googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, April 10, 2019
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    Advisory Council Breakfast Roundtable – (VIP / INVITE ONLY)
    • session level icon
    speaker photo
    Leader in Cybersecurity Strategy, Innovation, and Economics
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: Keystone

    This session is for Advisory Council members only.

    8:00 am
    [SecureWorld PLUS] Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Hemlock

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 1 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CSO, Security Mentor; Former CISO, State of Michigan
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Harrisburg

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    8:00 am
    SecureWorld PLUS Part 1 - Getting Started with Digital Forensics
    • session level icon
    Earn 16 CPEs in this in-depth 3-part course
    speaker photo
    M.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Liberty
    Attendees will learn how to properly seize and analyze electronic evidence. The course will cover protecting the integrity of digital evidence, maintaining the chain of custody, creating forensic images, analyzing evidence, and reporting relevant findings. Students will have the opportunity to participate in practical exercises to gain hands-on experience with handling electronic evidence and using digital forensics tools. Attendees will be provided with resources that they can use when handling incidents that involve electronic evidence.
    8:30 am
    Cyber Risk With a Smile
    • session level icon
    speaker photo
    Director of Information Security, ChristianaCare
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Mt. Davis

    Christiana Care Health System (CCHS) is one of the largest health care providers in the mid-Atlantic region, serving all of Delaware and parts of PA, MD and NJ. This presentation will provide an overview regarding how CCHS implements a successful cyber risk program.

    8:30 am
    Social Engineering Your Way to More Security Budget
    • session level icon
    speaker photo
    CISO, Flagship Credit Acceptance
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Conestoga

    Information security has always taken attacker technologies and re-purposed them to use as security tools. We can learn from what attackers have been able to do with psychology and use it to further security within our organizations.

    8:30 am
    Panel: Get Connected, Re-Connect, and Stay Connected
    • session level icon
    speaker photo
    President, Delaware Valley Chapter, Cloud Security Alliance
    speaker photo
    DevSecOps Engineering Coach, Comcast
    speaker photo
    Professor of Cybersecurity, Drexel University
    speaker photo
    Data Protection Advisory Council
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Buchanan

    Enjoy the refreshments while having a discussion with Rob Wilner of Cloud Security Alliance – Delaware Valley Chapter, Rosemary Christian of Philadelphia Women and Cyber Security, Charles Sgrillo of Security Shell, and Joshua Marpet of Data Protection Advisory Council about what each of their respective organizations have done for you lately. At the same time, they would like to learn about new ideas and improvements from you, their constituents! Other members of each organization will will also be present to answer questions and connect with as well.

    9:30 am
    OPENING KEYNOTE: The U.S. Secret Service Response to the Cyber Threat
    • session level icon
    speaker photo
    Assistant to the Special Agent in Charge, United States Secret Service
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    Learn how the United States Secret Service responds to the emerging cyber threat—from romance schemes, network intrusions, financial fraud, and much more. We will examine scenarios when you should call law enforcement and understand how we will respond.
    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable (VIP / Invite Only)
    • session level icon
    speaker photo
    Chief Information Security Leader, Independence Blue Cross
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Keystone

    This session is for Advisory Council Members only.

    11:15 am
    A Security Professional's Experience as a Juror in the Bill Cosby Trial
    • session level icon
    speaker photo
    Owner, Carmel Consulting LLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Keynote Theater

    Physical security is a critical element of any trial. From their selection through their return home, the personal safety of jurors is a top consideration. The stakes grow even higher in a high-profile case with a sequestered jury whose verdict stays in the spotlight far longer than your average trial.

    This session is a personal account from the foreperson in the trial against Bill Cosby, a trial that was watched around the world and commanded intense media attention. Cheryl Carmel, who also happens to have years of experience in the security industry, will discuss her experience serving on the jury and its effect on her sense of security and privacy. As a Vice President of Security, Cheryl has studied and experienced security as both a provider and receiver. Join her for her unique perspective on both sides of the issue.

    11:15 am
    [GuidePoint Security] Principles of an Effective Cloud Security Strategy
    • session level icon
    speaker photo
    Principal & Partner, GuidePoint Security
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Hemlock

    With public cloud continuing to rapidly expand through the release of new services, deployment models, and architectures information security organizations continue to find themselves looking for effective cloud security controls. GuidePoint’s Cloud Security Practice Director will describe how organizations have identified cloud security controls, designed frameworks and maturity models, and have implemented effective strategies based on real world experience and leadership.

    11:15 am
    [baramundi] Innovative Endpoint Management
    • session level icon
    A Holistic Approach to Vulnerability Management, Patching, OS-Upgrades and Software Distribution
    speaker photo
    Executive Sales Manager, baramundi Software USA Inc.
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Quaker

    Zero Day Vulnerability, Windows Feature Updates, Office 365 Migration: Are any of these topics causing you to lose sleep? This seminar will show you how you can automate OS-migrations, software deployment projects, and patch management all from one easy to use Endpoint Management Suite.

    11:15 am
    [Trend Micro] EDR, MDR, and Mitre Att&ck, Oh My!
    • session level icon
    speaker photo
    Lead Cybersecurity Consultant, Trend Micro
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Conestoga

    Today’s advanced threats are designed to bypass traditional cybersecurity defenses and compromise sensitive corporate data. Technologies such as EDR, MDR paired with the Mitre Atta&ck knowledge base allow, organizations to go beyond traditional anti-malware testing and never fall a step behind evolving threat actors. Join us for a high-level beginner talk that will be hosted by Tim Miller, Sales Engineer at Trend Micro.

    11:15 am
    It Is Cloudy Out There!
    • session level icon
    speaker photo
    Sr. Solutions Architect, Security Specialist, Cloud Security Alliance Delaware Valley
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Mt. Davis

    Has your organization already moved to public cloud, or considering it? If so, you need to attend this talk to understand how it’s different than on-prem security. You need to know what assets, users, and data you have in the cloud. You also need to pay attention to what controls are missing in the cloud. This presentation will walk though some of the issues and tips for cloud security.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    speaker photo
    Sr. Information Technology Manager, TD Ameritrade
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Keystone

    This session is for Advisory Council Members only.

    12:15 pm
    LUNCH KEYNOTE — Securing the Human: Threat Landscape in the Healthcare Industry
    • session level icon
    speaker photo
    CISO, ChristianaCare Health System
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    This presentation will provide an overview of the current threat landscape in the industry and:

    • Identify motivators for targeting the industry
    • The role of consumerism and the shift in risk
    • Why information security is not a technology issue but a patient safety issue
    • The challenges in securing the human versus securing the data center

     

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
    Panelists:
    Scott Register, Ixia
    John McClurg Cylance
    Mike Rogers Symantec
    Tim Miller, Trend Micro
    Moderator: Dan Reither

    1:15 pm
    Panel: Cloudy With a Chance of Breach
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Buchanan

    Everything old is new again. Migrating to the cloud certainly is not a new thing. It is for some smaller companies that are just now able to afford making the move to the cloud. Cloud boasts a secure, disaster proof option for companies to store their data offsite with access to that data from practically anywhere. So, who’s fault is it when the data is compromised? What if your information is stolen from the cloud because another user’s data was at fault? At the end of the day, isn’t the cloud just someone else’s computer? Join this panel discussion as they guide you through the pros and cons in migrating to the cloud.
    Panelists:
    John DiLullo,Lastline
    Gus Coronel,Check Point
    Pete Molett, AccessIT Group
    Dwayne Wenger, Big Switch
    Mike Piscopo,Delta Risk
    Moderator: Anahi Santiago

    1:15 pm
    [Check Point] A Security Blueprint for Public Cloud
    • session level icon
    speaker photo
    Sr. Cloud Security Architect, Check Point Software Technologies
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Conestoga
    Cloud has a surprising number of attack vectors. This presentation will provide practical examples for identifying and securing public cloud deployments in order to maximize protection and reduce overall labor and cost.

     

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Implementing a Successful Privileged Access Management Program - Lessons Learned
    • session level icon
    speaker photo
    IT Program Manager, Aetna
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Mt. Davis

    Exploitation of privileged access is the #1 root cause of most large scale breaches in the recent past. Organizations are at risk of exploitation as there are typically limited controls (tools, processes) to manage privileged access and little to no comprehensive view of these controls. A well-run Privileged Access management program can considerably mitigate the intentional/unintentional misuse of privileged access at all levels in the IT Stack (Host, Database, Network, Applications). This session will provide pointers on how to run a successful multi-year Privileged Access Management Program.

    3:00 pm
    Third-Party Vendor Risk Management, Lessons Learned, and Best Practices
    • session level icon
    speaker photo
    IT Risk Lead, Campbell Soup Company
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Conestoga

    Modern business today relies on third parties to reduce overhead and cost. This can include the transfer of critical data which sometimes include “Crown Jewels.” How businesses evaluates these vendors should be built into the procurement process, but also take in to account how the vendor responds to these requests—and not just from you, but from every other company they are hosting, processing, and transferring data for.

    Learn how you can streamline the process and create value for both your company and your vendor(s).

    3:00 pm
    A Survey of U.S. Domestic Security and Privacy Laws: The Evolving Landscape
    • session level icon
    speaker photo
    Founding Partner & Owner, Fischer Law, LLC
    speaker photo
    Associate, XPAN Law Group
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Buchanan

    A Survey of U.S. Domestic Security and Privacy Laws: The Evolving Landscape. The US legal framework for cybersecurity and data privacy continues to evolve, trying to stay abreast of the ever evolving and changing technologies. In the past year, State and Federal regulatory changes have altered the legal and compliance oblgiations of many companies across a variety of industries. Additionally, the courts are starting to adopt opinions that are placed more liability on companies for the protection of sensitive personal data. This presentation will provide an overview of key regulatory and legal changes both at the State and Federal level and discuss how companies should prepare to meet these evolving obligations.

    3:00 pm
    I.A.M. What I Am: Building a Strong Identity and Access Management Program
    • session level icon
    speaker photo
    Sr. Sales Engineer, Netskope
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Quaker

    Identity and Access Management has risen from a necessary evil to the “new perimeter” as applications migrate to the cloud. Having the right people aligned to your business processes with sound technology will propel your IAM program from the back office to business enabling function. This presentation will guide you on how to mature your existing identity and access management program, pitfalls to avoid, and tips to get your stakeholders on board.

    3:00 pm
    [SecureWorld PLUS] Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Hemlock

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:00 pm
    SecureWorld PLUS Part 2 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CSO, Security Mentor; Former CISO, State of Michigan
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Harrisburg

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    3:00 pm
    SecureWorld PLUS Part 2 - Getting Started with Digital Forensics
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    M.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Liberty
    Attendees will learn how to properly seize and analyze electronic evidence. The course will cover protecting the integrity of digital evidence, maintaining the chain of custody, creating forensic images, analyzing evidence, and reporting relevant findings. Students will have the opportunity to participate in practical exercises to gain hands-on experience with handling electronic evidence and using digital forensics tools. Attendees will be provided with resources that they can use when handling incidents that involve electronic evidence.
    4:00 pm
    GuidePoint Reception
    • session level icon
    Join us for complimentary drinks and appetizers inside the venue
    Registration Level:
    • session level iconOpen Sessions
    4:00 pm - 6:00 pm
    Location / Room: Valley Tavern Inn, Radisson Hotel in Valley Forge

    Join GuidePoint and partners for a social hour after Day 1. Come discuss the day’s events, network with security peers, and enjoy beverages and
    hors d’oeuvres. Compliments of GuidePoint and partners.
    Register Now

    Valley Tavern Inn, Radisson Hotel
    (Inside the venue)
    March 18th  • 4 – 7 p.m.
  • Thursday, April 11, 2019
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    [SecureWorld PLUS] Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Hemlock

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 3 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CSO, Security Mentor; Former CISO, State of Michigan
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Harrisburg

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    8:00 am
    SecureWorld PLUS Part 3 - Getting Started with Digital Forensics
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    M.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Liberty

    Attendees will learn how to properly seize and analyze electronic evidence. The course will cover protecting the integrity of digital evidence, maintaining the chain of custody, creating forensic images, analyzing evidence, and reporting relevant findings. Students will have the opportunity to participate in practical exercises to gain hands-on experience with handling electronic evidence and using digital forensics tools. Attendees will be provided with resources that they can use when handling incidents that involve electronic evidence.

    8:30 am
    Blockchain and Data Protection Laws: Can They Co-Exist?
    • session level icon
    speaker photo
    Founding Partner & Owner, Fischer Law, LLC
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Mt. Davis
    Blockchain and Data Protection Laws: Can they Co-Exist? With the increasing emphasis on data privacy, and the adoption of data protection regulations, Blockchain faces hurtles in complying with these regulatory obligations while allowing for the continued evolution of the technology. This presentation will discuss the ways in which Blockchain needs to take into account core privacy principles, and discuss the practical implications of various data protection regulations, including the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other regulatory requirements.
    8:30 am
    Insider Threat Report: Out of Sight Should Never Be out of Mind
    • session level icon
    speaker photo
    Head of Research, Development, Innovation, Verizon Threat Research Advisory Center
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Conestoga
    Within the panoply of cybersecurity incidents, insider threat activities are an exceptional challenge. These threat actors enjoy trust, privilege, and access. Add a detrimental motivation and disaster ensues. This presentation covers the Verizon “Insider Threat Report,” a compilation of data breach data, scenario, and experience-driven insights into recognizing, mitigating, and investigating insider threat activities.

     

    8:30 am
    Practical Threat Hunting Techniques: Proactive Security Analysis
    • session level icon
    speaker photo
    Partner, Information Security, DFDR Consulting
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Buchanan

    Threat hunting and projecting risk is a frequent issue for administrators and security teams. Many weaknesses and vulnerabilities can’t be found with scanner or software platform. This gap is where malicious actors live.

    By leveraging open-source tools, common techniques, and technical knowledge, modern organizations can assess their technical exposures and take proactive measures to prevent attacks. From understanding how malicious parties target organizations and find weaknesses to discovering the next phishing attack before it happens by culling DNS / Registrar records, this session will show practical application of malicious tools and attacks with a technical focus.

    9:30 am
    OPENING KEYNOTE: The Alphabet Soup DRIVING Good Data Governance
    • session level icon
    speaker photo
    CISO, Pharmaceuticals and R&D, GSK (GlaxoSmithKline)
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    The future of privacy is isn’t in regulations it is in good data hygiene. Privacy by design is slated to be replaced by “Ethics by design” building upfront and transparent uses of data into products requires strong data governance. As more and more companies move toward digital transformation how will your data strategy play into the success or failure of those plans. Are you ready for next gen data governance?

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable (VIP / Invite Only)
    • session level icon
    speaker photo
    Asst. Professor, Drexel University
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Keystone

    This session is for Advisory Council Members only.

    11:15 am
    Business and the Beast
    • session level icon
    speaker photo
    Sr. Director, Cybersecurity Risk Management & Solutions, Thermo Fisher Scientific
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Buchanan
    Technology has created not just new jobs requiring new skills – it has fundamentally changed the way we work on a daily basis. However, for every company pushing the boundaries of technology, there are many more holding on to the traditional views of what a business should be and how it should operate. Cybersecurity teams are not insulated from these changes, and our industry is subject to entrenched and outdated modes of operation as many others. This talk is about the beasts – the myriad of changes and advancements occurring across business that are challenging the fundamental ways businesses have been operating for generations.
    11:15 am
    EU GDPR: Enforcement Landscape, Key Security Risks, and Recommendations
    • session level icon
    speaker photo
    Partner, Park Legal LLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Conestoga
    The GDPR has been in effect since May 25, 2018. Hear from a presenter who sits on a team with the EU and other data protection regulators about the number of complaints and security breach reports that various EU member states have received since the GDPR took effect, as well as enforcement under that regulation. The presenter will also discuss key triggers for enforcement, particularly in relation to IT security, and will provide recommendations to help organizations successfully address the complex GDPR and member state requirements for IT security.
    11:15 am
    [BTB Security] You're Doing It Wrong: Get More Out of Your Penetration Test
    • session level icon
    speaker photo
    Chief Information Security Advisor, BTB Security
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Quaker

    PenTests, Red/Purple Teaming, Threat Hunting, and whatever we come up with next can all be valuable tools for identifying risks. However, they’re often misunderstood and misused, and some vendors and service providers intentionally make it worse. Why talk about technical security testing in 2019? Don’t standards exist? Yes, but by understanding where common approaches fail, you’ll get more out of your next engagement and your security partners.

    11:15 am
    [Cequence Security] The New #1 Cyber Threat: The Relentless Evolution of Bots and the Arms Race in AI to Detect and Defend
    • session level icon
    speaker photo
    Solutions Architect, Cequence Security
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Mt. Davis
    This presentation will focus on the current state of Bot automation and the different attack modalities currently conducted through machine automation. Attacker tools, infrastructure, and compromised credentials will be examined as to how they were used in a real-world example of such an attack on a major retailer. From detection to mitigation, we will explore the use of Machine Learning algorithms and Artificial Intelligence as valuable countermeasures against this ever-evolving threat.
    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    speaker photo
    Information Security Leader, JANUS Associates, Inc.
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Keystone

    This session is for Advisory Council Members only.

    12:15 pm
    LUNCH KEYNOTE: The 7 Cybersecurity Habits of Digital Disruptors
    • session level icon
    speaker photo
    Leader in Cybersecurity Strategy, Innovation, and Economics
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    Cybersecurity in the age of digital transformation is a balancing act – too much security risks heavy overhead and impedance of new initiatives, but too little security risks catastrophic breach. Mature transformers – digital disruptors – have cracked the code for cybersecurity and demonstrate 7 habits that help them protect their digital transformation initiatives.
    1:15 pm
    Panel: Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
    Panelists:
    Ron Schlect, BTB Security
    Eric Bucher, Cequence
    Matthew Cilento, Securonix
    Hassanain Kapadia, Palo Alto Networks
    John Maloney, AccessIT Group
    Moderator: Frank Piscitello

    1:15 pm
    Panel: Access Control – The End of the Password?
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Buchanan

    “Open Sesame!” Whether you recognize the term coming from Ali Baba or one of the forty thieves, this timeless password ranks up there with “password123” or “admin” on your home wireless router. Passwords were created to keep us safe or keep something safe for us. Back in the day you were able to look the person in the eye when they said the password. You knew (roughly) what you were getting, and you could perform a risk assessment (of sorts) on the speaker. Now, with some many ways at getting our information, the password is going the way of the dodo.  Is 2FA good enough? Zero Trust? Pass phrases? Perhaps your own voice is the password? I don’t know the answer, but I’d be willing to bet that some of the experts on this panel will be able to help you decide what to do with the password dilemma.
    Panelists:
    Joeseph Walsh, DeSales
    George Makin, Federal Reserve
    Nancy Hunter
    George Makin
    Moderator: Bob McCosky

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    An Introduction to IoT Penetration Testing
    • session level icon
    speaker photo
    Professor of Cybersecurity, Drexel University
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Conestoga

    IoT devices are one of the biggest challenges for security professionals now and will continue to be in the future. The secure engineering and implementation of these devices is critical as more insecure devices come to market. As technology professionals we need to have an idea how these devices effect our organization. In this talk we will explore the basic principles of IoT PenTesting, what is in an effective toolset, reverse engineering, and analyzing popular IoT protocols with software defined radios.

    3:00 pm
    Managing a Hack: Orchestrating Incident Response to Preserve Brand Reputation
    • session level icon
    speaker photo
    SVP and Cybersecurity Practice Lead, Affect
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Buchanan
    A cyber attack can be devastating – resulting in the loss of revenue, interrupted business continuity and significant damages to brand reputation and corporate morale. Incident response is no longer relegated to IT and must involve executives across the entire organization – from the board, to the marketing department, to technical teams.

    This session will address the critical tactics involved in communicating a cybersecurity incident to the public – focusing on the orchestration of technical, legal and communications executives. This session will be an interactive discussion on the corporate communications challenges that executives face in the wake of a breach.

    3:00 pm
    Insider Threat Detection and Response
    • session level icon
    speaker photo
    Director of Cyber Operations, BlackRock
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Mt. Davis

    From cybercriminal recruiting for insiders on the Dark Web to nation-state operatives, insider threats are an increasing risk facing many firms today.
    We will discuss the latest technologies and techniques that can be used to detect various types of insiders as well as what to do once you actually find them.

Exhibitors
  • AccessIT Group: Partner Pavilion Sponsor
    Booth: 126

    AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.

    AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.

  • AppViewX
    Booth: 504

    AppViewX is the most advanced certificate and key lifecycle automation platform. With their certificate lifecycle automation and management platform, CERT+, your enterprise can protect itself from cyber-attacks that can happen easily due to misused keys or expiring certificates. AppViewX CERT+ provides automated discovery, enrollment, monitoring, validation, expiry notification, renewal, provisioning, remediation, reporting and revocation of SSL/TLS certificates across networks including app servers, web servers, ADCs, proxies, firewalls, client and mobile devices. CERT+ helps enterprise IT manage and automate the entire lifecycle of their internal and external PKI.

  • ASIS
    Booth: TBD

    ASIS International is the world’s largest membership association for security professionals. With hundreds of chapters across the globe, ASIS is recognized as the premier source for learning, networking, standards, and research. ASIS ensures its members and the security community have access to the intelligence and resources necessary to protect their people, property, and information assets. www.asisonline.org

  • AttackIQ
    Booth: GuidePoint Pavilion: 240

    AttackIQ, the leading independent vendor of breach and attack simulation solutions, built the industry’s first Security Optimization Platform for continuous security control validation and improving security program effectiveness and efficiency. AttackIQ is trusted by leading organizations worldwide to identify security improvements and verify that cyberdefenses work as expected, aligned with the MITRE ATT&CK framework. The Company is committed to giving back to the cybersecurity community through its free AttackIQ Academy, open Preactive Security Exchange, and partnership with MITRE Engenuity’s Center for Threat Informed Defense.

  • Avanan
    Booth: GuidePoint Pavilion: 216

    Avanan: Email Security—Reinvented.

    Avanan catches the advanced phishing attacks that evade default and advanced security. The invisible, multi-layered solution enables full-suite protection for cloud collaboration software such as Office 365™, G-Suite™, and Slack™. Deploying in one click via API, the platform prevents Business Email Compromise and blocks phishing, malware, data leakage, account takeover, and shadow IT across the enterprise. Avanan replaces the need for legacy solutions like Secure Email Gateways and Cloud Access Security Brokers with a patented solution that goes far beyond any other Cloud Email Security Supplement.

  • baramundi software USA, Inc.
    Booth: 402

    baramundi Software provides companies and organizations with efficient, secure, and cross-platform management of workstation environments.

    The baramundi Management Suite (bMS) combines all important features for Endpoint Management: Patch Management, Software Deployment, OS-Installation, Enterprise Mobility Management, Vulnerability Assessment, and more. bMS optimizes IT management processes by automating routine tasks and providing an extensive overview of the status of the network and endpoints. In doing so, it relieves pressure on IT administrators and ensures that users always have the necessary rights and applications on all platforms and form factors; whether on PCs, servers, notebooks, mobile devices or Macs.

    Over 3,000 customers around the world benefit from nearly two decades of experience and the easy-to-use software solution.

  • Big Switch Networks
    Booth: 102

    Big Switch Networks is the next-gen networking company. Big Monitoring Fabric is an NPB that enables pervasive visibility and security across all workloads: physical, VM , container or cloud. Big Mon Inline enables pervasive security in the DMZ while offering lower-cost and SDN-centric operational simplicity. Tech partnerships include: A10, Palo Alto Networks, Symantec, FireEye, ExtraHop, Riverbed.

  • Bitglass
    Booth: GuidePoint Pavilion: 212

    Your company’s move to the cloud delivers flexibility and cost savings, but that doesn’t mean you should lose control of your data. Bitglass’ Cloud Access Security Broker (CASB) solution enables your enterprise to adopt cloud apps while ensuring data security and regulatory compliance. Bitglass secures your data in the cloud, at access, on any device.

    Bitglass was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.

  • BitSight
    Booth: GuidePoint Pavilion: 242

    BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog, or follow @BitSight on X.

  • BlackBerry Cybersecurity
    Booth: 100

    BlackBerry Cybersecurity is a leader in endpoint security, endpoint management, encryption, and embedded systems, protecting enterprises and governments around the world. Our end-to-end approach is deeply rooted in Cylance® AI and machine learning, providing continuous preventative protection, detection, and instant response. We extend protection for your organization against current and future cyberthreats by combining network and endpoint telemetry and by delivering innovative solutions in the areas of cybersecurity, safety, and data privacy.

  • Bromium
    Booth: 600

    Bromium uses virtualization-based security to protect our customers. Our patented hardware-enforced containerization delivers application isolation and control stopping malware in its tracks. Unlike traditional security, Bromium automatically isolates threats and adapts to new attacks using behavioral analysis and instantly shares threat intelligence to eliminate the impact of malware.

  • BTB Security
    Booth: 406

    Merging new technologies with business goals doesn’t have to equal lapses in security. BTB works with our clients to determine their corporate objectives—and keeps the organization secure.

    Our full suite of services detect, defend and defeat security breaches across the enterprise. And with the dedicated research support of RIOT Labs, we uncover truly-actionable intelligence and innovative offensive tactics that strengthen our services and propel our industry forward.

  • Carbon Black
    Booth: 104

    Carbon Black is Transforming Security Through Big Data and Analytics in the Cloud Growing trends in mobility and cloud have made the endpoint the new perimeter. New and emerging attacks are beating traditional defenses, and security teams are too reactive and held back by their technologies. Carbon Black is leveraging the power of big data and analytics to solve the challenges surrounding endpoint security. With the Cb Predictive Security Cloud platform, we are transforming cybersecurity to deliver a new generation of cloud-delivered security solutions designed to protect against the most advanced threats.

     

  • Cequence
    Booth: 403

    Cequence Security delivers automated software solutions to protect the web, mobile, and API application services that hyper-connected organizations rely on to support business processes and customer engagements. Recognized as a 2018 Gartner Cool Vendor, we strengthen the security posture of our customers and improve the productivity and efficiency of their IT staff.

  • Check Point Software Technologies
    Booth: AccessIT Pavilion: 120

    Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • Cloud Security Alliance (CSA)
    Booth: TBD

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Cobalt
    Booth: 602

    Cobalt’s Pentest as a Service (PtaaS) platform is modernizing traditional pentesting. By combining a SaaS platform with an exclusive community of testers, we deliver the real-time insights you need to remediate risk quickly and innovate securely.

  • Cofense
    Booth: GuidePoint Pavilion: 234

    Cofense® provides the world’s most effective email threat detection and remediation solutions. Cofense PhishMe® and the Cofense Phishing Detection and Response Platform (PDR), are powered by over 35 million Cofense-trained employees who report phishing and other dangerous email threats in real time. Exclusive to Cofense, our network detects and eradicates threats other email security systems miss and removes them from our customer inboxes. For more information, visit www.cofense.com or connect with Cofense on X and LinkedIn.

  • Comodo Cybersecurity
    Booth: 200

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • CRANIUM
    Booth: 606

    CRANIUM is specialized in privacy and security solutions and services. CRANIUM builds bridges between IT, legal and business and provides profound end-to-end solutions on both tactical and operational levels. CRANIUM supports and familiarizes your organization with the compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and other national and international data protection regulations. We also offer protection against cyber-attacks and possible data breaches. CRANIUM also acts as a Legal (GDPR) representative for non-EU based companies (Art. 27 of the GDPR) and we have an in-house training academy, CRANIUM Campus, accredited by IAPP.

  • CrowdStrike
    Booth: GuidePoint Pavilion: 230

    CrowdStrike sets the standard for cybersecurity in the cloud era. The CrowdStrike Falcon® platform protects and enables the people, processes, and technologies that drive modern enterprise, delivering superior protection, better performance, reduced complexity, and immediate time-to-value. CrowdStrike secures the most critical areas of enterprise risk—endpoints and cloud workloads, identity, and data—to keep organizations ahead of today’s adversaries and stop breaches.

  • Booth: AccessIT Pavilion: 108
  • Darktrace
    Booth: 512

    Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.

    The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.

  • Delta Risk
    Booth: 302

    Delta Risk is breaking the mold for managed security, delivering Security Operations Center (SOC)-as-a-Service and security services that bridge the gap to a modern security approach. We enable any size organization to leverage our expert security operations team and respond to endpoint, network, and cloud security threats 24×7. ActiveEye, our proprietary platform, uses Security Orchestration Automation and Response (SOAR) to cut through the noise and address the most critical threats faster. The ActiveEye Portal is the cornerstone of our customer-centric approach, providing clients a transparent view into SOC activities and Key Performance Indicators (KPIs) that demonstrate the value of our co-managed security approach.

  • Demisto
    Booth: 106

    Demisto is the only Security Orchestration, Automation and Response (SOAR) Platform that combines orchestration, incident management and interactive investigation into a seamless experience. By using Demisto, security teams can build future-proof security operations to reduce MTTR, create consistent incident management processes, and increase analyst productivity.

  • DeSales University Cyber Security Program
    Booth: 502

    DeSales University offers an exciting digital forensics certificate program, composed of four courses, that teaches students how to recover evidence from various types of electronic devices. Students receive hands-on experience with popular forensic tools and are prepared to address the legal and investigative issues involved with seizing and handling digital evidence. Graduates of the certificate program can add more courses toward a master’s degree in criminal justice or information systems. All courses are online, allowing students with busy schedules greater flexibility.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Electronic Crimes Task Force
    Booth:

    The role of the U.S. Secret Service has gradually evolved since the agency’s 1865 inception, from its initial mandate — suppressing the counterfeiting of U.S. currency — to protecting the integrity of the nation’s financial payment systems. During this time, as methods of payment have evolved, so has the scope of the Secret Service’s mission. Computers and other chip devices are now the facilitators of criminal activity or the target of such, compelling the involvement of the Secret Service in combating cyber crime. The perpetrators involved in the exploitation of such technology range from traditional fraud artists to violent criminals – all of whom recognize new opportunities to expand and diversify their criminal portfolio.

  • ExtraHop
    Booth: GuidePoint Pavilion: 236

    ExtraHop is a force multiplier for IT teams struggling with increasing complexity. With the ExtraHop platform, organizations can regain control over the security and performance of their applications and infrastructure, and capitalize on their data analytics opportunity to improve business operations and results. Learn more at www.extrahop.com

  • F5
    Booth: AccessIT Pavilion: 114

    F5 provides solutions for an application world. F5 helps organizations seamlessly scale cloud, data center, telecommunications, and software defined networking (SDN) deployments to successfully deliver applications and services to anyone, anywhere, at any time. F5 solutions broaden the reach of IT through an open, extensible framework and a rich partner ecosystem of leading technology and orchestration vendors. This approach lets customers pursue the infrastructure model that best fits their needs over time. The world’s largest businesses, service providers, government entities, and consumer brands rely on F5 to stay ahead of cloud, security, and mobility trends

  • ForeScout Technologies, Inc.
    Booth: AccessIT Pavilion: 112

    ForeScout Technologies, Inc. has pioneered an agentless approach to network security to address the explosive growth of the Internet of Things (IoT), cloud computing and operational technologies (OT). We offer a highly scalable, heterogeneous platform that provides Global 2000 enterprises and government agencies with agentless visibility and control of today’s vast array of physical and virtual devices the instant they connect to the network. Our technology continuously assesses, remediates and monitors devices and works with disparate security tools to help accelerate incident response, break down silos, automate workflows and optimize existing investments. As of June 30, 2018, more than 2,900 customers in over 80 countries improve their network security and compliance posture with ForeScout solutions.

  • Gemalto
    Booth: GuidePoint Pavilion: 238

    Today’s enterprises depend on the cloud, data and software to make decisive decisions. That’s why the most respected brands and largest organizations in the world rely on Thales to help them protect their most sensitive information and software wherever it is created, accessed or stored – from the cloud and data centers to devices and across networks. As the global leader in cloud and data protection, our solutions enable organizations to move to the cloud securely, achieve compliance with confidence, and create more value from their software in the devices and services used by millions of consumers every day.

  • Gigamon
    Booth: AccessIT Pavilion: 118

    Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com. 

  • Gigamon
    Booth: GuidePoint Pavilion: 218

    Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com. 

  • Global Cyber Alliance
    Booth: TBD

    The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

  • GuidePoint Security LLC
    Booth: 246

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

  • HTCIA Delaware Valley Chapter
    Booth:

    The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge, about methods, processes, and techniques relating to investigation and security in advanced technologies among its membership.

    By becoming a member of the HTCIA you will affiliate yourself with a professional organization which will help you fully understand and address issues associated with investigations, apprehensions and methodologies associated with the newest breed of high tech criminals. With the explosion in use of computers and the Internet, there is an uprising in criminal activities that utilize these powerful tools. From computer viruses to data processing fraud, there are many growing threats that expose our society to a new kind of criminal activity.

  • Imperva
    Booth: GuidePoint Pavilion: 210

    Imperva is a leading provider of data and application security solutions that protect business-critical information in the cloud and on-premises. Cybercriminals constantly change their tactics. But what they are after, and how they ultimately make money, doesn’t change. They are after data. They make their money through extortion, via DDoS and ransomware, and through theft via data breaches. Today, data and applications are the fundamental assets of any enterprise. Data are the intellectual property and apps are what run the business. Imperva has a singular purpose: protect these critical assets from the ever-changing attacks of the cybercrime industry.

  • InfoSec-Conferences.com
    Booth: n/a

    We’re the InfoSec community’s #1 ‘Go To’ resource for cybersecurity conference listings. Since 2012 we’ve provided cybersecurity professionals with accurate event listings that are manually checked and updated every day.

  • Philadelphia InfraGard Members Alliance
    Booth:

    InfraGard is a partnership between the FBI and the private sector. It is an association of people from businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. Philadelphia InfraGard Members Alliance (IMA) provides a forum for the exchange of information between the government, the owners and operators of the national infrastructure, and others concerned with the protection of the national infrastructure. Philadelphia IMA supports eastern Pennsylvania and southern New Jersey. Membership is free and new members are welcome.

  • IntSights
    Booth: GuidePoint Pavilion: 224

    IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the open, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world.

  • ISACA Philadelphia
    Booth:

    The Philadelphia Chapter of ISACA has a membership base of more than 1,600 individuals primarily located in the Philadelphia and the surrounding suburbs, extending into Delaware and Southern New Jersey. The membership of the Chapter includes professionals working in various industries and capacities. From students through experienced C-level executives, the Philadelphia Chapter provides, training, networking and social events to this diverse group who share the common goal of providing expertise in IT audit, security, risk, and governance topics to their colleagues. The Chapter conducts events on a monthly basis led by an active, vibrant and dedicated group of volunteers and is actively seeking business partners to help provide value and knowledge to its members.

  • ISC2
    Booth: TBD

    ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, ISC2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation, The Center for Cyber Safety and Education™.

  • ISSA Delaware Valley
    Booth:

    Our chapter serves the Delaware Valley and Mid-Atlantic region. This is comprised of Eastern Pennsylvania, Northern Maryland, Southern New Jersey, and Delaware.
    We are making history as we continue to grow the chapter with your membership, and bring exciting programs to you. If you have not already been involved in the membership meetings, we encourage you to do so. Hopefully, you will walk away with more ideas to take back to your organizations, or you may come away with a sense of – “Hey, we had that same problem”, or “Our company is not alone in dealing with these issues.”

  • Ixia, a Keysight Business
    Booth: 400

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Jazz Networks
    Booth: 202

    Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.

  • Lastline
    Booth: 500

    Lastline delivers innovative AI-powered network security that detects and defeats advanced threats entering or operating within a network. We protect network, email, cloud, and web infrastructures, minimizing the risk of damaging and costly data breaches with fewer resources and at lower cost.

  • Mimecast
    Booth: 506

    Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.

  • Okta
    Booth: AccessIT Pavilion: 110

    Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.

  • Okta
    Booth: GuidePoint Pavilion: 206

    Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.

  • Optiv
    Booth: 300

    Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.

  • OWASP
    Booth:

    The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

  • PACT
    Booth:

    Philadelphia Alliance for Capital and Technologies (PACT)’s vision is to be the go-to resource for fast growing companies, and a driver of entrepreneurship and innovation in the Philadelphia region. PACT provides its members with valuable content and connections to capital, coaching, and customers that will accelerate their growth and success, and to collaborate with other organizations to drive innovation and entrepreneurship in the region. Visit www.philadelphiapact.com for more information.

  • Rapid7
    Booth: 228

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • RedSeal
    Booth: GuidePoint Pavilion: 208

    By focusing on cybersecurity fundamentals, RedSeal helps government agencies and Global 2000 companies measurably reduce their cyber risk. With RedSeal’s cyber terrain analytics platform and professional services, enterprises improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif.

  • SecureAuth
    Booth: GuidePoint Pavilion: 222

    SecureAuth enables the most secure and passwordless, continuous authentication experience for everyone, everywhere. The patented AI/ML technology allows frictionless access to any file and any application across your heterogenous environment. The platform extends the security of your IdP or it can be used as an end-to-end solution.

  • SecurityScorecard
    Booth: GuidePoint Pavilion: 226

    SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their third-parties through continuous, non-intrusive monitoring. SecurityScorecard’s proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Application Security, Malware, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Information.

  • Securonix
    Booth: GuidePoint Pavilion: 232

    Securonix is redefining threat detection and response for today’s hybrid cloud, data-driven enterprise. Securonix Next-Gen SIEM and XDR are powered by the most advanced analytics and built on a scalable, flexible cloud native architecture. Securonix leverages behavioral analytics technology that pioneered the UEBA category to reduce noise, prioritize high fidelity alerts, and enable fast and precise response to insider and cyber threats.

  • Sonatype
    Booth: 604

    Every day, developers rely on millions of third party and open source building blocks – known as components – to build the software that runs our world. Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don’t have to make the tradeoff between going fast and being secure. More than 120,000 organizations use Sonatype’s Nexus solutions to support agile, Continuous Delivery, and DevOps practices globally

  • Splunk
    Booth: GuidePoint Pavilion: 220

    Splunk helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application incidents from becoming major issues, absorb shocks from digital disruptions and accelerate digital transformation.

  • Symantec
    Booth: AccessIT Pavilion: 116

    Symantec is the world’s leading cyber security company. Organizations worldwide look to Symantec for strategic, integrated solutions to defend against sophisticated attacks, and more than 50 million people rely on Symantec’s Norton and LifeLock product suites to protect their digital lives at home. For more information, please visit www.symantec.com.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tenable
    Booth: 301

    Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

  • Thycotic
    Booth: GuidePoint Pavilion: 204

    Thycotic empowers more than 10,000 organizations around the globe,
    from small businesses to the Fortune 500, to protect privileged accounts. We make enterprise-level privilege management accessible for everyone by eliminating dependency on complex security tools and prioritizing productivity, flexibility and control. You’ll achieve more with Thycotic – even in your first 30 days -than with any other privilege security tool.

  • Trend Micro
    Booth: 408

    Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.

  • Varonis
    Booth: GuidePoint Pavilion: 244

    Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • Venafi
    Booth: GuidePoint Pavilion: 214

    Venafi is the cybersecurity market leader in machine identity management, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, SSH, code signing, mobile and IoT. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise—on premises, mobile, virtual, cloud and IoT—at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.

    With more than 30 patents, Venafi delivers innovative solutions for the world’s most demanding, security-conscious Global 5000 organizations and government agencies, including the top five U.S. health insurers; the top five U.S. airlines; the top four credit card issuers; three out of the top four accounting and consulting firms;  four of the top five U.S. retailers; and the top four banks in each of the following countries: the U.S., the U.K., Australia and South Africa. Venafi is backed by top-tier investors, including TCV, Foundation Capital, Intel Capital, QuestMark Partners, Mercato Partners and NextEquity.

    For more information, visit: www.venafi.com.

  • Zix Corp
    Booth: GuidePoint Pavilion: 224

    Zix Corporation is a security technology company that provides email encryption services, email data loss prevention (DLP) and mobile applications designed to address bring your own device (BYOD) corporate technology trend. Headquartered in Dallas, Texas, the company serves customers that include divisions of the U.S. Treasury, federal financial regulators, health insurance providers and hospitals, and financial companies. As of December 2011, the company has served over thirty Blue Cross Blue Shield organizations, 1,200 hospitals, 1,600 banks, credit unions and associations. Federal Financial Institutions Examination Council (FFIEC) regulators are also the customers of the company. CIPROMS has signed a three-year renewal for the company in 2014.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Pete Lindstrom, Instructor
    Leader in Cybersecurity Strategy, Innovation, and Economics

    Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Dan Lohrmann
    CSO, Security Mentor; Former CISO, State of Michigan

    Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker, and author. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington D.C. to Moscow. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. In 2017, Dan was awarded the cybersecurity breakthrough CISO of the year for global security products and services companies.

    He led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO), and Chief Information Security Officer (CISO) roles in Michigan.

    Dan currently serves as the CSO and Chief Strategist for Security Mentor, Inc., where he leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting, and workshops for end-users, managers, and executives in the public and private sectors. He has advised senior leaders at the White House, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses, and non-profit institutions.

    Dan has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

    He is the author of two books: "Virtual Integrity: Faithfully Navigating the Brave New Web" and "BYOD For You: The Guide to Bring Your Own Device to Work." He is the co-author of the upcoming (November 2021) Wiley book, "Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from the Inevitable."

    Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

  • speaker photo
    Moderator: Joe Walsh
    M.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University

    Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for 13 years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor's degree in Information Systems, a master's degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D. in Information Systems with a concentration in Cybersecurity.

  • speaker photo
    Vince Fitzpatrick
    Director of Information Security, ChristianaCare

    Vince Fitzpatrick is a 20-year information security professional in the fields of healthcare and finance. Currently, he is the Director of Information Security at Christiana Care Health System (CCHS), one of the largest healthcare providers in the mid-Atlantic region, serving all of Delaware and parts of PA, MD, and NJ.

  • speaker photo
    Bryan Bechard
    CISO, Flagship Credit Acceptance

    Bryan is a 20+ year InfoSec career professional currently serving as CISO for an auto finance company and teaching the next generation of InfoSec pros.

  • speaker photo
    Robert Wilner
    President, Delaware Valley Chapter, Cloud Security Alliance
  • speaker photo
    Rosemary Christian
    DevSecOps Engineering Coach, Comcast

    Rosemary Christian is Co-President for WiCyS Critical Infrastructure and a Board Member for WiCyS Delaware Valley. She has demonstrated passion, knowledge and proven ability to engage others in the emerging market needs for cybersecurity initiatives. She leverages her experience, communications skills and interpersonal savvy across all levels to facilitate multiple security control systems, encryption and authentication protocols. She has a deep understanding of the importance of protection and maintenance of information and data security protocols in collaborative team environments. At Comcast as a DevSecOps Transformation Coach she fosters continuous improvement and sustained adoption of Secure Development Lifecycle practices.

  • speaker photo
    Charles Sgrillo
    Professor of Cybersecurity, Drexel University

    Charles Sgrillo is an adjunct professor of cybersecurity at Drexel University, teaching on topics such as IT Auditing, Cybersecurity, Penetration Testing, and Computer Forensics. During his time as a principal consultant, Charles has worked with over 50 businesses to implement the NIST Cybersecurity Framework. Along with teaching at Drexel University, Charles is a Red Team Analyst for The Vanguard Group.

  • speaker photo
    Joshua Marpet
    Data Protection Advisory Council
  • speaker photo
    Hazel Cerra
    Assistant to the Special Agent in Charge, United States Secret Service

    Assistant to the Special Agent in Charge (ATSAIC) Hazel Cerra is a twenty-two year veteran with the United States Secret Service. ATSAIC Cerra was assigned to the Former President William Clinton Protective Detail in Chappaqua, NY, where she spent four years traveling around the world in support of the Clinton Global Initiative (CGI).

    ATSAIC Cerra serves as a supervisor in the Philadelphia Field Office, Financial Crimes Squad, where she is responsible for leading a team of Special Agents in the latest trends in cyber fraud investigations.

    She earned a Bachelor of Science in Criminal Justice from New Jersey City University and she has also earned her MBA in Finance from Johns Hopkins University.

    Lastly, ATSAIC Cerra volunteers her time coaching a CyberPatriot team in the Civil Air Patrol, where she is also the Aerospace Education Officer.

  • speaker photo
    Dave Snyder
    Chief Information Security Leader, Independence Blue Cross
  • speaker photo
    Cheryl Carmel, Moderator
    Owner, Carmel Consulting LLC

    Ms. Carmel is a member of (ISC)2 where she holds her CISSP, and IAPP where she holds her CIPT. She is a member of InfraGard and has been on the Advisory Council for SecureWorld for many years.

    Ms. Carmel began her career in technology with experience in application development, infrastructure operations, technical support, and teaching. She pivoted to focus on security in 1999. Her most recent role was VP of Security, Privacy, and Compliance at OnSolve where she was responsible for maturing the program to enable successfully implement security controls to meet the rigors of FedRAMP, while maintaining the controls for ISO 27001, HIPAA, and privacy laws. Before that, she was the BISO at FIS (SunGard Financial Systems).

  • speaker photo
    Bryan Orme
    Principal & Partner, GuidePoint Security

    Bryan Orme leads the Information Assurance consulting organization; which includes Application Security, Cloud Security, Governance, Risk, and Compliance Services, Threat and Attack Simulation, Incident Response and Forensics. Additionally, Bryan leads the internal IT and Information Security teams as well as the Project Management Office and Services Operations. Bryan also serves on the Board of Directors of deepwatch, a Managed Security Services Provider. Since 2001, his primary focus has been on designing and implementing comprehensive Information Security programs and assisting clients with building business-aligned Information Security programs to mitigate risks associated with today’s increasingly sophisticated array of threats. Bryan has extensive backgrounds in multiple disciplines within Information Security, including Security Program Strategy, Application Security, Penetration Testing, PCI DSS, Incident Response and Forensics, and Vendor Management. Prior to joining GuidePoint, Bryan was the Director of Information Security for Capital One. His accomplishments there included building and leading the Application Security, Vendor Management, and PCI DSS Programs. He is a frequent speaker at industry conferences including OWASP, SecureWorld, HP Protect, ISSA, ISACA, and HIMSS on a wide array of Information Security topics. Bryan also served as a member of multiple Special Interest Groups of the PCI Security Standards Council. He earned a Bachelor’s degree from James Madison University and a MBA from the Robert H. Smith School of Business at the University of Maryland. Bryan holds QSA, CISSP, and CISM certifications.

  • speaker photo
    Axel Peters
    Executive Sales Manager, baramundi Software USA Inc.

    Axel holds his degree in IT Management and has advised more than 300 small businesses and global enterprises in Europe and the U.S. on tools and strategies to keep technology infrastructure up-to-date, safe, and efficient. Now continuing that role at the baramundi U.S. headquarters in Framingham, MA, Axel is actively helping IT departments address today's practical and cost challenges in endpoint management.

  • speaker photo
    Tim Miller
    Lead Cybersecurity Consultant, Trend Micro

    Tim has over 10 years’ experience in Information Security and 33 years working with computer technology. He started his career with the Apple IIe in his first computer class, through achieving his master’s degree in Network Communications Management. Tim has been with Trend Micro for three years, and his experience in Information Security includes Endpoint Protection, CEH (Certified Ethical Hacker), risk assessments, Endpoint Detection and Response, IDS/IPS, malware prevention, and teaching others about threats.

  • speaker photo
    Vana Khurana
    Sr. Solutions Architect, Security Specialist, Cloud Security Alliance Delaware Valley

    Vana Khurana is CISSP, AWS Certified Architect (A), CCSP, CCSK, GSEC, and TOGAF certified. Vana serves as Director of Training and a Board Member of Cloud Security Alliance Delaware Valley Chapter. She is also an Adjunct Faculty at Temple University, Philadelphia. Vana has authored the book "IT Process Management," available on Amazon.

  • speaker photo
    Louise O’Donnell
    Sr. Information Technology Manager, TD Ameritrade
  • speaker photo
    Anahi Santiago
    CISO, ChristianaCare Health System

    Anahi Santiago is the Chief Information Security Officer at ChristianaCare Health System, the largest healthcare provider in the state of Delaware. Prior to CCHS, she spent over 10 years as the Information Security and Privacy Officer at Einstein Healthcare Network. In her role as CISO, Anahi has overall responsibility for the organization's cybersecurity and assurance program. She leads a team of information security professionals in supporting CCHS's strategic initiatives by collaborating with clinical and business leaders, managing cybersecurity risks, implementing policies and controls, generating overall awareness, and fostering a culture of security and safety.

  • speaker photo
    Gustavo Coronel
    Sr. Cloud Security Architect, Check Point Software Technologies

    Gustavo (Gus) Coronel is a Senior Cloud Security Architect with Check Point Software Technologies and has been involved with network security for over 25 years. His first foray into network security was serving as the first Firewall Administrator at the US Department of Transportation in 1994. Intrusion Detection, Vulnerability Assessments, Protocol Analysis, Incidence Response, Forensics and Secure Network Design projects quickly followed. He joined Check Point’s Federal Group in 2009 and has been securing public cloud deployments full time since 2015.

  • speaker photo
    Tariq Shaikh
    IT Program Manager, Aetna

    Tariq Shaikh leads the Privileged Access Management practice for Aetna as part of their Global Security team. Tariq has more than 20 years of technology experience and is a certified project manager and information systems security professional. Tariq is an SME in the Privileged Access Management space and has spoken extensively about it at industry conferences. He also leads a security academy for Aetna that aims to educate participants about cyber security and protect and advance the profession.

  • speaker photo
    Bernie McGuinness
    IT Risk Lead, Campbell Soup Company

    Bernie is a cybersSecurity professional with over 20 years’ experience, both hands on and regulatory compliance of multiple complex systems within the Department of Defense and the commercial space. He provides in-depth knowledge on Third-Party Risk Management, Information Security, Assurance, Audit, and IT Operations, within industry. Holder of a CISSP, CRISC, and CTPRP.

  • speaker photo
    Jordan Fischer, Instructor
    Founding Partner & Owner, Fischer Law, LLC

    Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.

    Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.

    With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.

    Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.

    In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.

    Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.

    Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.

    HONORS & RECOGNITIONS
    Lawyer on the Fast Track, The Legal Intelligencer (2023)
    Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
    Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
    ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
    SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
    Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
    Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
    European Union ERASMUS Grant Recipient, 2020

    ASSOCIATIONS & MEMBERSHIPS
    American Bar Association, Business Law Fellow, 2020-2022
    American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
    Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
    California Bar Association
    New Jersey Bar Association
    Forbes Business Council Member, 2022
    International Association of Privacy Professionals (IAPP), Member
    University of California, Berkeley, Cybersecurity Lecturer
    former Thomas R. Kline School of Law, Drexel University, Law Professor
    former Chestnut Hill College, Adjunct Professor
    West Chester Friends School, Board Member
    Appointed Fulbright Specialist in Cybersecurity and Data Privacy

    CERTIFICATIONS
    Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
    Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
    Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP)

  • speaker photo
    Antona Dumas
    Associate, XPAN Law Group

    Antonia M. Dumas is an associate at XPAN Law Group, a certified Women’s Business Enterprise (“WBE”) and Women Owned Small Business (“WOSB”). At XPAN, Antonia works with clients to create proactive, streamlined, and global approaches to cybersecurity and data privacy. She performs audits, assessments and gap analysis of a client’s existing contractual and technological infrastructure. Domestically, she conducts cyber-regulatory compliance assessments, including HIPAA and state-specific regulations. She assists in the implementation of cyber best practices, including drafting cybersecurity policies and procedures. She also helps conduct international privacy compliance assessments under the European Union General Data Protection Regulation (“GDPR”). Antonia has experience in a variety of different sectors through which she has gained an insight into potential cybersecurity and data privacy vulnerabilities. Additionally, she contributes a unique global perspective from living, studying, and working abroad in Spain for several years.

  • speaker photo
    Jim Menkevich
    Sr. Sales Engineer, Netskope

    Jim Menkevich is an Information Security, Privacy, and Risk Management professional with 19+ years of experience. Through his career, he has led teams in Cybersecurity, Enterprise Architecture, Systems Integration, and Application Development. Jim specializes in applying methodologies, frameworks, and ideas outside of the intended domain, which generates new and fresh angles to address industry challenges. When he’s not working, Jim enjoys writing poetry, running, and spending time with his family. Jim served previously as the Director of Data Protection and Security Governance at Health Partners Plans in Philadelphia.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Dan Lohrmann
    CSO, Security Mentor; Former CISO, State of Michigan

    Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker, and author. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington D.C. to Moscow. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. In 2017, Dan was awarded the cybersecurity breakthrough CISO of the year for global security products and services companies.

    He led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO), and Chief Information Security Officer (CISO) roles in Michigan.

    Dan currently serves as the CSO and Chief Strategist for Security Mentor, Inc., where he leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting, and workshops for end-users, managers, and executives in the public and private sectors. He has advised senior leaders at the White House, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses, and non-profit institutions.

    Dan has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

    He is the author of two books: "Virtual Integrity: Faithfully Navigating the Brave New Web" and "BYOD For You: The Guide to Bring Your Own Device to Work." He is the co-author of the upcoming (November 2021) Wiley book, "Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from the Inevitable."

    Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

  • speaker photo
    Moderator: Joe Walsh
    M.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University

    Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for 13 years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor's degree in Information Systems, a master's degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D. in Information Systems with a concentration in Cybersecurity.

  • speaker photo
    Happy Hour
  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Dan Lohrmann
    CSO, Security Mentor; Former CISO, State of Michigan

    Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker, and author. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington D.C. to Moscow. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. In 2017, Dan was awarded the cybersecurity breakthrough CISO of the year for global security products and services companies.

    He led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO), and Chief Information Security Officer (CISO) roles in Michigan.

    Dan currently serves as the CSO and Chief Strategist for Security Mentor, Inc., where he leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting, and workshops for end-users, managers, and executives in the public and private sectors. He has advised senior leaders at the White House, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses, and non-profit institutions.

    Dan has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

    He is the author of two books: "Virtual Integrity: Faithfully Navigating the Brave New Web" and "BYOD For You: The Guide to Bring Your Own Device to Work." He is the co-author of the upcoming (November 2021) Wiley book, "Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from the Inevitable."

    Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

  • speaker photo
    Moderator: Joe Walsh
    M.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University

    Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for 13 years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor's degree in Information Systems, a master's degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D. in Information Systems with a concentration in Cybersecurity.

  • speaker photo
    Jordan Fischer, Instructor
    Founding Partner & Owner, Fischer Law, LLC

    Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.

    Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.

    With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.

    Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.

    In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.

    Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.

    Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.

    HONORS & RECOGNITIONS
    Lawyer on the Fast Track, The Legal Intelligencer (2023)
    Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
    Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
    ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
    SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
    Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
    Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
    European Union ERASMUS Grant Recipient, 2020

    ASSOCIATIONS & MEMBERSHIPS
    American Bar Association, Business Law Fellow, 2020-2022
    American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
    Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
    California Bar Association
    New Jersey Bar Association
    Forbes Business Council Member, 2022
    International Association of Privacy Professionals (IAPP), Member
    University of California, Berkeley, Cybersecurity Lecturer
    former Thomas R. Kline School of Law, Drexel University, Law Professor
    former Chestnut Hill College, Adjunct Professor
    West Chester Friends School, Board Member
    Appointed Fulbright Specialist in Cybersecurity and Data Privacy

    CERTIFICATIONS
    Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
    Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
    Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP)

  • speaker photo
    John Grim
    Head of Research, Development, Innovation, Verizon Threat Research Advisory Center

    John has over 17 years of experience investigating, and leading teams investigating, data breaches and cybersecurity incidents within the government and civilian security sectors. Currently, John heads the Verizon Threat Research Advisory Center (VTRAC) research, development, and innovation effort. In this role, he focuses on researching cybersecurity incidents, performing digital forensic examinations, advising on data breach containment and eradication efforts, and creating data breach response preparedness training and breach simulation exercises for customers worldwide. Prior to joining Verizon, John served 12 years with the U.S. Army investigating security-related incidents with eight years specifically focused on network intrusion investigations and forensic examinations.

  • speaker photo
    Ken Pyle
    Partner, Information Security, DFDR Consulting

    Ken Pyle is a partner of DFDR Consulting specializing in Information Security, Computer Forensics, Enterprise Virtualization, and Network Engineering. Ken has an extensive background in Network Penetration and Remediation, Compliance, and exploit development. Ken has published exploit research and vulnerabilities for a large number of companies, including Dell, Cisco, Sonicwall, Sage Software, and DATTO. Ken’s academic work includes social engineering research, election interference,, application of sociology and psychological factors to phishing campaigns, and technical work on next generation attacks.

  • speaker photo
    Dawn-Marie Hutchinson
    CISO, Pharmaceuticals and R&D, GSK (GlaxoSmithKline)

    Dawn-Marie Hutchinson brings more than 15 years of enterprise information technology experience to her role as CISO of GSK. She is an innovative business partner with extensive experience serving on Enterprise Risk Management teams. Hutchinson is an expert in providing data privacy and security solutions to manage information risk, improve IT governance and strengthen internal controls. Hutchinson’s extensive experience in information security and privacy program development has served the healthcare, insurance, retail and higher education sectors.

    While serving on the HITRUST working group for Data De-Identification, Hutchinson established standards and controls for the anonymization of patient level data and is credited with authoring the white paper for defining those levels, as well as use cases for the secondary uses of medical data. Additionally, she served on the HITRUST Privacy working group tasked with revising the HITRUST Common Security Framework to include additional privacy controls and the inclusion of NIST application recommendations.

    Prior to joining GSK, Hutchinson was the CSO at Comm Solutions and also led the information security program at Urban Outfitters, based in Philadelphia. Her tenure in IT also includes work at Walt Disney World, Co., Banknorth Group, Inc., Independence Blue Cross, Protiviti, and Optiv.

    Hutchinson currently sits on the Cyber Security Canon Committee, was the recipient of the CRM Women’s Power 50 award and hold accreditations that include Certified Information Security Manager (CISM), Certified in Risk and Information System Controls (CRISC), Certified Information Systems Auditor (CISA) and former Payment Card Industry Qualified Security Assessor (QSA). She is also a 2013 Master’s of Business Administration graduate of the Saint Joseph’s University Haub School of Business.

  • speaker photo
    Robert McKosky
    Asst. Professor, Drexel University

    Dr. Robert McKosky served as the Director of Information Security at MBNA America and was the Technical Program Director for the Network Infrastructure Laboratory at GTE. He has organized and participated in various simulated attacks (Tiger Teams) to identify weaknesses in security systems. Mac has consulted to the CTIA, NSA, Secret Service, FBI, CIA, Scotland Yard, the Royal Canadian Mounted Police, and various state and local law enforcement organizations. Mac is a Certified Secure Software Lifecycle Professional (CSSLP) and a Certified Information System Security Professional (CISSP) and was one of the authors of the original certification exam.

  • speaker photo
    Bryan Inagaki
    Sr. Director, Cybersecurity Risk Management & Solutions, Thermo Fisher Scientific

    Bryan's path to information security was anything but direct, and he took a few detours in the worlds of small business, federal law enforcement and financial services before finding himself fully entrenched in the industry. As a physical security professional first and an information security professional second, Bryan enjoys the challenge of mixing the real with the intangible and taking lessons learned from time spent in critical threat areas to make his teams more effective and efficient.

  • speaker photo
    Joan Antokol
    Partner, Park Legal LLC

    Joan has experience as an in-house global privacy officer for a Fortune 500 company, and also served as a Partner and chair of the data privacy practice for a large international law firm. Since 2010, she has operated her own law firm, Park Legal, LLC, with offices in New Jersey and Indianapolis. Since 2003, Joan has been invited to be a member of the International Working Group on Data Protection in Technology (IWGDPT), which is an international group of data protection regulators chaired by the Berlin Data Protection Commissioner. Joan has also presented multiple times at the International Data Protection Commissioners' Conferences and has written a number of articles on data protection and security topics.

  • speaker photo
    Matt Wilson
    Chief Information Security Advisor, BTB Security

    Matt Wilson is the Chief Information Security Advisor for BTB, based in southeastern Pennsylvania. Matt has spent his entire career in IT and has over 14 years of experience within Information Security. Throughout his career, Matt has fostered the development of assessment methodologies, toolsets, and techniques for the delivery of security assessments, penetration testing, application assessments, compliance assessments, security awareness trainings, and policy review and development. More recently, Matt has been actively engaged in the continued maturation of BTB’s CISO Advisory Practice and RADAR Managed Detection & Response service.

  • speaker photo
    Eric Bucher
    Solutions Architect, Cequence Security

    Eric Bucher has over 15 years of experience in the security industry with a technical concentration in financial fraud, advanced persistent threats, forensics, exfiltration, DLP, and overall attack surfaces.

  • speaker photo
    Roger Vann
    Information Security Leader, JANUS Associates, Inc.
  • speaker photo
    Pete Lindstrom, Instructor
    Leader in Cybersecurity Strategy, Innovation, and Economics

    Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.

  • speaker photo
    Charles Sgrillo
    Professor of Cybersecurity, Drexel University

    Charles Sgrillo is an adjunct professor of cybersecurity at Drexel University, teaching on topics such as IT Auditing, Cybersecurity, Penetration Testing, and Computer Forensics. During his time as a principal consultant, Charles has worked with over 50 businesses to implement the NIST Cybersecurity Framework. Along with teaching at Drexel University, Charles is a Red Team Analyst for The Vanguard Group.

  • speaker photo
    Katie Creaser
    SVP and Cybersecurity Practice Lead, Affect

    Katie is a Sr. Vice President, Cybersecurity Lead at Affect, where she provides counsel to clients that are looking to bring PR and social media into their communications program as part of a thoughtful, holistic strategy. Katie is passionate about helping brands of all shapes and sizes find unique and creative ways to tell their story. She works closely with Affect’s technology and healthcare clients to ensure that their value resonates with customers by creating compelling content for every medium.

    Katie has managed public relations campaigns across a diverse range of industries including mobile device management, network and data security, application delivery, enterprise software and IT infrastructure. Katie also spearheads Affect’s social media practice – and has developed social media campaigns for Omni Hotels & Resorts, Caron Treatment Centers and Regus. She has managed programs that have earned accolades from PRSA, the SABRE awards and BtoB Magazine.

    Prior to joining Affect, Katie served as assistant program manager for the Capital Roundtable, an event production company for the private equity, investment banking, venture capital, legal, hedge fund and professional advisory communities in New York City. She started her career at KPR, a pharmaceutical advertising agency and part of the Omnicom network – where she supported the Janssen Pharmaceuticals, Forest Laboratories and Merck accounts. Katie holds a BA in Public Relations from Marist College.

  • speaker photo
    Jay Robinson
    Director of Cyber Operations, BlackRock

    BlackRock's Cyber Operations team manages the global 24x7 operations center responsible for cyber monitoring, incident response, cyber intelligence, cyber forensics, and vulnerability management.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes