadelphiapact.com for more information.
Rapid7
Booth: 228
Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.
RedSeal
Booth: GuidePoint Pavilion: 208
By focusing on cybersecurity fundamentals, RedSeal helps government agencies and Global 2000 companies measurably reduce their cyber risk. With RedSeal’s cyber terrain analytics platform and professional services, enterprises improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif.
SecureAuth
Booth: GuidePoint Pavilion: 222
SecureAuth enables the most secure and passwordless, continuous authentication experience for everyone, everywhere. The patented AI/ML technology allows frictionless access to any file and any application across your heterogenous environment. The platform extends the security of your IdP or it can be used as an end-to-end solution.
SecurityScorecard
Booth: GuidePoint Pavilion: 226
SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their third-parties through continuous, non-intrusive monitoring. SecurityScorecard’s proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Application Security, Malware, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Information.
Securonix
Booth: GuidePoint Pavilion: 232
Securonix is redefining threat detection and response for today’s hybrid cloud, data-driven enterprise. Securonix Next-Gen SIEM and XDR are powered by the most advanced analytics and built on a scalable, flexible cloud native architecture. Securonix leverages behavioral analytics technology that pioneered the UEBA category to reduce noise, prioritize high fidelity alerts, and enable fast and precise response to insider and cyber threats.
Sonatype
Booth: 604
Every day, developers rely on millions of third party and open source building blocks – known as components – to build the software that runs our world. Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don’t have to make the tradeoff between going fast and being secure. More than 120,000 organizations use Sonatype’s Nexus solutions to support agile, Continuous Delivery, and DevOps practices globally
Splunk
Booth: GuidePoint Pavilion: 220
Splunk helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application incidents from becoming major issues, absorb shocks from digital disruptions and accelerate digital transformation.
Symantec
Booth: AccessIT Pavilion: 116
Symantec is the world’s leading cyber security company. Organizations worldwide look to Symantec for strategic, integrated solutions to defend against sophisticated attacks, and more than 50 million people rely on Symantec’s Norton and LifeLock product suites to protect their digital lives at home. For more information, please visit www.symantec.com.
TechTarget
Booth:
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
Tenable
Booth: 301
Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.
Thycotic
Booth: GuidePoint Pavilion: 204
Thycotic empowers more than 10,000 organizations around the globe,
from small businesses to the Fortune 500, to protect privileged accounts. We make enterprise-level privilege management accessible for everyone by eliminating dependency on complex security tools and prioritizing productivity, flexibility and control. You’ll achieve more with Thycotic – even in your first 30 days -than with any other privilege security tool.
Trend Micro
Booth: 408
Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.
Varonis
Booth: GuidePoint Pavilion: 244
Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.
Venafi
Booth: GuidePoint Pavilion: 214
Venafi is the cybersecurity market leader in machine identity management, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, SSH, code signing, mobile and IoT. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise—on premises, mobile, virtual, cloud and IoT—at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.

With more than 30 patents, Venafi delivers innovative solutions for the world’s most demanding, security-conscious Global 5000 organizations and government agencies, including the top five U.S. health insurers; the top five U.S. airlines; the top four credit card issuers; three out of the top four accounting and consulting firms; four of the top five U.S. retailers; and the top four banks in each of the following countries: the U.S., the U.K., Australia and South Africa. Venafi is backed by top-tier investors, including TCV, Foundation Capital, Intel Capital, QuestMark Partners, Mercato Partners and NextEquity.

For more information, visit: www.venafi.com.
Zix Corp
Booth: GuidePoint Pavilion: 224
Zix Corporation is a security technology company that provides email encryption services, email data loss prevention (DLP) and mobile applications designed to address bring your own device (BYOD) corporate technology trend. Headquartered in Dallas, Texas, the company serves customers that include divisions of the U.S. Treasury, federal financial regulators, health insurance providers and hospitals, and financial companies. As of December 2011, the company has served over thirty Blue Cross Blue Shield organizations, 1,200 hospitals, 1,600 banks, credit unions and associations. Federal Financial Institutions Examination Council (FFIEC) regulators are also the customers of the company. CIPROMS has signed a three-year renewal for the company in 2014.

Return to Agenda

Keynote Speakers

Speakers

Pete Lindstrom, Instructor
Leader in Cybersecurity Strategy, Innovation, and Economics
http://spiresecurity.com/
Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.
Larry Wilson, CISSP, CISA, Instructor
Sr. Cybersecurity Consultant, Wilson Cyber
https://wilsoncyber.com/
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
Dan Lohrmann
CSO, Security Mentor; Former CISO, State of Michigan
https://www.securitymentor.com/
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker, and author. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington D.C. to Moscow. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. In 2017, Dan was awarded the cybersecurity breakthrough CISO of the year for global security products and services companies.

He led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO), and Chief Information Security Officer (CISO) roles in Michigan.

Dan currently serves as the CSO and Chief Strategist for Security Mentor, Inc., where he leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting, and workshops for end-users, managers, and executives in the public and private sectors. He has advised senior leaders at the White House, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses, and non-profit institutions.

Dan has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

He is the author of two books: "Virtual Integrity: Faithfully Navigating the Brave New Web" and "BYOD For You: The Guide to Bring Your Own Device to Work." He is the co-author of the upcoming (November 2021) Wiley book, "Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from the Inevitable."

Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.
Moderator: Joe Walsh
M.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University
https://www.desales.edu/
Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for 13 years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor's degree in Information Systems, a master's degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D. in Information Systems with a concentration in Cybersecurity.
Vince Fitzpatrick
Director of Information Security, ChristianaCare
https://christianacare.org/
Vince Fitzpatrick is a 20-year information security professional in the fields of healthcare and finance. Currently, he is the Director of Information Security at Christiana Care Health System (CCHS), one of the largest healthcare providers in the mid-Atlantic region, serving all of Delaware and parts of PA, MD, and NJ.
Bryan Bechard
CISO, Flagship Credit Acceptance
Bryan is a 20+ year InfoSec career professional currently serving as CISO for an auto finance company and teaching the next generation of InfoSec pros.
Robert Wilner
President, Delaware Valley Chapter, Cloud Security Alliance
https://www.csa-dv.org/
Rosemary Christian
DevSecOps Engineering Coach, Comcast
Rosemary Christian is Co-President for WiCyS Critical Infrastructure and a Board Member for WiCyS Delaware Valley. She has demonstrated passion, knowledge and proven ability to engage others in the emerging market needs for cybersecurity initiatives. She leverages her experience, communications skills and interpersonal savvy across all levels to facilitate multiple security control systems, encryption and authentication protocols. She has a deep understanding of the importance of protection and maintenance of information and data security protocols in collaborative team environments. At Comcast as a DevSecOps Transformation Coach she fosters continuous improvement and sustained adoption of Secure Development Lifecycle practices.
Charles Sgrillo
Professor of Cybersecurity, Drexel University
https://drexel.edu/cci/
Charles Sgrillo is an adjunct professor of cybersecurity at Drexel University, teaching on topics such as IT Auditing, Cybersecurity, Penetration Testing, and Computer Forensics. During his time as a principal consultant, Charles has worked with over 50 businesses to implement the NIST Cybersecurity Framework. Along with teaching at Drexel University, Charles is a Red Team Analyst for The Vanguard Group.
Joshua Marpet
Data Protection Advisory Council
Hazel Cerra
Assistant to the Special Agent in Charge, United States Secret Service
https://www.secretservice.gov/
Assistant to the Special Agent in Charge (ATSAIC) Hazel Cerra is a twenty-two year veteran with the United States Secret Service. ATSAIC Cerra was assigned to the Former President William Clinton Protective Detail in Chappaqua, NY, where she spent four years traveling around the world in support of the Clinton Global Initiative (CGI).

ATSAIC Cerra serves as a supervisor in the Philadelphia Field Office, Financial Crimes Squad, where she is responsible for leading a team of Special Agents in the latest trends in cyber fraud investigations.

She earned a Bachelor of Science in Criminal Justice from New Jersey City University and she has also earned her MBA in Finance from Johns Hopkins University.

Lastly, ATSAIC Cerra volunteers her time coaching a CyberPatriot team in the Civil Air Patrol, where she is also the Aerospace Education Officer.
Dave Snyder
Chief Information Security Leader, Independence Blue Cross
https://www.ibx.com/
Cheryl Carmel, Moderator
Owner, Carmel Consulting LLC
https://www.carmelconsultingllc.com/
Ms. Carmel is a member of (ISC)2 where she holds her CISSP, and IAPP where she holds her CIPT. She is a member of InfraGard and has been on the Advisory Council for SecureWorld for many years.

Ms. Carmel began her career in technology with experience in application development, infrastructure operations, technical support, and teaching. She pivoted to focus on security in 1999. Her most recent role was VP of Security, Privacy, and Compliance at OnSolve where she was responsible for maturing the program to enable successfully implement security controls to meet the rigors of FedRAMP, while maintaining the controls for ISO 27001, HIPAA, and privacy laws. Before that, she was the BISO at FIS (SunGard Financial Systems).
Bryan Orme
Principal & Partner, GuidePoint Security
https://www.guidepointsecurity.com/
Bryan Orme leads the Information Assurance consulting organization; which includes Application Security, Cloud Security, Governance, Risk, and Compliance Services, Threat and Attack Simulation, Incident Response and Forensics. Additionally, Bryan leads the internal IT and Information Security teams as well as the Project Management Office and Services Operations. Bryan also serves on the Board of Directors of deepwatch, a Managed Security Services Provider. Since 2001, his primary focus has been on designing and implementing comprehensive Information Security programs and assisting clients with building business-aligned Information Security programs to mitigate risks associated with today’s increasingly sophisticated array of threats. Bryan has extensive backgrounds in multiple disciplines within Information Security, including Security Program Strategy, Application Security, Penetration Testing, PCI DSS, Incident Response and Forensics, and Vendor Management. Prior to joining GuidePoint, Bryan was the Director of Information Security for Capital One. His accomplishments there included building and leading the Application Security, Vendor Management, and PCI DSS Programs. He is a frequent speaker at industry conferences including OWASP, SecureWorld, HP Protect, ISSA, ISACA, and HIMSS on a wide array of Information Security topics. Bryan also served as a member of multiple Special Interest Groups of the PCI Security Standards Council. He earned a Bachelor’s degree from James Madison University and a MBA from the Robert H. Smith School of Business at the University of Maryland. Bryan holds QSA, CISSP, and CISM certifications.
Axel Peters
Executive Sales Manager, baramundi Software USA Inc.
https://www.baramundi.com
Axel holds his degree in IT Management and has advised more than 300 small businesses and global enterprises in Europe and the U.S. on tools and strategies to keep technology infrastructure up-to-date, safe, and efficient. Now continuing that role at the baramundi U.S. headquarters in Framingham, MA, Axel is actively helping IT departments address today's practical and cost challenges in endpoint management.
Tim Miller
Lead Cybersecurity Consultant, Trend Micro
https://www.trendmicro.com/
Tim has over 10 years’ experience in Information Security and 33 years working with computer technology. He started his career with the Apple IIe in his first computer class, through achieving his master’s degree in Network Communications Management. Tim has been with Trend Micro for three years, and his experience in Information Security includes Endpoint Protection, CEH (Certified Ethical Hacker), risk assessments, Endpoint Detection and Response, IDS/IPS, malware prevention, and teaching others about threats.
Vana Khurana
Sr. Solutions Architect, Security Specialist, Cloud Security Alliance Delaware Valley
https://investor.vanguard.com/corporate-portal/
Vana Khurana is CISSP, AWS Certified Architect (A), CCSP, CCSK, GSEC, and TOGAF certified. Vana serves as Director of Training and a Board Member of Cloud Security Alliance Delaware Valley Chapter. She is also an Adjunct Faculty at Temple University, Philadelphia. Vana has authored the book "IT Process Management," available on Amazon.
Louise O’Donnell
Sr. Information Technology Manager, TD Ameritrade
Anahi Santiago
CISO, ChristianaCare Health System
https://christianacare.org
Anahi Santiago is the Chief Information Security Officer at ChristianaCare Health System, the largest healthcare provider in the state of Delaware. Prior to CCHS, she spent over 10 years as the Information Security and Privacy Officer at Einstein Healthcare Network. In her role as CISO, Anahi has overall responsibility for the organization's cybersecurity and assurance program. She leads a team of information security professionals in supporting CCHS's strategic initiatives by collaborating with clinical and business leaders, managing cybersecurity risks, implementing policies and controls, generating overall awareness, and fostering a culture of security and safety.
Gustavo Coronel
Sr. Cloud Security Architect, Check Point Software Technologies
https://www.checkpoint.com/
Gustavo (Gus) Coronel is a Senior Cloud Security Architect with Check Point Software Technologies and has been involved with network security for over 25 years. His first foray into network security was serving as the first Firewall Administrator at the US Department of Transportation in 1994. Intrusion Detection, Vulnerability Assessments, Protocol Analysis, Incidence Response, Forensics and Secure Network Design projects quickly followed. He joined Check Point’s Federal Group in 2009 and has been securing public cloud deployments full time since 2015.
Tariq Shaikh
IT Program Manager, Aetna
https://www.aetna.com/
Tariq Shaikh leads the Privileged Access Management practice for Aetna as part of their Global Security team. Tariq has more than 20 years of technology experience and is a certified project manager and information systems security professional. Tariq is an SME in the Privileged Access Management space and has spoken extensively about it at industry conferences. He also leads a security academy for Aetna that aims to educate participants about cyber security and protect and advance the profession.
Bernie McGuinness
IT Risk Lead, Campbell Soup Company
https://www.campbellsoupcompany.com/
Bernie is a cybersSecurity professional with over 20 years’ experience, both hands on and regulatory compliance of multiple complex systems within the Department of Defense and the commercial space. He provides in-depth knowledge on Third-Party Risk Management, Information Security, Assurance, Audit, and IT Operations, within industry. Holder of a CISSP, CRISC, and CTPRP.
Jordan Fischer, Instructor
Founding Partner & Owner, Fischer Law, LLC
https://www.jordanfischerlaw.com/
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.

Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.

With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).

Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.

Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.

In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.

Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.

Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.

HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020

ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data Privacy

CERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP)
Antona Dumas
Associate, XPAN Law Group
https://xpanlawgroup.com/
Antonia M. Dumas is an associate at XPAN Law Group, a certified Women’s Business Enterprise (“WBE”) and Women Owned Small Business (“WOSB”). At XPAN, Antonia works with clients to create proactive, streamlined, and global approaches to cybersecurity and data privacy. She performs audits, assessments and gap analysis of a client’s existing contractual and technological infrastructure. Domestically, she conducts cyber-regulatory compliance assessments, including HIPAA and state-specific regulations. She assists in the implementation of cyber best practices, including drafting cybersecurity policies and procedures. She also helps conduct international privacy compliance assessments under the European Union General Data Protection Regulation (“GDPR”). Antonia has experience in a variety of different sectors through which she has gained an insight into potential cybersecurity and data privacy vulnerabilities. Additionally, she contributes a unique global perspective from living, studying, and working abroad in Spain for several years.
Jim Menkevich
Sr. Sales Engineer, Netskope
https://www.netskope.com/
Jim Menkevich is an Information Security, Privacy, and Risk Management professional with 19+ years of experience. Through his career, he has led teams in Cybersecurity, Enterprise Architecture, Systems Integration, and Application Development. Jim specializes in applying methodologies, frameworks, and ideas outside of the intended domain, which generates new and fresh angles to address industry challenges. When he’s not working, Jim enjoys writing poetry, running, and spending time with his family. Jim served previously as the Director of Data Protection and Security Governance at Health Partners Plans in Philadelphia.
Larry Wilson, CISSP, CISA, Instructor
Sr. Cybersecurity Consultant, Wilson Cyber
https://wilsoncyber.com/
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
Dan Lohrmann
CSO, Security Mentor; Former CISO, State of Michigan
https://www.securitymentor.com/
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker, and author. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington D.C. to Moscow. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. In 2017, Dan was awarded the cybersecurity breakthrough CISO of the year for global security products and services companies.

He led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO), and Chief Information Security Officer (CISO) roles in Michigan.

Dan currently serves as the CSO and Chief Strategist for Security Mentor, Inc., where he leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting, and workshops for end-users, managers, and executives in the public and private sectors. He has advised senior leaders at the White House, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses, and non-profit institutions.

Dan has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

He is the author of two books: "Virtual Integrity: Faithfully Navigating the Brave New Web" and "BYOD For You: The Guide to Bring Your Own Device to Work." He is the co-author of the upcoming (November 2021) Wiley book, "Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from the Inevitable."

Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.
Moderator: Joe Walsh
M.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University
https://www.desales.edu/
Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for 13 years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor's degree in Information Systems, a master's degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D. in Information Systems with a concentration in Cybersecurity.
Happy Hour
Larry Wilson, CISSP, CISA, Instructor
Sr. Cybersecurity Consultant, Wilson Cyber
https://wilsoncyber.com/
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
Dan Lohrmann
CSO, Security Mentor; Former CISO, State of Michigan
https://www.securitymentor.com/
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker, and author. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington D.C. to Moscow. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. In 2017, Dan was awarded the cybersecurity breakthrough CISO of the year for global security products and services companies.

He led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO), and Chief Information Security Officer (CISO) roles in Michigan.

Dan currently serves as the CSO and Chief Strategist for Security Mentor, Inc., where he leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting, and workshops for end-users, managers, and executives in the public and private sectors. He has advised senior leaders at the White House, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses, and non-profit institutions.

Dan has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

He is the author of two books: "Virtual Integrity: Faithfully Navigating the Brave New Web" and "BYOD For You: The Guide to Bring Your Own Device to Work." He is the co-author of the upcoming (November 2021) Wiley book, "Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from the Inevitable."

Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.
Moderator: Joe Walsh
M.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University
https://www.desales.edu/
Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for 13 years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor's degree in Information Systems, a master's degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D. in Information Systems with a concentration in Cybersecurity.
Jordan Fischer, Instructor
Founding Partner & Owner, Fischer Law, LLC
https://www.jordanfischerlaw.com/
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.

Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.

With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).

Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.

Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.

In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.

Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.

Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.

HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020

ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data Privacy

CERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP)
John Grim
Head of Research, Development, Innovation, Verizon Threat Research Advisory Center
https://enterprise.verizon.com/resources/reports/verizon-threat-research-advisory-center/
John has over 17 years of experience investigating, and leading teams investigating, data breaches and cybersecurity incidents within the government and civilian security sectors. Currently, John heads the Verizon Threat Research Advisory Center (VTRAC) research, development, and innovation effort. In this role, he focuses on researching cybersecurity incidents, performing digital forensic examinations, advising on data breach containment and eradication efforts, and creating data breach response preparedness training and breach simulation exercises for customers worldwide. Prior to joining Verizon, John served 12 years with the U.S. Army investigating security-related incidents with eight years specifically focused on network intrusion investigations and forensic examinations.
Ken Pyle
Partner, Information Security, DFDR Consulting
http://dfdrconsulting.com/
Ken Pyle is a partner of DFDR Consulting specializing in Information Security, Computer Forensics, Enterprise Virtualization, and Network Engineering. Ken has an extensive background in Network Penetration and Remediation, Compliance, and exploit development. Ken has published exploit research and vulnerabilities for a large number of companies, including Dell, Cisco, Sonicwall, Sage Software, and DATTO. Ken’s academic work includes social engineering research, election interference,, application of sociology and psychological factors to phishing campaigns, and technical work on next generation attacks.
Dawn-Marie Hutchinson
CISO, Pharmaceuticals and R&D, GSK (GlaxoSmithKline)
https://www.gsk.com/
Dawn-Marie Hutchinson brings more than 15 years of enterprise information technology experience to her role as CISO of GSK. She is an innovative business partner with extensive experience serving on Enterprise Risk Management teams. Hutchinson is an expert in providing data privacy and security solutions to manage information risk, improve IT governance and strengthen internal controls. Hutchinson’s extensive experience in information security and privacy program development has served the healthcare, insurance, retail and higher education sectors.

While serving on the HITRUST working group for Data De-Identification, Hutchinson established standards and controls for the anonymization of patient level data and is credited with authoring the white paper for defining those levels, as well as use cases for the secondary uses of medical data. Additionally, she served on the HITRUST Privacy working group tasked with revising the HITRUST Common Security Framework to include additional privacy controls and the inclusion of NIST application recommendations.

Prior to joining GSK, Hutchinson was the CSO at Comm Solutions and also led the information security program at Urban Outfitters, based in Philadelphia. Her tenure in IT also includes work at Walt Disney World, Co., Banknorth Group, Inc., Independence Blue Cross, Protiviti, and Optiv.

Hutchinson currently sits on the Cyber Security Canon Committee, was the recipient of the CRM Women’s Power 50 award and hold accreditations that include Certified Information Security Manager (CISM), Certified in Risk and Information System Controls (CRISC), Certified Information Systems Auditor (CISA) and former Payment Card Industry Qualified Security Assessor (QSA). She is also a 2013 Master’s of Business Administration graduate of the Saint Joseph’s University Haub School of Business.
Robert McKosky
Asst. Professor, Drexel University
Dr. Robert McKosky served as the Director of Information Security at MBNA America and was the Technical Program Director for the Network Infrastructure Laboratory at GTE. He has organized and participated in various simulated attacks (Tiger Teams) to identify weaknesses in security systems. Mac has consulted to the CTIA, NSA, Secret Service, FBI, CIA, Scotland Yard, the Royal Canadian Mounted Police, and various state and local law enforcement organizations. Mac is a Certified Secure Software Lifecycle Professional (CSSLP) and a Certified Information System Security Professional (CISSP) and was one of the authors of the original certification exam.
Bryan Inagaki
Sr. Director, Cybersecurity Risk Management & Solutions, Thermo Fisher Scientific
https://www.thermofisher.com/
Bryan's path to information security was anything but direct, and he took a few detours in the worlds of small business, federal law enforcement and financial services before finding himself fully entrenched in the industry. As a physical security professional first and an information security professional second, Bryan enjoys the challenge of mixing the real with the intangible and taking lessons learned from time spent in critical threat areas to make his teams more effective and efficient.
Joan Antokol
Partner, Park Legal LLC
Joan has experience as an in-house global privacy officer for a Fortune 500 company, and also served as a Partner and chair of the data privacy practice for a large international law firm. Since 2010, she has operated her own law firm, Park Legal, LLC, with offices in New Jersey and Indianapolis. Since 2003, Joan has been invited to be a member of the International Working Group on Data Protection in Technology (IWGDPT), which is an international group of data protection regulators chaired by the Berlin Data Protection Commissioner. Joan has also presented multiple times at the International Data Protection Commissioners' Conferences and has written a number of articles on data protection and security topics.
Matt Wilson
Chief Information Security Advisor, BTB Security
https://www.btbsecurity.com/
Matt Wilson is the Chief Information Security Advisor for BTB, based in southeastern Pennsylvania. Matt has spent his entire career in IT and has over 14 years of experience within Information Security. Throughout his career, Matt has fostered the development of assessment methodologies, toolsets, and techniques for the delivery of security assessments, penetration testing, application assessments, compliance assessments, security awareness trainings, and policy review and development. More recently, Matt has been actively engaged in the continued maturation of BTB’s CISO Advisory Practice and RADAR Managed Detection & Response service.
Eric Bucher
Solutions Architect, Cequence Security
https://www.cequence.ai/
Eric Bucher has over 15 years of experience in the security industry with a technical concentration in financial fraud, advanced persistent threats, forensics, exfiltration, DLP, and overall attack surfaces.
Roger Vann
Information Security Leader, JANUS Associates, Inc.
https://janusassociates.com/
Pete Lindstrom, Instructor
Leader in Cybersecurity Strategy, Innovation, and Economics
http://spiresecurity.com/
Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.
Charles Sgrillo
Professor of Cybersecurity, Drexel University
https://drexel.edu/cci/
Charles Sgrillo is an adjunct professor of cybersecurity at Drexel University, teaching on topics such as IT Auditing, Cybersecurity, Penetration Testing, and Computer Forensics. During his time as a principal consultant, Charles has worked with over 50 businesses to implement the NIST Cybersecurity Framework. Along with teaching at Drexel University, Charles is a Red Team Analyst for The Vanguard Group.
Katie Creaser
SVP and Cybersecurity Practice Lead, Affect
https://www.affect.com/
Katie is a Sr. Vice President, Cybersecurity Lead at Affect, where she provides counsel to clients that are looking to bring PR and social media into their communications program as part of a thoughtful, holistic strategy. Katie is passionate about helping brands of all shapes and sizes find unique and creative ways to tell their story. She works closely with Affect’s technology and healthcare clients to ensure that their value resonates with customers by creating compelling content for every medium.

Katie has managed public relations campaigns across a diverse range of industries including mobile device management, network and data security, application delivery, enterprise software and IT infrastructure. Katie also spearheads Affect’s social media practice – and has developed social media campaigns for Omni Hotels & Resorts, Caron Treatment Centers and Regus. She has managed programs that have earned accolades from PRSA, the SABRE awards and BtoB Magazine.

Prior to joining Affect, Katie served as assistant program manager for the Capital Roundtable, an event production company for the private equity, investment banking, venture capital, legal, hedge fund and professional advisory communities in New York City. She started her career at KPR, a pharmaceutical advertising agency and part of the Omnicom network – where she supported the Janssen Pharmaceuticals, Forest Laboratories and Merck accounts. Katie holds a BA in Public Relations from Marist College.
Jay Robinson
Director of Cyber Operations, BlackRock
https://www.blackrock.com/
BlackRock's Cyber Operations team manages the global 24x7 operations center responsible for cyber monitoring, incident response, cyber intelligence, cyber forensics, and vulnerability management.