Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Tuesday, August 25, 2020
    10:00 am
    [Trend Micro WORKSHOP] Threat Defense Challenge - Play Alongside Your Peers Competing in Teams to Run Cyberattacks in a Controlled Environment
    • session level icon
    Earn 18 CPEs - Premium prizes will be awarded to the team who gains the most points
    speaker photo
    Solutions Engineer, Trend Micro
    Registration Level:
    • session level iconSecureWorld Plus
    10:00 am - 4:00 pm
    Location / Room: Maple

    Join Trend Micro’s DevOps Threat Defense Challenge for a hands-on learning experience in a real-world scenario to simulate a cyberattack targeting a rapidly evolving infrastructure scenario.  You will be diving head-first into a full-blown DevOps environment where developers leverage build pipelines to deliver containerized applications with technologies like Kubernetes, Jenkins, and GitHub.

     

    During this challenge, you’ll realize signs of a breach and will be tasked with responding effectively with the new security service platform for cloud builders.

     

    In addition to gaining hands-on experience with modern infrastructure technologies and software delivery practices, you’ll have a chance to win an Oculus Virtual Reality Headsets and other giveaways!

     

    Please Note: Participants will need to bring a laptop

    Lunch is provided

  • Wednesday, August 26, 2020
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast Roundtable – (VIP / INVITE ONLY)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: Revolution

    This session is for Advisory Council members only.

    8:00 am
    [SecureWorld PLUS] Part 1 - Securing Your Organization with the NIST Cybersecurity Framework and CIS Top 20
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Founder & Chief Security Architect, Black Cipher Security
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Magnolia

    This education and training program includes the following key elements:
    • An introduction to the NIST Cybersecurity Framework (NIST CSF)
    • A process for adopting and validating your NIST CFS implementation
    • How to leverage the NIST CFS to complete compliance objectives
    • The skills needed to develop documentation such as:
    • Cybersecurity Strategy, System Security Plan (SSP)
    • Risk Assessment
    • Plan of Action and Milestones (POA&M)
    • Communicating cybersecurity results and requirements with stakeholders

    8:00 am
    [SecureWorld PLUS] Part 1 - The Evolution of Privacy and Cybersecurity Legal Trends: Strategies and Operational Tools to Help You Protect Your Organization
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Managing Partner, XPAN Law Group, LLC
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Maple

    This SecureWorld PLUS course will provide an administrative, legal, and technical overview of the Privacy and Cybersecurity Legal Landscape with operational tools to address the changing regulatory and legal landscape. Hands-on exercises to demonstrate the best approach to the dynamic legal requirements in the cyber and privacy space will be included. The sessions will involve the California Consumer Privacy Act (CCPA), the New York SHIELD Act, the Nevada’s Internet Privacy Law, and the European Union’s General Data Protection Regulation.
    Part 1: Trends in the Law: An Overview of the Domestic Regulatory and Legal Landscape.

    The US legal framework for cybersecurity and data privacy continues to evolve. Trying to stay abreast of the ever evolving and changing technologies and legal requirements can be overwhelming. In the past year, State and Federal regulatory changes have altered the legal and compliance obligations of many companies across a variety of industries. Additionally, the courts are starting to issue opinions that have placed heightened liability on companies to protect sensitive personal data.

    This Session will provide an overview of key regulatory and legal changes both at the State and Federal level and discuss how companies should prepare to meet these evolving obligations. We will break down the requirements of the CCPA and the NY SHIELD Act, providing insight into key aspects of the laws. Additionally, this Session will discuss the impact of recent court decisions on privacy and security liability.

    8:00 am
    [SecureWorld PLUS] Part 1 - Incident Response: Critical Actions Before, During and After an Incident
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO, Salem Medical Center
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Juniper

    This course will emphasize the practical and prioritized steps to take before, during and after an incident to ensure your company is up to the challenges of effectively responding to incidents, making sure that little problems don’t become big, and that big problems don’t blow up your company. Effectively managing incidents is not usually about having advanced technologies or stringent policies. Rather, it’s about your Incident Response Team working together to execute the right basics in the right order at the right times. In this program, Chris will share stories of effective responses, examining why they were good, as well as responses that missed the mark by a little or a lot.
    This course will include:

    • Discussing what “risk” and “incident” usually mean – and what they really mean in your organization;
    • Designing and implementing a comprehensive incident response process that really works;
    • Defining the differences between events, incidents and breaches;
    • Learning about basic and pervasive security vulnerabilities and why they lead to so many security incidents and breaches;
    • Determining tools you need to manage and coordinate your incident response;
    • Leveraging your expertise as a security professional and how to communicate with others about incident response and keep them on engaged;
    • Imaging, qualifying, quantifying and prioritizing high-risk incident scenarios;
    • Next steps to prepare for your next incident.

    In this course, you’ll learn about what works and what doesn’t in Incident Response. This is not a dive into technical forensic investigation or other technical details. Rather, we will cover common-sense processes and best-practices that you already knew about or seem obvious once stated, but which your organization probably still struggles with all the time nevertheless. Chris will share how you can upgrade your security program by refocusing on basic security practices, clearly prioritizing risks, and preparing for the inevitable situations where an attack or accident matches up with a vulnerability and ruins your day. Just as Information Security is never a once-and-done activity, Incident Response has to be even more flexible, agile and responsive to counter never-ending attacks. Preparing your Incident Response Team with light-weight tools and well-practiced methods will go far toward fighting off attacks, mitigating vulnerabilities, and reducing overall business risks.

     

    8:30 am
    Security Event Issues When Communicating to the Business and Client
    • session level icon
    speaker photo
    Sr. Compliance & Cybersecurity Auditor, Bacik Enterprises
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Parkview Ballroom

    Organizations always have pessimists, complainers, and derailers staff members and customers. When there is a security event that has to be communicated, these type of staff members and customers can wreak havoc on it more than the actual event impact. The soft skill of communicating is sometimes overlooked by security professionals when sealing with staff and customers. We need to ensure that we present the facts and not let our temperature boil over with any type of security and keep you out of the news. Today, we will talk about those software skills to staff, management, and customers and the issues that we might all face at one time or another.
    The session will offer guidance on crafting messages for security events, how to respond to the message pessimists, complainers, and derailers, how often should communication be done during a security event, and talk about examples and how we can handle them.
    Presentation Level: MANAGERIAL (security and business leaders)

     

     

    8:30 am
    Monolith to Microservices Migration and Security
    • session level icon
    speaker photo
    Cloud Security Architect, The Vanguard Group
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Laurel West

    Next big thing in IT seems to be small – Microservices! This talk will introduce the microservices, its benefits, strategies for migration from monoliths to microservices, security options and some best practices.
    Presentation Level: TECHNICAL (deeper dive including TTPs)

    8:30 am
    The DoD’s Cybersecurity Maturity Model Certification (CMMC) Is Coming – Are You Ready?
    • session level icon
    speaker photo
    Treasurer and Member, Board of Directors, Cybersecurity Maturity Model Certification (CMMC) Accreditation Body
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Laurel East

    Supply chain risks are at the top of everyone’s mind today, and the US Department of Defense (DoD) is no different. That is why the DoD created its Cybersecurity Maturity Model Certification (CMMC). CMMC is a five level, third-party validated maturity certification. CMMC includes both technical and process/procedural requirements. Organizations in the Defense Supply Chain will be required to obtain CMMC certification before contract award. Requests for Proposals (RFPs) containing CMMC requirements are expected in October 2020. This session provides an overview of CMMC and the corresponding industry-led ecosystem that is being created, spearheaded by the CMMC Accreditation Body (CMMC-AB).
    Presentation Level: MANAGERIAL (security and business leaders)

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    [OPENING KEYNOTE] People, Processes, and Tech Strategies: Recruit, Train, and Retain for Success!
    • session level icon
    speaker photo
    VP, Chief Information Security and Privacy Officer, Health Partners Plans
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    While most security teams leverage these key resources to reduce risk in our programs, how you leverage these resources will ultimately determine your effectiveness and success.  Come join a leading security practitioner in a collaborative discussion on tips and landmines to avoid

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Revolution

    This session is for Advisory Council Members only.

    11:15 am
    VIPR Report – The Verizon Incident Preparedness and Response Report – Taming the Data Breach
    • session level icon
    speaker photo
    Head | Research, Development, Innovation, Verizon Threat Research Advisory Center
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Keynote Theater

    Preparing for and responding to data breaches and cybersecurity incidents is never easy. It takes knowledge of your environment and its unique threats, effective teamwork, and just as importantly, a rigorous Incident Response (IR) Plan. The VIPR Report is a data and scenario-driven approach to incident preparedness and response; it’s based on three years of Verizon’s IR Plan readiness assessments, and our data breach simulation recommendations. John will present findings with the six phases of incident and in doing so, cover five data breach scenarios illustrating the need for that phase of an IR Plan and its underlying components.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    11:15 am
    (ISC)2 Chapter Meeting: Open to All Attendees
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Parkview Ballroom

    Discover your local associations! Join (ISC)2 for their chapter meeting, networking opportunity, and guest speaker.

    11:15 am
    [Check Point] Protecting You from You Is the #1 Challenge in the Age of SDE (Software Defined Everything)
    • session level icon
    speaker photo
    Cloud Security Specialist, Check Point Software Technologies
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Laurel West

    Using public clouds for enterprise datacenters is now mainstream; the advantages are significant and the gained agility undisputable. However, the number of services and options being offered is daunting. And, with these choices come consequences; one misconfiguration can put your entire organization at risk…or worse. Another reality you will face as you scale is the challenge of using a ‘one-size-fits-all’ interface. Imagine scrolling through lists of assets when the numbers are in the hundreds or even thousands. Just imagine trying to find a misconfigured or exposed S3 bucket when you have thousands; it’s finding a needle in a stack of needles.

    If you’re like most enterprises, you have a resource gap and don’t have the experienced, trained security professionals maintaining your cloud environment(s). This gap exacerbates risks. The cloud environments available today are extremely comprehensive and powerful, but in unskilled hands, one fat-finger can have dire consequences. And, as you implement ephemeral cloud-native services like Lambda functions and other cloud-native platform components, new challenges will arise when conducting threat-detection and attribution.

    In this session you’ll see your future and what to expect managing your public cloud-based datacenter. You’ll learn why Gartner says, “Through 2022, at least 95% of cloud security failures will be the customer’s fault.” We will highlight the top challenges you will face and show you what you should prepare for before you scale. We will also detail recommended best practices for securing and maintaining compliance in your public cloud data center.

    11:15 am
    A GuidePoint Security Presentation
    • session level icon
    speaker photo
    Principal & Partner, GuidePoint Security
    speaker photo
    Regional Partner – Mid Atlantic, GuidePoint Security
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Laurel East
    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Revolution

    This session is for Advisory Council Members only.

    12:15 pm
    [LUNCH KEYNOTE] Social Engineering and Online Fraud Prevention: True Crime Examples from the United States Secret Service
    • session level icon
    speaker photo
    Special Agent, United States Secret Service
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    The average loss from a bank robbery is about $3,000. The average loss from a successful Business Email Compromise (BEC) attack is nearly $130,000. That kind of math shows why BEC and other social engineering attacks are rampant—and every type of organization is at risk.
    Join Sunny Notani, Special Agent for the U.S. Secret Service, as he shares true crime examples of social engineering and online fraud attacks, including cases from the local Philadelphia area. Sunny will share examples of common mistakes that victims can make, and best practices for mitigating attacks when they happen.
    1:15 pm
    [Darktrace] Offensive AI vs. Defensive AI: Battle of the Algorithms
    • session level icon
    speaker photo
    Cybersecurity Manager, Darktrace
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Laurel West
    Among rapidly evolving technological advancements, the emergence of AI-enhanced malware is making cyber-attacks exponentially more dangerous and harder to identify. In the near future, we will begin to see supercharged, AI-powered cyber-attacks leveraged at scale. To protect against Offensive AI attacks, organizations are turning to defensive cyber AI, which can identify and neutralize emerging malicious activity, no matter when, or where, it strikes.
    In this session, learn about: 

    • Paradigm shifts in the cyber landscape
    • Advancements in offensive AIattack techniques
    • The Immune System Approachto cyber security and defensive, Autonomous Response capabilities
    • Real-world examplesof emerging threats that were stopped with Cyber AI

    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

     

    1:15 pm
    [Panel] The Current Threatscape – A Top 5 List
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Scammers are getting inventive. They are doing their homework. They use social media and Open Source tools to find out details on their targets to make their schemes more believable and actionable. They are also savvy about update releases and creating zero-day threats. Some of them collaborate with one another. Some even pose as InfoSec professionals to gain trust. So, what are the top threats we really need to worry about? Our panel of experts will weigh in and give you a top five list of the current threatscape.

    1:15 pm
    [Panel] Cloud – It’s NOT Just Someone Else’s Computer
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Parkview Ballroom

    That’s the old joke. And it is OLD! We’ve all come to recognize the benefits of the cloud – agility, economic value, and backup/recovery. Cloud migration is not slowing down but people still don’t fully understand what is happening with their data in the cloud (or in some cases what cloud technology really is). Our panel of experts will address the myths around cloud, pitfalls and best practices, as well as:

    • CASBs
    • Hybrid cloud
    • Cloud attack vectors
    • Identifying cloud security controls and design framework
    • Working with multiple cloud platforms
    • Legal considerations
    • Your Questions!
    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Detecting and Responding to Cyber Attacks
    • session level icon
    speaker photo
    Director, Information Security, Drexel University
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Laurel East

    Many businesses have been the prime target of cybercriminals. More concerning is that a lot of these network intrusions can remain undetected for long periods of time. While some have said breaches are inevitable, detecting unauthorized access early on can significantly reduce the impact and proliferation of these threat actors. Incident detection and response can decrease the amount of time it takes to address breach and reduce the damage. Gabriel Doncel, Director of Information Security at Drexel University, has seen first-hand the effectiveness of a strong incident detection and response plan. Drawing from his experience guiding and coordinating incident response efforts like triage, evaluation, coordination, and executive reporting, Gabriel will share key strategies to successfully implement an incident detection and response plan.

    Learning objectives:
    * Outlining the steps for successfully identifying and remediating attacks
    * Identifying how to evaluate the need for an in-house security information and event management or a managed detection and response program
    * Detailing the necessary steps to ensure an organization is prepared to face the top threats, including phishing, malware, and stolen credential use.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    3:00 pm
    [Panel] Women & Cyber: An Insider's Guide to Building a Successful Network
    • session level icon
    speaker photo
    Founder & President, Philadelphia Women and Cyber Security
    speaker photo
    IT Security and Risk Manager, Chatham Financial
    speaker photo
    Digital Forensic Examiner, TransPerfect Legal Solutions
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Keynote Theater
    Join Philadelphia Women & Cyber Security for a panel discussion with some of our board members, where we will discuss how to build a successful network and why it is important in this industry to have strong mentors. Q&A to follow.
    Presentation Level: GENERAL (InfoSec best practices, trends, solutions)
    3:00 pm
    Human Error: Weakness, Vulnerability, or Secret Weapon
    • session level icon
    speaker photo
    Associate Professor, Bloomsburg University of Pennsylvania
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Laurel West

    Organizations that rely on the false premise of human weakness to explain security failures are ignoring the root cause of the issue and are destined to waste resources on whimsical solutions rather than developing sound security practices that capitalize on the unique qualities humans within the organization contribute through their daily successes and failures.
    To err is human and a powerful first step to learning. Identifying the rate of failure, how we fail, and developing the ability of the user to understand that they have failed in the first place lays the foundation for organizational security success. Organizations need to develop a method, a process, the mindset, to identify, analyze, and address human errors. This will require a shift in the perception of human errors; errors are not weaknesses, they opportunities to refine a process, to clarify a procedure, to improve security. Given the complexity of network devices, the ability of organizations to collect, analyze, and visualize data points, organizations likely already have the fundamental data needed to begin to examine pre-error decisions.

    Determining the root cause of action based on a pre-action analysis could help organizations identify the best strategy to minimize the likelihood of the same error occurring in an uncontrolled manner in the future. This is also a cybersecurity strategy, one that I believe is far more sustainable than spend and defend. The only failure associated with human error is the failure to learn from errors.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    3:00 pm
    [SecureWorld PLUS] Part 2 - Securing Your Organization with the NIST Cybersecurity Framework and CIS Top 20
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Founder & Chief Security Architect, Black Cipher Security
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Magnolia

    This education and training program includes the following key elements:
    • An introduction to the NIST Cybersecurity Framework (NIST CSF)
    • A process for adopting and validating your NIST CFS implementation
    • How to leverage the NIST CFS to complete compliance objectives
    • The skills needed to develop documentation such as:
    • Cybersecurity Strategy, System Security Plan (SSP)
    • Risk Assessment
    • Plan of Action and Milestones (POA&M)
    • Communicating cybersecurity results and requirements with stakeholders

    3:00 pm
    [SecureWorld PLUS] Part 2 - The Evolution of Privacy and Cybersecurity Legal Trends: Strategies and Operational Tools to Help You Protect Your Organization
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Managing Partner, XPAN Law Group, LLC
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Maple

    This SecureWorld PLUS course will provide an administrative, legal, and technical overview of the Privacy and Cybersecurity Legal Landscape with operational tools to address the changing regulatory and legal landscape. Hands-on exercises to demonstrate the best approach to the dynamic legal requirements in the cyber and privacy space will be included. The sessions will involve the California Consumer Privacy Act (CCPA), the New York SHIELD Act, the Nevada’s Internet Privacy Law, and the European Union’s General Data Protection Regulation.

    Part 2: Risk Transference: Developing a Security and Privacy Program to Address Compliance Requirements

    In the current patchwork approach to cybersecurity and data privacy legal requirements, it can be challenging for a business to create a comprehensive privacy and security program that complies with the various (and sometimes conflicting) legal requirements while also fitting organically within the business. Building solutions that can be easily shifted to meet new and evolving legal requirements is key. This Session will provide a detailed explanation of core components of a security and privacy program, methods to ensure that the program can be altered to fit new requirements as they come into place, and how to transfer risk whenever possible. The Session will include a discussion on Written Information Security Policies, Departmental and Employee Policies, Risk Management Programs, Client Contract Management Programs, Incident/Breach Response Programs, and training.

    3:00 pm
    [SecureWorld PLUS] Part 2 - Incident Response: Critical Actions Before, During and After an Incident
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, Salem Medical Center
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Juniper

    This course will emphasize the practical and prioritized steps to take before, during and after an incident to ensure your company is up to the challenges of effectively responding to incidents, making sure that little problems don’t become big, and that big problems don’t blow up your company. Effectively managing incidents is not usually about having advanced technologies or stringent policies. Rather, it’s about your Incident Response Team working together to execute the right basics in the right order at the right times. In this program, Chris will share stories of effective responses, examining why they were good, as well as responses that missed the mark by a little or a lot.
    This course will include:

    • Discussing what “risk” and “incident” usually mean – and what they really mean in your organization;
    • Designing and implementing a comprehensive incident response process that really works;
    • Defining the differences between events, incidents and breaches;
    • Learning about basic and pervasive security vulnerabilities and why they lead to so many security incidents and breaches;
    • Determining tools you need to manage and coordinate your incident response;
    • Leveraging your expertise as a security professional and how to communicate with others about incident response and keep them on engaged;
    • Imaging, qualifying, quantifying and prioritizing high-risk incident scenarios;
    • Next steps to prepare for your next incident.

    In this course, you’ll learn about what works and what doesn’t in Incident Response. This is not a dive into technical forensic investigation or other technical details. Rather, we will cover common-sense processes and best-practices that you already knew about or seem obvious once stated, but which your organization probably still struggles with all the time nevertheless. Chris will share how you can upgrade your security program by refocusing on basic security practices, clearly prioritizing risks, and preparing for the inevitable situations where an attack or accident matches up with a vulnerability and ruins your day. Just as Information Security is never a once-and-done activity, Incident Response has to be even more flexible, agile and responsive to counter never-ending attacks. Preparing your Incident Response Team with light-weight tools and well-practiced methods will go far toward fighting off attacks, mitigating vulnerabilities, and reducing overall business risks.

    3:00 pm
    ISSA Chapter Meeting and Presentation - Open to All Attendees
    • session level icon
    Topic: Panel Discussion on the Benefits of ISSA
    speaker photo
    Chapter President, ISSA Delaware Valley Chapter
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 4:00 pm
    Location / Room: Parkview Ballroom

    Interested in your local associations? Join ISSA for a chapter meeting and guest presentation. This session is open to all attendees.
    Presentation Details:
    Scott Laliberte, ISSA Delaware Valley Chapter President for over 10 years and Global Leader of Protiviti’s Cyber Practice, will moderate the panel discussing the benefits of ISSA. Panelists include Dean Henry long time ISSA Senior Member, Paul Moran Chapter Vice President for over 15 years 9retiring his board position in 2020), Alicia Leone former ISSA program chair, and Justin Byer recent graduate who became an ISSA member while still an undergraduate in college. The panel will explore the many benefits ISSA provides and how these members have leveraged ISSA to help them with professional development, networking and job advancement.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

     

    4:00 pm
    GuidePoint Reception
    • session level icon
    Join us for complimentary drinks and appetizers inside the venue
    Registration Level:
    • session level iconOpen Sessions
    4:00 pm - 7:00 pm
    Location / Room: Valley Tavern Inn (Inside the Venue)

    Join GuidePoint and partners for a social hour after Day 1. Come discuss the day’s events, network with security peers, and enjoy beverages and
    hors d’oeuvres. Compliments of GuidePoint and partners.
    Register Now

    Valley Tavern Inn, Radisson Hotel
    (Inside the venue)
    March 18th  • 4 – 7 p.m.
  • Thursday, August 27, 2020
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    [SecureWorld PLUS] Part 3 - Securing Your Organization with the NIST Cybersecurity Framework and CIS Top 20
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Founder & Chief Security Architect, Black Cipher Security
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Magnolia
    This education and training program includes the following key elements:
    • An introduction to the NIST Cybersecurity Framework (NIST CSF)
    • A process for adopting and validating your NIST CFS implementation
    • How to leverage the NIST CFS to complete compliance objectives
    • The skills needed to develop documentation such as:
    • Cybersecurity Strategy, System Security Plan (SSP)
    • Risk Assessment
    • Plan of Action and Milestones (POA&M)
    • Communicating cybersecurity results and requirements with stakeholders
    8:00 am
    [SecureWorld PLUS] Part 3 - The Evolution of Privacy and Cybersecurity Legal Trends: Strategies and Operational Tools to Help You Protect Your Organization
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Managing Partner, XPAN Law Group, LLC
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Maple

    This SecureWorld PLUS course will provide an administrative, legal, and technical overview of the Privacy and Cybersecurity Legal Landscape with operational tools to address the changing regulatory and legal landscape. Hands-on exercises to demonstrate the best approach to the dynamic legal requirements in the cyber and privacy space will be included. The sessions will involve the California Consumer Privacy Act (CCPA), the New York SHIELD Act, the Nevada’s Internet Privacy Law, and the European Union’s General Data Protection Regulation.

    Part 3: Data Subject Rights: Complying Across Regulatory Frameworks

    Data Subjects have numerous rights under both the GDPR and the CCPA. Being able to address those rights in the appropriate time frame and manner is a key element to compliance with those regulations. We will show how an organization can integrate administrative and technological requirements to address Data Subject requests. The third Session will take a hands-on approach. We will walk through several data subject requests and work through the administrative and technological mechanisms to address the requests.

    8:00 am
    [SecureWorld PLUS] Part 3 - Incident Response: Critical Actions Before, During and After an Incident
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, Salem Medical Center
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Juniper

    This course will emphasize the practical and prioritized steps to take before, during and after an incident to ensure your company is up to the challenges of effectively responding to incidents, making sure that little problems don’t become big, and that big problems don’t blow up your company. Effectively managing incidents is not usually about having advanced technologies or stringent policies. Rather, it’s about your Incident Response Team working together to execute the right basics in the right order at the right times. In this program, Chris will share stories of effective responses, examining why they were good, as well as responses that missed the mark by a little or a lot.
    This course will include:

    • Discussing what “risk” and “incident” usually mean – and what they really mean in your organization;
    • Designing and implementing a comprehensive incident response process that really works;
    • Defining the differences between events, incidents and breaches;
    • Learning about basic and pervasive security vulnerabilities and why they lead to so many security incidents and breaches;
    • Determining tools you need to manage and coordinate your incident response;
    • Leveraging your expertise as a security professional and how to communicate with others about incident response and keep them on engaged;
    • Imaging, qualifying, quantifying and prioritizing high-risk incident scenarios;
    • Next steps to prepare for your next incident.

    In this course, you’ll learn about what works and what doesn’t in Incident Response. This is not a dive into technical forensic investigation or other technical details. Rather, we will cover common-sense processes and best-practices that you already knew about or seem obvious once stated, but which your organization probably still struggles with all the time nevertheless. Chris will share how you can upgrade your security program by refocusing on basic security practices, clearly prioritizing risks, and preparing for the inevitable situations where an attack or accident matches up with a vulnerability and ruins your day. Just as Information Security is never a once-and-done activity, Incident Response has to be even more flexible, agile and responsive to counter never-ending attacks. Preparing your Incident Response Team with light-weight tools and well-practiced methods will go far toward fighting off attacks, mitigating vulnerabilities, and reducing overall business risks.

    8:30 am
    [Cloud Security Alliance] DV Chapter Meeting and Presentation - Open to all Attendees
    • session level icon
    Presenting: Cloud Security Career Planning and Certification
    speaker photo
    Cloud Security Architect, The Vanguard Group
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Parkview Ballroom

    Interested in your local associations? Join Cloud Security Alliance for a chapter meeting and guest presentation. All attendees are welcome.
    Presentation:
    Do you cringe when you hear the word ‘Cloud’? Is your security team trying to catch up with the SaaS, PaaS, IaaS platforms your IT and business already started to use? Do you want to jump on the cloud bandwagon (or copter) but don’t know where to start? Then join this discovery session presented by Cloud Security Alliance – Delaware Valley Chapter, a non-profit organization dedicated to promoting cloud security specific research, education, certification, and events.

    8:30 am
    Ransomware and Digital Extortion: Legal Issues and Practical Responses
    • session level icon
    speaker photo
    Partner, BakerHostetler
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Keynote Theater

    Ransomware incidents increased sharply in 2019 due to organizations’ existing security weaknesses and the development of increasingly sophisticated attack mechanisms specifically designed to exploit those weaknesses.

    This presentation will examine case studies of how ransomware is evolving, how organizations should prepare and respond to ransomware, and the legal issues surrounding payment of ransom demands, the compromise of sensitive information, and how to recover from an attack.
    Presentation Level: MANAGERIAL (security and business leaders)

    8:30 am
    Security For, From, and With Machine Learning and Artificial Intelligence Technologies
    • session level icon
    speaker photo
    Director of Information Security, NFI
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Laurel West

    As companies look to increase their operational efficiencies and competitive advantage, many are turning to machine learning (ML) and artificial intelligence (AI) to make better decisions faster. With this shift comes new challenges for businesses and security professionals to ensure these technologies remain effective, safe, unbiased, and ethical. Additionally, as AI and ML become more accessible to the masses, there is a growing risk that these technologies could be leveraged to launch sophisticated attacks. In this presentation, we will explore emerging threats related to AI and ML, as well as how security leaders can utilize these emerging technologies to better defend their organizations and respond to sophisticated attacks.
    Presentation Level: MANAGERIAL (security and business leaders)

    8:30 am
    Insider Threats: A Multi-Pronged Approach to Protecting Your Organization
    • session level icon
    speaker photo
    CISO & CPO, Cooper University Health Care
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Laurel East
    Insider threats are a real danger and cannot be overlooked. While deploying the latest secure system to fight against cyberthreats is a decent strategy, you must also implement an effective insider threat system for an overall cybersecurity soloution. An insider threat program cannot be brought off the shelf, but is a continuous process to identify an detect an incident as it occurs.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    [OPENING KEYNOTE] FBI Cyber Trends: Evolution of the Cyber Threat Landscape
    • session level icon
    speaker photo
    Cyber Special Agent, FBI
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Discussion of recent trends and a future outlook for cyber-enabled crime, drawing from the experience and perspective of a career FBI Cyber agent. This discussion will include recommendations to limit exposure, best practices to mitigate and recover from incidents affecting your environment, and what to expect when engaging with the FBI. Cyber-enabled crime is a means to an end, and each major threat has its own unique motivation “signature”. Understanding why your environment is a target is as equally important as defending it

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Revolution

    This session is for Advisory Council Members only.

    11:15 am
    [Mimecast] The Cyber Resilience Imperative and the Role of Pervasive Email Security 3.0
    • session level icon
    speaker photo
    Sales Engineer, Mimecast
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Laurel West
    Security breaches, data leaks, and email-based attacks are a real threat to your organization. How can you provide your organization with a defense in depth security strategy around email. Your organization can no longer just rely on protecting what’s yours or your partners’. You must be cognizant of everything that lives in the cybersphere. In this session, Justin will cover how your organization can secure your perimeter, inside your perimeter and beyond the perimeter.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    11:15 am
    [Panel] Third-Party Risk Management (TPRM) in the Cloud... the Wild, Wild Kingdom!
    • session level icon
    speaker photo
    Board Member and Technology Strategist, Cloud Security Alliance - Delaware Valley (CSA-DV)
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Keynote Theater

    Just when you think you’re starting to get the hang of cybersecurity and risk management in your own organization, you get the call from your leadership asking “What are we doing to make sure our vendors (BAA’s) and other third parties are as secure as we are?”  This question gets even harder as soon as your organization moves its operations to the cloud.  It used to be about making sure people got in an orderly line to get through the right doors, but that paradigm changes dramatically when there are no more doors.
    The panel consists of premiere leaders and practitioners of TPRM and Cloud Security in the Philadelphia area from diverse sectors such as Finance, Manufacturing and Healthcare, to discuss the challenges and best practices of managing third-parties when yours and their business runs through the cloud.

    Panel:  
    Brian Peister, Cyber and Third-Party Risk Management (TPRM) Officer at BNY Mellon
    George Makin, Information Security Manager at Federal Reserve Bank of Philadelphia
    Julia Yuabov, Third-Party Risk Manager, VP at TD Bank
    Mike Jordan, Vice President Research And Development at Shared Assessments (and former CSA-DV Board VP)
    Tammy Klotz, CISO at Versum Materials (and CSA-DV Board Member & Lehigh Valley sub-group Chair)

    11:15 am
    Global Data Protection Landscape: New Laws, Increased Scrutiny, Many More Challenges
    • session level icon
    speaker photo
    Partner, Park Legal LLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Parkview Ballroom

    As security professionals grapple with increasing cybersecurity risks, the exploding use of artificial intelligence, big data, and managing a multitude of apps and devices, their challenges–and those of the multinational organizations employing them–are increasing exponentially with new laws, regulations, guidance documents, regulator expectations–and much greater enforcement. The presenter is a seasoned data protection attorney who, for the past 16 years and continuing, has sat on a team with the data protection regulators in the U.S., E.U., Canada, and many other countries worldwide.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

     

    11:15 am
    Vetting Your Vendors: Understanding the “Chain of Control” of Data, Security Pitfalls in Third-Party Contracts, and Service Agreements
    • session level icon
    speaker photo
    Managing Partner, XPAN Law Group, LLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Laurel East

    One of the most important considerations in cybersecurity does not involve your own direct network security; it involves your partners and vendors. In the world of cybersecurity, you are only as strong as the weakest link in your vendor chain. The ease, convenience and cost effectiveness of outsourcing certain business functions frequently overshadows the potential pitfalls lurking in using outside third-parties and vendors. This presentation will discuss the steps your organization needs to take to ensure that any partners or vendors with access to your network systems or company data are meeting (at least) a minimum level of security requirements.
    You are only as secure as your weakest link: a holistic approach to cybersecurity requires an organization to take into account the security of your partners in order to decrease vulnerabilities and threats to an organization’s network infrastructure.

    12:15 pm
    [LUNCH KEYNOTE] Panel: Insights from Three Cyber Leaders on Their Past, Present, and Future
    • session level icon
    speaker photo
    VP & CISO, Federal Reserve Bank of Philadelphia
    speaker photo
    SVP & CISO, Radian Group
    speaker photo
    CISO, Versum Materials
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Have you ever wondered how to get to the cybersecurity leader’s seat in an organization? This session will provide insights into what got these three women CISOs to where they are today, what they like about it, what is not so fun, tips to get you to those leadership seats in the future, and what these leaders see on the horizon for this field.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    1:15 pm
    [Panel] Emerging Threats – Hackers and Exploits and Phishing Attacks! Oh My!
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    We all have heard email is the #1 attack vector. Based on the numbers we are seeing; it is pretty indisputable. But what about the other stuff? Zero Day exploits still make headlines. New ransomware attacks every week. IoT devices are easily hacked. BEC/CEO fraud attacks are at an all time high. Will AI be a tool for the hackers? Join our panelists as they share knowledge on the current threatscape and make some predictions on what is coming soon to a network near you.

    1:15 pm
    [Panel] Identity and Access Management – Zero Trust for the Win?
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Parkview Ballroom

    Authentication used to be a discreet decision with the purpose of securing a single access point. Today, the ability to utilize many different types of authentication—from passwordless authentication, to certificate-based authentication, to adaptive and multi-factor authentication—is the foundation of a robust access management framework. With all the terms flying around out there: MFA, 2FA, Zero Trust, IAM, etc. its hard to keep track of what is supposed to be working. Our experts will help demystify the jargon, provide best practices, and steer you away from common missteps.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    How Deception Technology Works to Level the Playing Field
    • session level icon
    speaker photo
    Chief Risk and Innovation Officer, MRS BPO, LLC
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Parkview Ballroom

    The greatest threat to an enterprise is the length of time it takes to uncover an attack and then discover what has breached. Deception Technology provides a unique way to find, identify and enable a quick response to hacking without delays. This technology provides an early warning system that can function at multiple levels to serve as a sophisticated trip wire, which helps mitigate or prevent theft of data and associated damage. Discover how using this technology allows the tables to be turned on the attackers, so that they can be watched, their behavior analyzed and their targets identified.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    3:00 pm
    API and Web Hacking: Methodology and Examination
    • session level icon
    speaker photo
    Partner, Information Security, DFDR Consulting
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Laurel West
    This session will give an overview of API and Web App Hacking techniques in the context of critical 0-days discovered by the presenter in major vendor networking equipment. CVE-2019-15993 and CVE-2020-3147, two critical issues discoverd by the presenter in Cisco, Dell, Netgear and other devices will be focused on, along with others.
    Presentation Level: TECHNICAL (deeper dive including TTPs)

    3:00 pm
    Implementing Good InfoSec Fast and Cheap: Surviving Carve Off from a Big Company
    • session level icon
    speaker photo
    CISO, Salem Medical Center
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Laurel East
    In 2019, Salem Medical Center in southern New Jersey (a small rural hospital), separated from a large hospital system and needed to quickly and inexpensively implement effective information security.

    We achieved this goal using a variety of third-party solutions including employment of a part-time, ‘virtual’ CISO, an outsourced Security Operations Center (SOCaaS), deployment of leading-edge endpoint protection, a Managed Detection and Response (MDR) system, and comprehensive Security Awareness Training, all with strong support from the management team.

    I’ll describe how we pulled everything together and share some hard-earned lessons about things we would do differently next time.

    4:00 pm
    Reception: AccessIT Group's March Madness Viewing Party
    • session level icon
    Join us for complimentary drinks and appetizers at The Yard House
    Registration Level:
    • session level iconOpen Sessions
    4:00 pm - 8:00 pm
    Location / Room: The Yard House (near the venue)

    Thursday, March 19 • 4 – 8 p.m.
    The Yard House, King of Prussia Mall (5-minute drive from SecureWorld)

    Join AccessIT Group and their Pavilion Partners to watch your favorite NCAA basketball teams following Day 2 of SecureWorld! Watch all the tournament games on multiple TVs. Food and beverages will be served.
    RSVP (Space is limited)

Exhibitors
  • AccessIT Group
    Booth: 10

    AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.

    AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.

  • Arctic Wolf Networks
    Booth: 13

    Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOCTMservice is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit https://www.arcticwolf.com.

  • Aqua Security
    Booth: 33

    Aqua Security helps enterprises secure their cloud native applications from development to production, whether they run using containers, serverless, or virtual machines. Aqua bridges the gap between DevOps and security, promoting business agility and accelerating digital transformation.

    Aqua’s Cloud Native Security portfolio provides full visibility and security automation across the entire application lifecycle and infrastructure, using a modern zero-touch approach to detect and prevent threats while simplifying regulatory compliance. Aqua customers include some of the world’s largest financial services, software development, internet, media, hospitality and retail companies, with implementations across the globe spanning a broad range of cloud providers and on-premise technologies.

  • Armis, Inc
    Booth: 20

    Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust Armis’ unique out-of-band sensing technology to discover and analyze all managed and unmanaged devices, analyze endpoint behavior to identify risks and attacks, and protect information and systems.

  • ASIS Greater Philadelphia
    Booth:

    ASIS International is the preeminent organization for security professionals, with more than 38,000 members worldwide. Founded in 1955, ASIS is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programs and materials that address broad security interests.

  • BitSight
    Booth: 31

    BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog or follow @BitSight on Twitter

  • BlackBerry Cylance
    Booth: 37

    BlackBerry Cylance develops artificial intelligence to deliver prevention-first, predictive security products and smart, simple, secure solutions that change how organizations approach endpoint security. BlackBerry Cylance provides full spectrum predictive threat prevention and visibility across the enterprise to combat the most notorious and advanced cybersecurity attacks. With AI-based malware prevention, threat hunting, automated detection and response, and expert security services, BlackBerry Cylance protects the endpoint without increasing staff workload or costs. We call it the Science of Safe. Learn more at www.cylance.com.

  • Check Point Security
    Booth: 50

    Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. We are committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.

  • Cloud Security Alliance – Delaware Valley Chapter
    Booth:
  • Corelight
    Booth: 34

    Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com 

  • CrowdStrike
    Booth: 9

    CrowdStrike Inc. (Nasdaq: CRWD), a global cybersecurity leader, is redefining security for the cloud era with an endpoint protection platform built from the ground up to stop breaches. The CrowdStrike Falcon® platform’s single lightweight-agent architecture leverages cloud-scale artificial intelligence (AI) and offers real-time protection and visibility across the enterprise, preventing attacks on endpoints on or off the network. Powered by the proprietary CrowdStrike Threat Graph®, CrowdStrike Falcon correlates over two trillion endpoint-related events per week in real time from across the globe, fueling one of the world’s most advanced data platforms for security.

    With CrowdStrike, customers benefit from better protection, better performance and immediate time-to-value delivered by the cloud-native Falcon platform. There’s only one thing to remember about CrowdStrike: We stop breaches. Qualifying organizations can gain full access to Falcon Prevent™ by starting a free trial. Learn more: https://www.crowdstrike.com/

  • CyberArk Software
    Booth: 16

    CyberArk (NASDAQ: CYBR) is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including 50 percent of the Fortune 500, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.

  • Cybereason
    Booth: 54

    Cybereason was founded in 2012 by a team of ex-military cybersecurity experts with the mission of detecting and responding to complex cyber-attacks in real time. Cybereason is the only Endpoint Detection and Response platform deployed in user space that detects both known and unknown attacks and connects isolated indicators of compromise to form a complete, contextual attack story. Cybereason’s behavioral analytics engine continuously hunts for adversaries and reveals the timeline, root cause, adversarial activity, related communication and affected endpoints and users of every attack. Cybereason provides security teams with actionable data, enabling fast decision making and proper response.

  • Darktrace
    Booth: 27

    Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,000 organizations to protect against threats to the cloud, email, IoT, networks and industrial systems.

    The company has over 1000 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.

  • deepwatch
    Booth: 51

    deepwatch’s cloud SecOps platform and relentless customer focus are redefining the managed security services industry. Designed to be different, deepwatch provides customers with world-class managed security services and unrivaled value by extending their cybersecurity teams, curating leading technologies into deepwatch’s cloud SecOps platform, and proactively driving their SecOps maturity.

  • Delta Risk
    Booth: 18

    Delta Risk is breaking the mold for managed security, delivering Security Operations Center (SOC)-as-a-Service and security services that bridge the gap to a modern security approach. We enable any size organization to leverage our expert security operations team and respond to endpoint, network, and cloud security threats 24×7. ActiveEye, our proprietary platform, uses Security Orchestration Automation and Response (SOAR) to cut through the noise and address the most critical threats faster. The ActiveEye Portal is the cornerstone of our customer-centric approach, providing clients a transparent view into SOC activities and Key Performance Indicators (KPIs) that demonstrate the value of our co-managed security approach.

  • DeSales University Cyber Security Program
    Booth: 26

    DeSales University offers an exciting digital forensics certificate program, composed of four courses, that teaches students how to recover evidence from various types of electronic devices. Students receive hands-on experience with popular forensic tools and are prepared to address the legal and investigative issues involved with seizing and handling digital evidence. Graduates of the certificate program can add more courses toward a master’s degree in criminal justice or information systems. All courses are online, allowing students with busy schedules greater flexibility.

  • Digital Shadows
    Booth: 35

    Digital Shadows monitors and manages an organization’s digital risk, providing relevant threat intelligence across the widest range of data sources within the open, deep, and dark web to protect their brand, and reputation.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Electronic Crimes Task Force
    Booth:

    The role of the U.S. Secret Service has gradually evolved since the agency’s 1865 inception, from its initial mandate — suppressing the counterfeiting of U.S. currency — to protecting the integrity of the nation’s financial payment systems. During this time, as methods of payment have evolved, so has the scope of the Secret Service’s mission. Computers and other chip devices are now the facilitators of criminal activity or the target of such, compelling the involvement of the Secret Service in combating cyber crime. The perpetrators involved in the exploitation of such technology range from traditional fraud artists to violent criminals – all of whom recognize new opportunities to expand and diversify their criminal portfolio.

  • Eurofins Cybersecurity
    Booth: 19

    Eurofins Scientific through its subsidiaries (hereinafter sometimes “Eurofins” or “the Group”) believes it is the world leader in food, environment and pharmaceutical products testing and in agroscience CRO services. It is also one of the global independent market leaders in certain testing and laboratory services for genomics, discovery pharmacology, forensics, advanced material sciences and for supporting clinical studies. In addition, Eurofins is one of the key emerging players in specialty clinical diagnostic testing in Europe and the USA. With about 45,000 staff in more than 800 laboratories across 47 countries, Eurofins offers a portfolio of over 200,000 analytical methods for evaluating the safety, identity, composition, authenticity, origin and purity of biological substances and products, as well as for innovative clinical diagnostic. The Group objective is to provide its customers with high-quality services, accurate results on time and expert advice by its highly qualified staff.

  • F5
    Booth: 49

    F5 provides solutions for an application world. F5 helps organizations seamlessly scale cloud, data center, telecommunications, and software defined networking (SDN) deployments to successfully deliver applications and services to anyone, anywhere, at any time. F5 solutions broaden the reach of IT through an open, extensible framework and a rich partner ecosystem of leading technology and orchestration vendors. This approach lets customers pursue the infrastructure model that best fits their needs over time. The world’s largest businesses, service providers, government entities, and consumer brands rely on F5 to stay ahead of cloud, security, and mobility trends

  • Fidelis Cybersecurity
    Booth: 23

    Fidelis Cybersecurity is a leading provider of threat detection, hunting and response solutions. Fidelis combats the full spectrum of cyber-crime, data theft and espionage by providing full visibility across hybrid cloud / on-prem environments, automating threat and data theft detection, empowering threat hunting and optimizing incident response with context, speed and accuracy.

    By integrating bi-directional network traffic analysis across your cloud and internal networks with email, web, endpoint detection and response, and automated deception technology, the Fidelis Elevate platform captures rich metadata and content that enables real-time and retrospective analysis, giving security teams the platform to effectively hunt for threats in their environment. Fidelis solutions are delivered as standalone products, an integrated platform, or as a 24×7 Managed Detection and Response service that augments existing security operations and incident response capabilities. Fidelis is trusted by Global 1000s and Governments as their last line of defense. Get in the hunt. For more information go to www.fidelissecurity.com.

  • FireMon
    Booth: 56

    FireMon is at the forefront of the security management category, delivering first-ever functionality such as firewall behavior testing, workflow integration, traffic flow analysis and rule recertification. Our solutions have helped more than 1,500 organizations around the world gain visibility into and control over their complex network security infrastructures.

  • ForeScout Technologies, Inc.
    Booth: 47

    ForeScout Technologies, Inc. has pioneered an agentless approach to network security to address the explosive growth of the Internet of Things (IoT), cloud computing and operational technologies (OT). We offer a highly scalable, heterogeneous platform that provides Global 2000 enterprises and government agencies with agentless visibility and control of today’s vast array of physical and virtual devices the instant they connect to the network. Our technology continuously assesses, remediates and monitors devices and works with disparate security tools to help accelerate incident response, break down silos, automate workflows and optimize existing investments. As of June 30, 2018, more than 2,900 customers in over 80 countries improve their network security and compliance posture with ForeScout solutions.

  • Gigamon
    Booth: 48

    Gigamon is leading the convergence of network and security operations to reduce complexity and increase efficiency of security stacks. Our GigaSECURE® Security Delivery Platform is a next generation network packet broker that makes threats more visible – across cloud, hybrid and on-premises environments, deploy resources faster and maximize the performance of security tools.

  • Global Cyber Alliance
    Booth:

    The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

  • Gradient Cyber
    Booth: 25

    We uniquely visualize an organization’s cybersecurity risks, reduce logs and alert noise to actionable insights and establish a cyber health roadmap for immediate value and long term improvements to its security posture.

  • GuidePoint Security LLC
    Booth: 51

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

  • HTCIA Delaware Valley Chapter
    Booth:

    The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge, about methods, processes, and techniques relating to investigation and security in advanced technologies among its membership.

    By becoming a member of the HTCIA you will affiliate yourself with a professional organization which will help you fully understand and address issues associated with investigations, apprehensions and methodologies associated with the newest breed of high tech criminals. With the explosion in use of computers and the Internet, there is an uprising in criminal activities that utilize these powerful tools. From computer viruses to data processing fraud, there are many growing threats that expose our society to a new kind of criminal activity.

  • InfraGard Philadelphia
    Booth:

    InfraGard is a partnership between the FBI and the private sector. It is an association of people from businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. Philadelphia InfraGard Members Alliance (IMA) provides a forum for the exchange of information between the government, the owners and operators of the national infrastructure, and others concerned with the protection of the national infrastructure. Philadelphia IMA supports eastern Pennsylvania and southern New Jersey. Membership is free and new members are welcome.

  • Insight’s Cloud + Data Center
    Booth: 44

    Insight’s Cloud + Data Center Transformation is a complete IT services and solution provider that helps organizations transform technology, operations, and service delivery to meet challenges and future-proof the business. As a client-focused integrator, we’re free to recommend the most appropriate solutions — across cloud, IT transformation, next-generation technology, and security.

  • ISACA Philadelphia
    Booth:

    The Philadelphia Chapter of ISACA has a membership base of more than 1,600 individuals primarily located in the Philadelphia and the surrounding suburbs, extending into Delaware and Southern New Jersey. The membership of the Chapter includes professionals working in various industries and capacities. From students through experienced C-level executives, the Philadelphia Chapter provides, training, networking and social events to this diverse group who share the common goal of providing expertise in IT audit, security, risk, and governance topics to their colleagues. The Chapter conducts events on a monthly basis led by an active, vibrant and dedicated group of volunteers and is actively seeking business partners to help provide value and knowledge to its members.

  • (ISC)2
    Booth:

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • ISSA Delaware Valley
    Booth:

    Our chapter serves the Delaware Valley and Mid-Atlantic region. This is comprised of Eastern Pennsylvania, Northern Maryland, Southern New Jersey, and Delaware.
    We are making history as we continue to grow the chapter with your membership, and bring exciting programs to you. If you have not already been involved in the membership meetings, we encourage you to do so. Hopefully, you will walk away with more ideas to take back to your organizations, or you may come away with a sense of – “Hey, we had that same problem”, or “Our company is not alone in dealing with these issues.”

  • Kenna
    Booth: 57

    Kenna was built on the premise that cyber risk must be managed as an enterprise-wide effort. We believe cyber risk can only be effectively mitigated when the whole organization works as one, focused in the same direction and on the right target.

  • Lacework
    Booth: 8

    Lacework automates security across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), providing a comprehensive view of risks across cloud workloads and containers. Lacework’s unified cloud security platform provides unprecedented visibility, automates intrusion detection, delivers one-click investigation, and simplifies cloud compliance.

  • Mimecast
    Booth: 28

    Mimecast Is Making Email Safer For Business.

    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service. Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • Okta
    Booth: 14

    Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

  • Optiv
    Booth: 42

    The world’s most trusted and reputable security solutions integrator, Optiv enables its clients to realize stronger, simpler and less costly cyber security programs. The company combines decades of real-world business, security strategy and technical experiences with in-depth security products knowledge to bring order to the cyber security chaos.

  • OWASP
    Booth:

    The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

  • PACT
    Booth:

    Philadelphia Alliance for Capital and Technologies (PACT)’s vision is to be the go-to resource for fast growing companies, and a driver of entrepreneurship and innovation in the Philadelphia region. PACT provides its members with valuable content and connections to capital, coaching, and customers that will accelerate their growth and success, and to collaborate with other organizations to drive innovation and entrepreneurship in the region. Visit www.philadelphiapact.com for more information.

  • Philadelphia Women in Cybersecurity Group
    Booth:

    Women make up only 11% of the cyber security workforce. With such low representation, it is essential that we advocate for and assist women as they navigate through the cyber security industry.
    Philadelphia Women & Cyber Security’s Mission:
    To provide opportunities to advance careers for professionals in Cyber Security through education, mentoring, and networking. A Supportive community for women in cyber security that works to promote and encourage women to develop their careers. We are open to any support for our mission from any gender.
    Come to the next Philadelphia Women and Cyber Security’s event to get to know other like-minded, female cyber security professionals in the area. We will discuss industry best practices, the latest security trends and solutions, and share lessons we’ve learned over the years.

  • Proofpoint
    Booth: 15

    Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.

    Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.

  • Rapid7
    Booth: 17

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • Recorded Future
    Booth: 53

    Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.

  • RedSeal
    Booth: 59

    At RedSeal, our vision is to become the essential analytics and decision-making platform for building digitally resilient organizations people can trust. We do this by becoming the measure by which every organization can quantify its digital resilience. As thought leaders on resilience, we envision every organization starting the security discussion with the question “What’s our Digital Resilience Score?” Founded in 2004, RedSeal is headquartered in Sunnyvale, California.

  • ReliaQuest
    Booth: 29

    ReliaQuest fortifies the world’s most trusted brands against cyber threats with its platform for proactive security model management. Acting as a force multiplier on an organization’s existing cybersecurity investments, only ReliaQuest’s GreyMatter integrates disparate technologies to provide a unified, actionable view that fills the gaps in enterprise security programs.

  • SailPoint
    Booth: 16

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • SentinelOne
    Booth: 30

    SentinelOne is the future of Endpoint Protection. It unifies prevention, detection and response in a single platform driven by sophisticated machine learning and intelligent automation. With SentinelOne, organizations can detect malicious behavior across multiple vectors, rapidly eliminate threats with fully-automated, integrated response capabilities, and adapt their defenses against the most advanced cyber attacks.

  • Snyk
    Booth: 36

    Snyk is a developer-first security company that helps organizations use open source and stay secure. Snyk is the only solution that seamlessly and proactively finds and fixes vulnerabilities and license violations in open source dependencies and container images. Founded in 2015, Snyk is based in London, England.

  • Sumo Logic
    Booth: 60

    Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world.

  • Synopsys
    Booth: 43

    Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tenable
    Booth: 38

    Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

  • Tevora
    Booth: 73

    Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats. For more information visit https://www.tevora.com.com/.

  • Thycotic
    Booth: 58

    Thycotic empowers more than 10,000 organizations around the globe,
    from small businesses to the Fortune 500, to protect privileged accounts. We make enterprise-level privilege management accessible for everyone by eliminating dependency on complex security tools and prioritizing productivity, flexibility and control. You’ll achieve more with Thycotic – even in your first 30 days -than with any other privilege security tool.

  • Trend Micro
    Booth: 45

    Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.

  • Varonis
    Booth: 7

    Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • Vectra
    Booth: 52

    Vectra® is transforming cybersecurity by applying advanced AI to detect and respond to hidden cyberattackers before they can steal or cause damage. Powered by AI, Vectra and its flagship Cognito® platform enable the world’s most consequential organizations to automatically detect cyberattacks in real time and empower threat hunters to perform highly conclusive incident investigations. Vectra reduces business risk by eliminating security gaps in cloud, data center and enterprise environments.

  • Philadelphia Women in Cybersecurity Group
    Booth:

    Women make up only 11% of the cyber security workforce. With such low representation, it is essential that we advocate for and assist women as they navigate through the cyber security industry.
    Philadelphia Women & Cyber Security’s Mission:
    To provide opportunities to advance careers for professionals in Cyber Security through education, mentoring, and networking. A Supportive community for women in cyber security that works to promote and encourage women to develop their careers. We are open to any support for our mission from any gender.
    Come to the next Philadelphia Women and Cyber Security’s event to get to know other like-minded, female cyber security professionals in the area. We will discuss industry best practices, the latest security trends and solutions, and share lessons we’ve learned over the years.

  • Women in CyberSecurity (WiCyS)
    Booth:

    Women in CyberSecurity (WiCyS) is the premier nonprofit organization with international reach dedicated to bringing together women in cybersecurity. Founded by Dr. Ambareen Siraj from Tennessee Tech University through a National Science Foundation grant in 2013, WiCyS offers opportunities and resources for its members and collaboration benefits for its sponsors and partners. The organization’s founding partners are Cisco, Facebook and Palo Alto Networks. WiCyS’ strategic partners include Amazon Web Services, Bloomberg, Cisco, Equifax, Facebook, Google, HERE Technologies, IBM, Lockheed Martin, Nike, Optum, Palo Alto Networks, PayPal, SANS Institute, Target, and University of California San Diego. To learn more about WiCyS, visit https://www.wicys.org.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Marc Tabago
    Solutions Engineer, Trend Micro

    As a Solutions Engineer, Marc Tabago works with enterprises to solidify and strengthen their digital security policies against malicious threat actors. However, he believes that having a concrete digital security posture starts at the use case level, driven and experienced by its users and not simply read off a PowerPoint slide. Once the dust settles and final scores are tallied, Marc hopes that participants leave the Threat Defense Challenge with a greater understanding of how to best secure a rapidly changing threat landscape (but he knows a prize would be pretty good, too).

  • speaker photo
    Kai Pfiester
    Founder & Chief Security Architect, Black Cipher Security
  • speaker photo
    Jordan Fischer
    Managing Partner, XPAN Law Group, LLC

    Jordan L. Fischer is co-founder and managing partner of XPAN Law Group, LLC, a boutique international cybersecurity and data privacy law firm, and certified Women-Owned. She focuses her practice on international data privacy and cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations, the GDPR, and the CCPA. Jordan has extensive experience in the intersection of law and technology. She is also an Assistant Professor of Law at the Thomas R. Kline School of Law at Drexel University.

  • speaker photo
    Chris Shull
    CISO, Salem Medical Center

    Chris Shull, CISSP, CIPP/E, CIPP/US, CIPM, FIP -- I am vCISO for Salem Medical Center and vCISO and vDPO for several other organizations. I make information security and privacy understandable, leading and transforming Information Security and Privacy Programs to meet regulatory, customer and real-world requirements. I have more than 25 years’ experience delivering, implementing and managing private, public and hybrid cloud-based systems, and have led InfoSec teams from both the vendor and company sides using ISO, NIST and other frameworks for SOC2, HIPAA, PCI/DSS, DFS/500, GDPR and CCPA compliance. Clients include Conair, Taiho Oncology, Versum Materials and Weichert.

  • speaker photo
    Sandy Bacik
    Sr. Compliance & Cybersecurity Auditor, Bacik Enterprises

    Sandy Bacik, CipherTechs Director Audit & Compliance, has over 20 years’ information protection experience in the areas of IT Audit/Compliance, BCP/DR, Incident Response, Physical security, Privacy, Policies/Procedures, Operations, and Management. She has managed, architected and implemented information assurance programs in a variety of environments and developed methodologies for assessments, audits, and security policy writing. She has performed and managed engagements for a variety of assessment type to ensure corporate compliance. Ms. Bacik has been heavily involved with local, national, and international security industry events. Ms. Bacik is an author and a member of the SecureWorldExpo Advisory Council.

  • speaker photo
    Vana Khurana
    Cloud Security Architect, The Vanguard Group

    Vana Khurana, Cloud Security Architect, The Vanguard Group, CISSP, AWS Certified Architect (A), CCSP, CCSK, GSEC and TOGAF certified. Director of Training and Board Member of Cloud Security Alliance Delaware Valley Chapter. Also, an Adjunct Faculty at Temple University, Philadelphia.

  • speaker photo
    James Goepel
    Treasurer and Member, Board of Directors, Cybersecurity Maturity Model Certification (CMMC) Accreditation Body

    James Goepel is Treasurer and Member, Board of Directors for the CMMC-AB. He is also an adjunct professor of Cybersecurity at Drexel University and CEO of Fathom Cyber, a trusted agent for senior management and developer of defensible cybersecurity strategies. Jim earned his BSECE from Drexel and his JD and LLM degrees from George Mason University. He worked in the IT and security industries for nearly two decades, including as a Network Administrator for the US House of Representatives and as a lawyer and technologist for a wide range of cybersecurity companies, including system developers, research institutions, and software vendors.

  • speaker photo
    Mark Eggleston
    VP, Chief Information Security and Privacy Officer, Health Partners Plans
  • speaker photo
    John Grim
    Head | Research, Development, Innovation, Verizon Threat Research Advisory Center

    John has over 17 years of experience investigating, and leading teams investigating, data breaches and cybersecurity incidents within the government and civilian security sectors. Currently, John heads the Verizon Threat Research Advisory Center (VTRAC) research, development, and innovation effort. In this role, he focuses on researching cybersecurity incidents, performing digital forensic examinations, advising on data breach containment and eradication efforts, and creating data breach response preparedness training and breach simulation exercises for customers worldwide. Prior to joining Verizon, John served 12 years with the U.S. Army investigating security-related incidents with eight years specifically focused on network intrusion investigations and forensic examinations.

  • speaker photo
    Jeremy Castleman
    Cloud Security Specialist, Check Point Software Technologies

    Jeremy Castleman is the Cloud Security Specialist supporting the Cloud Team for Check Point Software Technologies. Jeremy brings 15 years of experience in technology sales, marketing, business development and cloud migration services in the partner ecosystem. He has worked in multiple countries around the world, in various markets, and across verticals, which provides Cybersecurity insights in the changing digital landscape. He has contributed to cloud security road shows, boot camps, podcasts, partner trainings, and has been a featured speaker at numerous industry trade shows and conferences.

  • speaker photo
    Bryan Orme
    Principal & Partner, GuidePoint Security

    Bryan Orme leads the Information Assurance consulting organization; which includes Application Security, Cloud Security, Governance, Risk, and Compliance Services, Threat and Attack Simulation, Incident Response and Forensics. Additionally, Bryan leads the internal IT and Information Security teams as well as the Project Management Office and Services Operations. Bryan also serves on the Board of Directors of deepwatch, a Managed Security Services Provider. Since 2001, his primary focus has been on designing and implementing comprehensive Information Security programs and assisting clients with building business-aligned Information Security programs to mitigate risks associated with today’s increasingly sophisticated array of threats. Bryan has extensive backgrounds in multiple disciplines within Information Security, including Security Program Strategy, Application Security, Penetration Testing, PCI DSS, Incident Response and Forensics, and Vendor Management. Prior to joining GuidePoint, Bryan was the Director of Information Security for Capital One. His accomplishments there included building and leading the Application Security, Vendor Management, and PCI DSS Programs. He is a frequent speaker at industry conferences including OWASP, SecureWorld, HP Protect, ISSA, ISACA, and HIMSS on a wide array of Information Security topics. Bryan also served as a member of multiple Special Interest Groups of the PCI Security Standards Council. He earned a Bachelor’s degree from James Madison University and a MBA from the Robert H. Smith School of Business at the University of Maryland. Bryan holds QSA, CISSP, and CISM certifications.

  • speaker photo
    Ernest Dunn
    Regional Partner – Mid Atlantic, GuidePoint Security
  • speaker photo
    Sunny Notani
    Special Agent, United States Secret Service

    Sunny Notani has worked as a Special Agent for the United States Secret Service for 18 years. SA Notani was initially assigned to the New York Field Office (NYFO) for eight years. During his time in the NYFO, SA Notani specialized in Financial Institution Fraud, Electronic Crimes, Network Intrusions, and Social Engineering. SA Notani was assigned to the Vice Presidential Protection Detail (VPD) for six and half years. During his time on VPD, SA Notani conducted over 20 high-profile protection lead advances for the Vice President. Currently, SA Notani is the Program Manager for the Philadelphia Electronic Crimes Task Force.

  • speaker photo
    Will Mishra
    Cybersecurity Manager, Darktrace

    Will Mishra is a Cyber Security Manager at Darktrace, the world’s leading machine learning company for cyber defense. He has worked extensively with clients across numerous industry verticals, from financial services to manufacturing, helping them deploy Darktrace’s Enterprise Immune System, the only AI technology capable of detecting and autonomously responding to early-stage cyber-threats. Mishra graduated with a bachelor’s degree from Washington University in St. Louis and is based out of Darktrace’s New York City office.

  • speaker photo
    Gabriel Doncel
    Director, Information Security, Drexel University

    Gabriel Doncel joined Drexel University in 2019 where is currently Director of Information Security. He is also part of the University of Delaware and Wilmington University Adjunct Faculty. As a member of the Information Security team at Drexel, and working closely with the campus community and outside parties, his focus is to protect the people, information and systems of Drexel University. Prior to joining Drexel, Gabriel was Cybersecurity Resiliency Program Manager at Christiana Care Health System. He earned a Bachelor of Science degree in Computer & Network Security from Wilmington University, a Master of Science degree in information Systems and Technology Management, and a Master in Business Administration, both from the University of Delaware. His certifications include CISSP as well as C|CISO.

  • speaker photo
    Moderator: Rosemary Christian
    Founder & President, Philadelphia Women and Cyber Security

    Rosemary Christian is the founder and president of the Philadelphia Women & Cyber Security. She has worked in the cybersecurity industry for the last 3 years at AccessIT Group assisting customers with evaluations of their current cybersecurity programs to help them mature their overall security posture. She has a demonstrated passion, knowledge and proven ability to engage others in the emerging market needs for cyber security initiatives.

  • speaker photo
    Christina Griffin
    IT Security and Risk Manager, Chatham Financial

    Cybersecurity professional specializing in risk management and information security. She holds an MBA, a master’s in information technology leadership, and also has a CISSP certification. She has professional experience working in both higher education and finance industries and is currently employed as an IT Risk and Security Manager at Chatham Financial. As a member of the Philadelphia Women in Cybersecurity, she is currently on the board as the communications chair.

  • speaker photo
    Devon Campbell
    Digital Forensic Examiner, TransPerfect Legal Solutions

    Devon Campbell is a Digital Forensic Examiner at TransPerfect Legal Solutions in the Forensic Technology and Consulting division. Devon has experience conducting forensic examinations of mobile devices, computers, social media data, cloud-based data, and email data. Prior to joining TransPerfect Legal Solutions, Devon earned her Master's degree in Digital Forensics from DeSales University, then went on to work as a Digital Forensic Examiner with the Philadelphia District Attorney’s Office and the Lehigh County District Attorney’s Office. In these roles, Devon actively analyzed and investigated digital devices of evidentiary value related to active investigations and cases held for court. Devon is considered an expert witness in matters relating to digital forensics. She has testified in numerous court cases involving digital evidence.Devon instructed various digital forensics courses at the graduate and undergraduate level at DeSales University. Now, Devon brings her experience to her role as a member of the TransPerfect Forensic Technology and Consulting team.

  • speaker photo
    Larry Snyder
    Associate Professor, Bloomsburg University of Pennsylvania

    Professor Larry Snyder has nearly two decades of experience in law enforcement, fraud, and auditing in the US Army and a variety of industries, and 15 years in the field of cybersecurity education. Larry believes that cybersecurity strategists must have a broad understanding of the cyber issues facing organizations, as well as the skills needed to deter cybercrimes. Systems, processes, and all of the people within an organization must be managed holistically and diligently to minimize risks and optimize responsiveness.

  • speaker photo
    Kai Pfiester
    Founder & Chief Security Architect, Black Cipher Security
  • speaker photo
    Jordan Fischer
    Managing Partner, XPAN Law Group, LLC

    Jordan L. Fischer is co-founder and managing partner of XPAN Law Group, LLC, a boutique international cybersecurity and data privacy law firm, and certified Women-Owned. She focuses her practice on international data privacy and cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations, the GDPR, and the CCPA. Jordan has extensive experience in the intersection of law and technology. She is also an Assistant Professor of Law at the Thomas R. Kline School of Law at Drexel University.

  • speaker photo
    Chris Shull
    CISO, Salem Medical Center

    Chris Shull, CISSP, CIPP/E, CIPP/US, CIPM, FIP -- I am vCISO for Salem Medical Center and vCISO and vDPO for several other organizations. I make information security and privacy understandable, leading and transforming Information Security and Privacy Programs to meet regulatory, customer and real-world requirements. I have more than 25 years’ experience delivering, implementing and managing private, public and hybrid cloud-based systems, and have led InfoSec teams from both the vendor and company sides using ISO, NIST and other frameworks for SOC2, HIPAA, PCI/DSS, DFS/500, GDPR and CCPA compliance. Clients include Conair, Taiho Oncology, Versum Materials and Weichert.

  • speaker photo
    Moderator: Scott Laliberte
    Chapter President, ISSA Delaware Valley Chapter

    Scott Laliberte, President of ISSA Delaware Valley Chapter for over 10 years, has grown the chapter significantly by creating a collaborative community for Cyber Security professionals to share their knowledge and experience and satisfy their CPE needs. Scott also leads Protiviti’s Emerging Technology practice where he enables clients to leverage emerging technologies to solve complex business problems and manage risk. His team specializes in many technology areas including Artificial Intelligence (AI) and Machine Learning, Internet of Things (IoT), Cloud, Blockchain, and Quantum Computing. In previous roles, Scott was the Global leader of Protiviti’s Cyber Security Practice.

  • speaker photo
    Happy Hour
  • speaker photo
    Kai Pfiester
    Founder & Chief Security Architect, Black Cipher Security
  • speaker photo
    Jordan Fischer
    Managing Partner, XPAN Law Group, LLC

    Jordan L. Fischer is co-founder and managing partner of XPAN Law Group, LLC, a boutique international cybersecurity and data privacy law firm, and certified Women-Owned. She focuses her practice on international data privacy and cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations, the GDPR, and the CCPA. Jordan has extensive experience in the intersection of law and technology. She is also an Assistant Professor of Law at the Thomas R. Kline School of Law at Drexel University.

  • speaker photo
    Chris Shull
    CISO, Salem Medical Center

    Chris Shull, CISSP, CIPP/E, CIPP/US, CIPM, FIP -- I am vCISO for Salem Medical Center and vCISO and vDPO for several other organizations. I make information security and privacy understandable, leading and transforming Information Security and Privacy Programs to meet regulatory, customer and real-world requirements. I have more than 25 years’ experience delivering, implementing and managing private, public and hybrid cloud-based systems, and have led InfoSec teams from both the vendor and company sides using ISO, NIST and other frameworks for SOC2, HIPAA, PCI/DSS, DFS/500, GDPR and CCPA compliance. Clients include Conair, Taiho Oncology, Versum Materials and Weichert.

  • speaker photo
    Vana Khurana
    Cloud Security Architect, The Vanguard Group

    Vana Khurana, Cloud Security Architect, The Vanguard Group, CISSP, AWS Certified Architect (A), CCSP, CCSK, GSEC and TOGAF certified. Director of Training and Board Member of Cloud Security Alliance Delaware Valley Chapter. Also, an Adjunct Faculty at Temple University, Philadelphia.

  • speaker photo
    Daniel Pepper
    Partner, BakerHostetler

    Dan Pepper is a partner on BakerHostetler's Privacy and Data Protection team. Utilizing 25 years of comprehensive experience in information technology, data privacy, and cybersecurity law, Dan advises clients on proactive data security practices, data breach incident response, and regulatory compliance. He frequently handles security incidents and has interacted with federal and state agencies and forensic service providers, overseen investigations, and designed post-incident response notification and remediation plans.

  • speaker photo
    Joshua Cloud
    Director of Information Security, NFI

    Joshua Cloud is currently serving as the director of information security for NFI. He has over 20 years of infrastructure and security leadership experience spanning professional services, manufacturing, retail, and logistics industries in countries all over the world. Cloud is a transformational security leader with a business focus who evangelizes the value of pragmatic cyber risk management and executive alignment. He currently leads a team of security professionals at the new NFI headquarters on the Camden, NJ, waterfront.

  • speaker photo
    Phil Curran
    CISO & CPO, Cooper University Health Care

    Phil Curran has more than 25 years of experience in information security and privacy in the military, government and private sectors. As the Chief Information Assurance Officer and Chief Privacy Officer at Cooper University Health Care in Camden NJ, he is responsible for managing governance and regulatory compliance, risk assessment and management, threat intelligence and vulnerability assessment, privacy and security investigations, business continuity, and awareness and training. He has served on the Health Information Trust Alliance (HITRUST) task force to integrate privacy controls in the Common Security Framework and the development of the ISC2 Health Care Information Security and Privacy Practitioner. Phil serves on the Executive Committee for Secure World – Philadelphia and the Philadelphia and New Jersey Chapters of the CISO Executive Network. He has spoken on Information Security and Privacy issues at Secure World and HIMSS Privacy and Security.

  • speaker photo
    Adam Karcher
    Cyber Special Agent, FBI

    Special Agent Adam Karcher has been with the FBI for over 16 years running cyber investigations and operations across the full spectrum of criminal and national security programs. SA Karcher's experience spans local field investigations to national and international strategic engagement against the most sophisticated cyber threats. His current assignment focuses on field investigations of emerging threats in the cyber domain. SA Karcher’s most recent FBI Headquarters assignment was as the Deputy Director of the Office of Data Exploitation at the National Cyber Investigative Joint Task Force. Prior to joining the FBI, SA Karcher worked in the Biotechnology sector.

  • speaker photo
    Justin Bourgeois
    Sales Engineer, Mimecast

    Justin Bourgeois is a Solution Engineer at Mimecast. He has a background in implementation project management, IT consulting and has spent his off time programming as a hobby. Justin’s main responsibility is educating people about the ever-evolving threat landscape that not only threatens their infrastructure but also their partners and the global community at large.

  • speaker photo
    Moderator: Boris Vishnevsky
    Board Member and Technology Strategist, Cloud Security Alliance - Delaware Valley (CSA-DV)

    Boris Vishnevsky, MBA, CISSP, DIA is a board member and advisor of the Cloud Security Alliance- Delaware Valley Chapter, Distinguished IT Architect of the Open Group and is a frequent speaker and presenter, taking part in review panels and advising innovative Cyber Security Companies. Mr. Vishnevsky is a solutions principal advising companies on cybersecurity, complex solutions, and global cloud transformation initiatives. He has led large-scale system modernization, cloud transformation, and technology innovations at IBM where he developed many state-of-the-art cloud-based AI-Assisted cybersecurity, public safety, and counter fraud solutions. Mr. Vishnevsky also serves an Adjunct Professor at Thomas Jefferson University where he is teaching enabling technologies for a Digital Transformation course as part of the Doctorate Program in Strategic Leadership.

  • speaker photo
    Joan Antokol
    Partner, Park Legal LLC

    Joan has experience as an in-house global privacy officer for a Fortune 500 company, and also served as a Partner and chair of the data privacy practice for a large international law firm. Since 2010, she has operated her own law firm, Park Legal, LLC, with offices in New Jersey and Indianapolis. Since 2003, Joan has been invited to be a member of the International Working Group on Data Protection in Technology (IWGDPT), which is an international group of data protection regulators chaired by the Berlin Data Protection Commissioner. Joan has also presented multiple times at the International Data Protection Commissioners' Conferences and has written a number of articles on data protection and security topics.

  • speaker photo
    Jordan Fischer
    Managing Partner, XPAN Law Group, LLC

    Jordan L. Fischer is co-founder and managing partner of XPAN Law Group, LLC, a boutique international cybersecurity and data privacy law firm, and certified Women-Owned. She focuses her practice on international data privacy and cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations, the GDPR, and the CCPA. Jordan has extensive experience in the intersection of law and technology. She is also an Assistant Professor of Law at the Thomas R. Kline School of Law at Drexel University.

  • speaker photo
    Nancy Hunter
    VP & CISO, Federal Reserve Bank of Philadelphia

    Nancy Hunter is the VP, CISO and Data Privacy Security Officer at the Federal Reserve Bank of Philadelphia. With more than 25 years of experience in technology including 15 years in Information Security, Nancy joined the Federal Reserve Bank in 2017 where is accountable for Information Security Operations and Consulting, Information Risk Management, Records Management, and guides the implementation of the Bank’s data and system privacy program and serves as Bank representative in System data privacy policy setting. Nancy is certified in Risk and Information Systems Controls (CRISC) and holds a B.A. in Mathematics from Temple University.

  • speaker photo
    Donna Ross
    SVP & CISO, Radian Group
  • speaker photo
    Tammy Klotz
    CISO, Versum Materials

    Tammy Klotz is the Chief Information Security Officer for Versum Materials. She is responsible for the Cyber Security Program at Versum which includes Information Risk Management, Plant Cyber Security as well as IT Security, Risk & Compliance activities.
    Ms. Klotz has been with Versum since their start-up in October 2016 and was responsible for standing up all security services required for the new company as part of their spin-off from Air Products & Chemicals. Versum is a $1.3B global electronic materials company with manufacturing operations in 14 facilities across North American & Asia. Prior to her role at Versum, Tammy worked at Air Products & Chemicals for 25 years in a variety of leadership roles. Highlights of her Air Products career include IT Communications, Service & Business Relationship Management, global leadership of multiple IT support teams and IT Audit Manager.
    Ms. Klotz is a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and is also Certified in Risk and Information Systems Control (CRISC). She is a Governing Body Member of the Philadelphia Chapter of Evanta, participates in Delaware Valley Cloud Security Alliance activities and is involved with the Philadelphia Women & Cyber Security group. Tammy is also a 2019 Nominee for T.E.N Information Security Executive® of the Year.

  • speaker photo
    Michael Meyer
    Chief Risk and Innovation Officer, MRS BPO, LLC

    Michael Meyer, MPSTM, CISSP, CIPP/US, CIPM, FIP, CISM, CRVPM II, CRISC, CISA, is the Chief Risk and Innovation Officer of MRS BPO. He is responsible for overseeing the company’s enterprise innovation, risk management and security initiatives for its Fortune clients. Michael has been with MRS for over 20 years and previously served in the Chief Security and Chief Information Officer roles. He has a Master’s degree in Technology Management from Georgetown University and a Bachelor’s degree in Computer Science from Rutgers University. Prior to MRS, he owned a consulting company, taught secure government systems globally and was in Military Intelligence.

  • speaker photo
    Ken Pyle
    Partner, Information Security, DFDR Consulting

    Ken Pyle is a partner of DFDR Consulting specializing in Information Security, Computer Forensics, Enterprise Virtualization, and Network Engineering. Ken has an extensive background in Network Penetration and Remediation, Compliance, and exploit development. Ken has published exploit research and vulnerabilities for a large number of companies, including Dell, Cisco, Sonicwall, Sage Software, and DATTO. Ken’s academic work includes social engineering research, election interference,, application of sociology and psychological factors to phishing campaigns, and technical work on next generation attacks.

  • speaker photo
    Chris Shull
    CISO, Salem Medical Center

    Chris Shull, CISSP, CIPP/E, CIPP/US, CIPM, FIP -- I am vCISO for Salem Medical Center and vCISO and vDPO for several other organizations. I make information security and privacy understandable, leading and transforming Information Security and Privacy Programs to meet regulatory, customer and real-world requirements. I have more than 25 years’ experience delivering, implementing and managing private, public and hybrid cloud-based systems, and have led InfoSec teams from both the vendor and company sides using ISO, NIST and other frameworks for SOC2, HIPAA, PCI/DSS, DFS/500, GDPR and CCPA compliance. Clients include Conair, Taiho Oncology, Versum Materials and Weichert.

  • speaker photo
    Happy Hour
Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Invest in yourself

Join your InfoSec peers for high-quality, affordable training and collaboration. Sign up today!