Open Sessions
Conference Pass
SecureWorld Plus
VIP / Exclusive
- Wednesday, April 19, 20237:30 amRegistration openRegistration Level:
Open Sessions
7:30 am - 4:30 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] Cybersecurity and Risk Economics: Part 1Leader in Cybersecurity Strategy, Innovation, and EconomicsRegistration Level:SecureWorld Plus
7:30 am - 9:00 amThis PLUS Course will cover cyber metrics; cyber risk quantification; efficacy (effectiveness) / efficiency ; resource allocation/management; and more.7:30 am[PLUS Course] Operationalizing Privacy Laws into Your Organization: Part 1An Overview of US and Global Privacy LawsCyber Attorney, Global Leader of Privacy Practice Group, Octillo LawRegistration Level:SecureWorld Plus
7:30 am - 9:00 amThis SecureWorld PLUS course will focus on key privacy laws and concepts, and how to implement privacy into your organization. The main components that the course will cover include:
- Overview of US and Global Privacy Laws
- Building an Effective and Practical Privacy and Security compliance program
- Creating a process to respond to data subject rights
- Addressing key privacy concepts: data minimization, privacy by design, data protection impact assessments, responding to privacy breaches.
Increasingly, each country, and even each state, is providing unique legal solutions to data privacy and information security. For businesses that cross borders, both national and domestic, this creates distinct challenges to building effective solutions that address legal requirements while also allowing a business to innovate and evolve. These changing privacy, security and technology requirements are impacting the growth and innovation within companies, requiring strategic decisions regarding risk, legal liability, and strategic planning.
Often, understanding the requirements of the law, and translating those requirements into technological solutions can be challenging. However, companies that are operationalizing privacy and information security within their organizations are able to address these evolving legal requirements while balancing growth and new opportunities. This workshop will provide in-depth understanding of those legal requirements, and provide a framework to help the industry incorporate privacy and security within their operations so that the law can work hand-in-hand with the business, and not become a barrier for the businesses growth and evolution.
The course will include both lecture and hands-on exercises. The goal is for attendees to take away tools and strategies to bring this conversation to their teams and departments.
Session 1 of the course will start with an overview of general privacy and security legal and policy principles, and then will focus on the key laws and regulatory decisions that are pushing the privacy and security legal landscape, including the European Union’s General Data Protection Regulation (“GDPR”), the Federal Trade Commission (“FTC”) rules and regulations, the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), and the various U.S. state privacy laws. Using these laws, we will discuss case studies, and how to communicate, plan, and strategize on products and solutions that
incorporate privacy and security requirements.8:00 amExhibitor Hall openRegistration Level:Open Sessions
8:00 am - 4:30 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amAssociation Chapter MeetingsRegistration Level:Open Sessions
8:00 am - 8:50 amParticipating professional associations and details to be announced.
8:00 amAdvisory Council Roundtable Breakfast – (VIP / Invite only)VP & CISO, Global Infrastructure and Security Solutions, TE ConnectivityRegistration Level:VIP / Exclusive
8:00 am - 8:50 amThis roundtable discussion is for our Advisory Council members only.
9:00 am[Opening Keynote] Threats to National Security in CyberspaceJIOC Commander, United States Cyber CommandRegistration Level:Open Sessions
9:00 am - 9:45 amAs 2022 was a record-breaking year with the volume of cyberattacks, data breaches, and phishing scams on the rise, there was also an increase in state-sponsored hacktivism cases. In her keynote, Col. Candice Frost covers known hacking groups, their methods, motivations, and relationship to greater geopolitical developments. Col. Frost covers state-affiliated threats, while also touching other adjacent realms of the cyberthreat ecosystem, such as ransomware, DDoS attacks, and stolen information. In addition, she covers critical infrastructure, election security, and the security of local and state governments.9:45 amNetworking BreakRegistration Level:Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
10:15 amIncident Response: How to Triage Real and False AlarmsCISO, ActBlue Technical ServicesRegistration Level:Conference Pass
10:15 am - 11:00 amSession description coming soon.
10:15 am[SentinelOne] The Future of Cybersecurity Is AutonomousRegistration Level:Open Sessions
10:15 am - 11:00 amSession description coming soon.
11:10 am[Panel] There’s a Bad Moon on the Rise – Are You Ready?Identifying the Current Threat LandscapeRegistration Level:Open Sessions
11:10 am - 11:55 amLike the main character in the 1981 horror movie, An American Werewolf in London, cybercriminals continue to morph into something evil, lurking in the night (and day) to cause harm to people, organizations, and governments. Cue the Creedence Clearwater Revival song, Bad Moon Rising.
The cybersecurity community is smart and more than capable of thwarting bad actors, fangs and all. They have tools, technologies, partnerships across private and public entities, and solution vendors to help them along the way. Don’t forget about the consultants working hard to stay ahead of those wanting to do harm, as well.
Hear our panelists’ views on the current threat landscape, solutions they have to offer, and ideas they have for turning a bad moon into a harvest moon.
11:10 amSmall but Mighty: Building the Next Generation of Cybersecurity Professionals with Limited ResourcesFounder & Executive Director, Cybersecurity Gatebreakers FoundationRegistration Level:Conference Pass
11:10 am - 11:55 amThere are simply not enough people in the field of information security. According to the U.S. Department of Commerce, there are over half a million unfilled cybersecurity jobs in the U.S. Around the world, that number swells to an estimated 3.5 million jobs unfilled.Unfortunately, business leaders are constrained in their investment in the next generation of security professionals; security is, ultimately, a cost center. How then, with our limited budgets, time, and energy, can leaders build the next generation of cybersecurity professionals? After all, the cybersecurity professionals that we hire and train today will be the grizzled veterans that we need in the future.This session tackles practical tips and industry-proven methods for finding, training, and benefiting from incredible junior-level cybersecurity professionals for your growing information security team.11:10 amBEC Attacks: The Stealthiest and Most Lucrative ThreatRegistration Level:Open Sessions
11:10 am - 11:55 am12:00 pm[Lunch Keynote] Transforming Information Security for Businesses of All SizesCTO, Center for Internet SecurityRegistration Level:Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterIn order to combat cyber threats for organizations of all sizes and the supply chain, how information security is delivered and managed requires transformation. The burden of securing systems and networks has long been placed on the end organization, resulting in a distributed management requirement that does not scale. Requirements placed on the end organization exacerbate the burden, whereas “shift left,” setting requirements on the vendor, can alleviate it. Industry has a unique opportunity to aid a positive transformation to better scale security for solutions, with an aim towards improving the overall security posture and reducing the security professional deficit. Innovation to deploy security following scalable architectural patterns for security management is paramount.
12:00 pmAdvisory Council Lunch Roundtable – (VIP / Invite Only)Registration Level:VIP / Exclusive
12:00 pm - 12:45 pmAdvisory Council – VIP / INVITE ONLY
12:45 pmNetworking BreakRegistration Level:Open Sessions
12:45 pm - 1:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
1:15 pm[Panel] Hitting the Right Note with Your Network SecurityDeveloping an Incident Response PlanRegistration Level:Open Sessions
1:15 pm - 2:15 pmLocation / Room: Keynote TheaterA new attack vector (or two or eight) is identified daily, and who knows what is coming down the pike from those with nefarious intentions. How do cybersecurity professionals keep up and strike the right note in their symphony of defenses? Cybersecurity teams must have solid Incident Response (IR) plans in place to mitigate these attacks.
Our panel of experts reveals the instruments—tools, technologies, and systems—they have to offer so that cybersecurity band members are all playing the same tune on behalf of their organizations. They’ll identify current threats and solutions for each so public and private entities have an IR plan that balances defense and offense, creating a beautiful song.
1:15 pmBenchmarking Your Cybersecurity FrameworkRegistration Level:Conference Pass
1:15 pm - 2:15 pmMeasuring one’s cybersecurity framework against others in the same industry, or even outside of their vertical, can provide valuable insights into areas to improve or adjust.
2:15 pmNetworking BreakRegistration Level:Open Sessions
2:15 pm - 2:30 pmVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
2:30 pmPost-Incident: What Would We Have Done Differently?CISO, Flagship Credit AcceptanceRegistration Level:Conference Pass
2:30 pm - 3:15 pmIncidents don’t have to be major headline makers to significantly alter the security posture of an organization. Bryan Bechard will walk through how an attacker got into his company’s system, what they did while they were in, and he and his team’s reaction to it. Now with time to look back, Bechard reviews what the business would have done differently to reduce the impact and react faster.2:30 pmBarCode Podcast Recording: CISOs Riff on the Latest in CybersecurityFounder, BarCodeRegistration Level:Open Sessions
2:30 pm - 3:15 pmJoin this live recording of the BarCode podcast, a happy hour-style audio engagement that “sits at the intersection of cybersecurity and bar room banter.” Host and Founder Chris Glanden will interview SecureWorld Philadelphia speakers and guests throughout the session, and include Q&A from the audience, for a recording that will air the week following the conference.3:15 pmNetworking BreakRegistration Level:Open Sessions
3:15 pm - 3:45 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
3:45 pmCybersecurity as a Business DriverRegistration Level:Open Sessions
3:45 pm - 4:30 pmSavvy would-be customers be research companies and typically prefer to do business with those who have good cyber hygiene. How can a strong security posture be a business driver for your organization?
3:45 pm[PLUS Course] Cybersecurity and Risk Economics: Part 2Leader in Cybersecurity Strategy, Innovation, and EconomicsRegistration Level:SecureWorld Plus
3:45 pm - 5:15 pmThis PLUS Course will cover cyber metrics; cyber risk quantification; efficacy (effectiveness) / efficiency ; resource allocation/management; and more.3:45 pm[PLUS Course] Operationalizing Privacy Laws into Your Organization: Part 2Building an Effective and Practical Data Privacy and Information Security ProgramCyber Attorney, Global Leader of Privacy Practice Group, Octillo LawRegistration Level:SecureWorld Plus
3:45 pm - 5:15 pmSession 2 will focus on the key components of an effective and practical data privacy and information security compliance program. This session will include an overview of key compliance documentation, including policies, procedures, and supporting documentation. We will discuss how to build a program that addresses the regulatory and legal requirements, while also balancing your business’ unique infrastructure and organization.
- Thursday, April 20, 20237:30 amRegistration openRegistration Level:
Open Sessions
7:30 am - 4:30 pmLocation / Room: Registration Desk / LobbyCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] Cybersecurity and Risk Economics: Part 3Leader in Cybersecurity Strategy, Innovation, and EconomicsRegistration Level:SecureWorld Plus
7:30 am - 9:00 amThis PLUS Course will cover cyber metrics; cyber risk quantification; efficacy (effectiveness) / efficiency ; resource allocation/management; and more.7:30 am[PLUS Course] Operationalizing Privacy Laws into Your Organization: Part 3Operationalizing Your Data Privacy and Information Security ProgramCyber Attorney, Global Leader of Privacy Practice Group, Octillo LawRegistration Level:SecureWorld Plus
7:30 am - 9:00 amIn Session 3 and 4, we will focus on operationalizing your Data Privacy and Information Security Program, making it actionable for the teams that will implement the requirements into the organization’s day-to-day operations. With hands-on exercises and discussion, these sessions will provide step-by-step approaches to implementing key areas of your Data Privacy and Information Security Program, including data subject rights, privacy breaches, data protection agreements, cross-border data transfers, data mapping, and data protection impact assessments.
8:00 amExhibitor Hall openRegistration Level:Open Sessions
8:00 am - 4:30 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amAssociation Chapter MeetingsRegistration Level:Open Sessions
8:00 am - 8:50 amParticipating professional associations and details to be announced.
8:00 amAdvisory Council Roundtable Breakfast – (VIP / Invite only)Registration Level:VIP / Exclusive
8:00 am - 8:50 amThis roundtable discussion is for our Advisory Council members only.
9:00 am[Opening Keynote] Managing Through Transition: Merging People and TechnologiesCISO, CSCRegistration Level:Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterSession description coming soon.
9:45 amNetworking BreakRegistration Level:Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
10:15 amUnderstaffed and Under PressureVP, Information Security, Penn EntertainmentRegistration Level:Conference Pass
10:15 am - 11:00 amStaffing challenges continue to be a pain point for CISOs as they work to build – and keep – teams while staying on top of an ever growing threat landscape.
The digital world continues to change and grow, companies continue to become more agile, and the speed of delivery continues to increase. Those are just the tip of the iceberg for security leaders when it comes to building and keeping security teams. Lets talk about those challenges and more as we walk through the different options we have as security leaders to build the best team possible.
10:15 amSecuring the Supply ChainRegistration Level:Open Sessions
10:15 am - 11:00 amA discussion of managing third-party risk and how to manage expectations and contracts with vendors.
11:10 am[Panel] Lucy in the Cloud with DiamondsSecuring Your Cloud EnvironmentRegistration Level:Open Sessions
11:10 am - 11:55 amCan you “imagine” if The Beatles, when first starting out, had to deal with having their catalog of music hacked, stolen, and held for ransom simply because it was in an unsecure cloud setting? While it is possible for that to happen with their hit-laden collection of songs today, it’s merely a tiny example of how businesses operate at a minimum in a hybrid cloud environment—many in a cloud-only platform.
With that comes security issues and another major area which cybersecurity professionals must work diligently to protect.
Our panel of experts share the good, the bad, and the ugly of operating in a cloud environment, what it takes to make the move to hybrid or multi-cloud successful, how to protect data from insider and outsider threats, and what it takes to provide the support DevOps teams need.
11:10 am[Panel] Protecting Against OT and IoT ThreatsCISO, CovantaRegistration Level:Conference Pass
11:10 am - 11:55 amSession description coming soon.
11:10 amSecuring Your Sensitive Assets in a Cloud-First WorldRegistration Level:Open Sessions
11:10 am - 11:55 amKey take-away:
How to rethink database security controls in a cloud-first world.For most organizations, data repositories hold our most sensitive, mission critical assets. As enterprises continue their digital transformation journeys, data repositories and the sensitive assets within are more exposed than ever before for several reasons, including a dramatic rise in the:
- Amount of data created, collected, and stored
- Number of repositories storing sensitive data across clouds
- Number of users and applications that need access to data
12:00 pm[Lunch Keynote] CISO Panel: Identifying the Next Transformation Cybersecurity Professionals Face and Remaining ResilientVP & CISO, Global Infrastructure and Security Solutions, TE ConnectivityRegistration Level:Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterSession description coming soon.
12:00 pmAdvisory Council Lunch Roundtable – (VIP / Invite Only)Registration Level:VIP / Exclusive
12:00 pm - 12:45 pmAdvisory Council – VIP / INVITE ONLY
12:45 pmNetworking BreakRegistration Level:Open Sessions
12:45 pm - 1:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
1:15 pm[Panel] I Can See Clearly Now, the Threats Are GoneThreat Intelligence: The State of InfoSec TodayRegistration Level:Open Sessions
1:15 pm - 2:15 pmLocation / Room: Keynote TheaterZero Trust is considered by many to be a marketing buzzword, but what it really alludes to is having good, basic cybersecurity hygiene. It’s what any cybersecurity professional worth their salt has been doing, and does, daily. Ransomware, phishing, and BEC grab the headlines, but your run-of-the-mill cyberattacks can’t be ignored because of the shiny new thing garnering all the attention.
The CISO is like a musical conductor that must pay attention to all the resources at his or her disposal—be it people, tools, technologies, systems, and more. How is the organization handling security awareness training? What about staffing shortages affecting the organization, or even the vendors with which CISOs and their teams work?
Join our expert panel as they provide insights and takeaways on the state of the information security profession today, including tips for seeing clearly and staying ahead of threats.
1:15 pmRansomware: How to Stay out off the Front PagesRegistration Level:Open Sessions
1:15 pm - 2:15 pm2:15 pmNetworking BreakRegistration Level:Open Sessions
2:15 pm - 2:30 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
2:30 pmSecurity Awareness: Engaging People and Tracking the Right MetricsAssociate Director, Security Operations & Engineering, Spring HealthRegistration Level:Conference Pass
2:30 pm - 3:15 pmSession description coming soon.
2:30 pmBest Practices for InfoSec TeamsRegistration Level:Open Sessions
2:30 pm - 3:15 pmSession description to come.
3:15 pmNetworking Break and Dash for PrizesRegistration Level:Open Sessions
3:15 pm - 3:45 pmLocation / Room: Exhibitor HallVisit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.
Participating sponsors will announce their Dash for Prizes winners. Must be present to win.
3:45 pmTransitioning from CISO to CIO: What Changes?CIO, Morgan, Lewis & Bockius LLPRegistration Level:Conference Pass
3:45 pm - 4:30 pmA talk with Steve Naphy, CIO of Morgan Lewis, about his move from head of InfoSec to Chief Information Officer.
3:45 pmGoing Passwordless: Authentication Fact or Fiction?Registration Level:Open Sessions
3:45 pm - 4:30 pmAre your internal customers tired of passwords? Are you tired of easily breaking their passwords? Well, look no further. Passwordless authentication is upon us and can be achieved for multi-factor authentication (MFA), while making our internal customers happy. How is this possible? Come and listen with your colleagues as I share how we rolled it out, describe the lessons learned, and share who the players are.
Passwords are one of the most loathed controls in the wild. If you can’t beat ’em, join ’em. Learn who the passwordless alphas are and the lessons learned to achieve a win-win strategy within your company.
Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)
3:45 pm[PLUS Course] Cybersecurity and Risk Economics: Part 4Leader in Cybersecurity Strategy, Innovation, and EconomicsRegistration Level:SecureWorld Plus
3:45 pm - 5:15 pmThis PLUS Course will cover cyber metrics; cyber risk quantification; efficacy (effectiveness) / efficiency ; resource allocation/management; and more.3:45 pm[PLUS Course] Operationalizing Privacy Laws into Your Organization: Part 4Operationalizing Your Data Privacy and Information Security ProgramCyber Attorney, Global Leader of Privacy Practice Group, Octillo LawRegistration Level:SecureWorld Plus
3:45 pm - 5:15 pmIn Session 3 and 4, we will focus on operationalizing your Data Privacy and Information Security Program, making it actionable for the teams that will implement the requirements into the organization’s day-to-day operations. With hands-on exercises and discussion, these sessions will provide step-by-step approaches to implementing key areas of your Data Privacy and Information Security Program, including data subject rights, privacy breaches, data protection agreements, cross-border data transfers, data mapping, and data protection impact assessments.
- Critical StartBooth: TBD
Critical Start is a cybersecurity company with a holistic, customer-focused approach. We work with our customers to understand the impact of IT on their business and determine the associated risks. Using this risk profile, we can offer big-picture guidance on the strategies and controls that will enable them to effectively manage risk and improve security. Critical Start is 100% employee owned by a team of experts who are passionate about security, quality and service. For more information on what sets us apart, visit criticalstart.com.
- Qualys, Inc.Booth: TBD
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 120 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.
- ReliaQuestBooth: TBD
ReliaQuest, the force multiplier of security operations, increases visibility, reduces complexity, and manages risk with its cloud native security operations platform, GreyMatter. ReliaQuest’s GreyMatter is built on an open XDR architecture and delivered as a service anywhere in the world, anytime of the day, by bringing together telemetry from tools and applications across cloud, on-premises and hybrid cloud architectures. Hundreds of Fortune 1000 organizations trust ReliaQuest to operationalize security investments, ensuring teams focus on the right problems while closing visibility and capability gaps to proactively manage risk and accelerate initiatives for the business. ReliaQuest is a private company headquartered in Tampa, Fla., with multiple global locations. For more information, visit www.reliaquest.com.
- SentinelOneBooth: TBD
SentinelOne is the future of Endpoint Protection. It unifies prevention, detection and response in a single platform driven by sophisticated machine learning and intelligent automation. With SentinelOne, organizations can detect malicious behavior across multiple vectors, rapidly eliminate threats with fully-automated, integrated response capabilities, and adapt their defenses against the most advanced cyber attacks.
- ThreatLockerBooth: TBD
ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com
- WithSecureBooth: TBD
WithSecure™ (formerly F-Secure Business) is cybersecurity’s reliable partner. IT service providers, MSSPs and businesses—along with the largest financial institutions, manufacturers, and thousands of the world’s most advanced communications and technology providers—trust us for outcome-based cybersecurity that protects and enables their operations. Our AI-driven protection secures endpoints and cloud collaboration, and our intelligent detection and response are powered by experts who identify business risks by proactively hunting for threats and confronting live attacks. Our consultants partner with enterprises and tech challengers to build resilience through evidence-based security advice. WithSecure™ is part of F-Secure Corporation, founded in 1988, and listed on NASDAQ OMX Helsinki Ltd.
- Pete Lindstrom, InstructorLeader in Cybersecurity Strategy, Innovation, and Economics
Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.
- Jordan Fischer, InstructorCyber Attorney, Global Leader of Privacy Practice Group, Octillo Law
Jordan Fischer leads Octillo Law's Global Privacy Team, where she represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.
Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.
- Todd Bearman, ModeratorVP & CISO, Global Infrastructure and Security Solutions, TE Connectivity
Todd Bearman is the Chief Information Security Officer for TE Connectivity with responsibility for Information Security globally across nearly 150 countries with 75,000 employees.
Todd is responsible for ensuring collaboration and risk management across the corporate functions and business units where he leverages his leadership, technical, and business expertise to manage information and business risks. He manages the global Information Security Program defining strategy and executing on security initiatives.
Todd has over 25 years of information systems experience and has been involved with various aspects of Information Security for over 18 years.Prior to working at TE Connectivity, Todd was CISO at Towers Watson, as well as Director of Information Security at Commerce Bank (now TD Bank). Previously, Todd has spent much of his career as a consultant, helping global companies implement and improve their security programs.
- Col. Candice E. FrostJIOC Commander, United States Cyber Command
Candice E. Frost is the Joint Intelligence Operations Center Commander at the United States Cyber Command. As the commander, Colonel Frost leads over 200 employees from the Defense Intelligence Agency (DIA), National Security Agency, and Department of Defense, to provide and produce intelligence required to direct, operate, and secure Department of Defense networks, systems, and data; deter or defeat strategic threats to U.S. interests and infrastructure; and support achievement of Joint Force Commanders objectives.
Before serving in her current role, Colonel Frost was the Director of Foreign Intelligence with the Headquarters of the Army Staff, G-2. She was responsible for daily briefings of the future strategic environment to the Secretary of the Army, Chief of Staff of the Army, Vice Chief of Staff of the Army, and the Army G2.
Colonel Frost’s commitment to national security includes three decades of public service. Her career in intelligence and cyber, includes operational tours of duty in the Balkans, multiple deployments to Afghanistan, and currently, her work at Fort Meade. Candice was instrumental in the integration of women into combat arms and served close to half of her career in infantry divisions. Colonel Frost is an adjunct professor at Georgetown University teaching masters students in the Security Studies Program. She has spoken and instructed at colleges and universities to include Harvard, MIT, Columbia, Universities of Arizona, Florida, and Illinois. She also briefed the National Intelligence Council and spoke at conferences like RSA and the Billington Summit about technology and national security.
A graduate of the United States Military Academy at West Point, Colonel Frost holds masters degrees from Central Michigan University and the United States Army School of Advance Military Studies. Her awards and decorations include the Bronze Star, Legion of Merit, and Combat Action Badge. She is also the recipient of the Billington Cybersecurity Workforce Development Award, Business Council for Peace Lifetime Mentorship Award, and the Lifetime Achievement Award in Muscatine, Iowa.
She is a member of the Executive Advisory Council for AFCEA DC. COL Frost is the past recipient of numerous fellowships, including Seminar XXI at the Massachusetts Institute of Technology, the Army War College Fellowship with the Central Intelligence Agency, and the Foundation for Defense of Democracies Fellowship. Colonel Frost pivots in 2023 from the United States Army after more than twenty-five years of service.
- Panel Discussion
- Naomi BuckwalterFounder & Executive Director, Cybersecurity Gatebreakers Foundation
Naomi Buckwalter, CISSP CISM, is the Director of Product Security for Contrast Security and author of the LinkedIn course: “Training today for tomorrow's solutions - Building the Next Generation of Cybersecurity Professionals”. She is also the founder and Executive Director of Cybersecurity Gatebreakers Foundation, a nonprofit dedicated to closing the demand gap in cybersecurity hiring. She has over 20 years' experience in IT and Security and has held roles in Software Engineering, Security Architecture, Security Engineering, and Security Executive Leadership. As a cybersecurity career adviser and mentor for people around the world, her passion is helping people, particularly women, get into cybersecurity. Naomi has two Masters degrees from Villanova University and a Bachelors of Engineering from Stevens Institute of Technology.
- Kathleen MoriartyCTO, Center for Internet Security
Kathleen Moriarty, Chief Technology Officer, Center for Internet Security, has over two decades of experience. Formerly as the Security Innovations Principal in Dell Technologies Office of the CTO, Kathleen worked on ecosystems, standards, and strategy. During her tenure in the Dell EMC Office of the CTO, Kathleen had the honor of being appointed and serving two terms as the Internet Engineering Task Force (IETF) Security Area Director and as a member of the Internet Engineering Steering Group from March 2014-2018. Named in CyberSecurity Ventures, Top 100 Women Fighting Cybercrime. She is a 2020 Tropaia Award Winner, Outstanding Faculty, Georgetown SCS.
Kathleen achieved over 20 years of experience driving positive outcomes across Information Technology Leadership, IT Strategy and Vision, Information Security, Risk Management, Incident Handling, Project Management, Large Teams, Process Improvement, and Operations Management in multiple roles with MIT Lincoln Laboratory, Hudson Williams, FactSet Research Systems, and PSINet.
Kathleen holds a Master of Science Degree in Computer Science from Rensselaer Polytechnic Institute, as well as, a Bachelor of Science Degree in Mathematics from Siena College. Published work: "Transforming Information Security: Optimizing Five Concurrent Trends to Reduce Resource Drain," July 2020.
- Panel Discussion
- Bryan BechardCISO, Flagship Credit Acceptance
Bryan is a 20+ year InfoSec career professional currently serving as CISO for an auto finance company and teaching the next generation of InfoSec pros.
- Host: Chris GlandenFounder, BarCode
Chris Glanden is a veteran cybersecurity professional who is passionate about Security Systems, breakthroughs, vulnerabilities, and their mitigation and risk management.
- Pete Lindstrom, InstructorLeader in Cybersecurity Strategy, Innovation, and Economics
Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.
- Jordan Fischer, InstructorCyber Attorney, Global Leader of Privacy Practice Group, Octillo Law
Jordan Fischer leads Octillo Law's Global Privacy Team, where she represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.
Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.
- Pete Lindstrom, InstructorLeader in Cybersecurity Strategy, Innovation, and Economics
Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.
- Jordan Fischer, InstructorCyber Attorney, Global Leader of Privacy Practice Group, Octillo Law
Jordan Fischer leads Octillo Law's Global Privacy Team, where she represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.
Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.
- Mark Eggleston, CISSP, GSEC, CHPSCISO, CSC
Mark Eggleston is the chief information security officer (CISO) for CSC, responsible for the global security and privacy program design, operations and continual maturation. As a senior executive specializing in security and privacy program development and management, Mark’s unique background and expertise in information technology, program, and people management have positioned him as a thought leader and frequent industry speaker.
Mark started his career as a program manager and psychotherapist at a hospital serving children and adolescents. Later, Mr. Eggleston helped develop an internal compliance approach—complete with policies and tools—ensuring a geographically dispersed health care provider organization (across 19 states) complied with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Mr. Eggleston then transitioned to applying his HIPAA expertise at an HMO where he has implemented many successful security controls and technologies, including single sign-on (SSO), Identity and Access Management (IAM), Cloud Access security broker (CASB), and a vulnerability assessment program.
Mark received his Bachelor of Science in psychology from Radford University. Later, Mark received both his Master of social work and his post-baccalaureate certificate in management information systems from Virginia Commonwealth University. In addition, Mark holds CHPS, CHPS, and CISSP certifications.
- David LingenfelterVP, Information Security, Penn Entertainment
David Lingenfelter is the Vice President of Information Security at Penn Entertainment, responsible for ensuring the highest possible level of security for the rapidly changing risk landscape. David manages teams that oversee IT security and compliance for both the retail and digital aspects of the business. David believes that in order to implement a successful security program it’s important for everyone to understand the threats and risks that could adversely impact the business.
Prior to joining Penn Entertainment, David oversaw security for the MaaS360 mobile device management platform at IBM. During his tenure at IBM, David helped onboard and integrate the team supporting MaaS360 as part of the acquisition of Fiberlink Communications into IBM. Prior to the acquisition by IBM, David was the Information Security Officer at Fiberlink Communications working as part of the team that designed and built an early Software as a Service cloud model for its MaaS360 platform. David also led the charge for getting MaaS360 to be the first mobile device management platform certified for use by the federal government under the FedRAMP program.
As a member of the Cloud Security Alliance David was co-chair of the Mobile Working Group culminating in the publication of the “Security Guidance for Critical Areas of Mobile Computing”. David also gave input to early versions of the Cloud Control Matrix and other publications and is a former president of the Delaware Valley chapter of the Cloud Security Alliance. David’s career in IT security has always included a strong emphasis on awareness and understanding of the threats and risks associated with poor security. This passion for helping bring awareness to others and has lead David around the world giving presentations on multiple aspects of IT security and the overall impact on business and personal lives.
- Panel Discussion
- Tammy Klotz, ModeratorCISO, Covanta
Prior to Covanta, Tammy was responsible for the cybersecurity program at Versum Materials, which included Information Risk Management, Plant Cybersecurity, as well as IT Security, Risk & Compliance activities. She was with Versum since their start-up in October 2016 and was responsible for standing up all security services required for the new company as part of their spin-off from Air Products & Chemicals.
Prior to her role at Versum, Tammy worked at Air Products & Chemicals for 25 years in a variety of leadership roles. Highlights of her Air Products career include IT Communications, Service & Business Relationship Management, global leadership of multiple IT support teams and IT Audit Manager.
Tammy is a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and is also Certified in Risk and Information Systems Control (CRISC). She is a Governing Body Member of the Philadelphia Chapter of Evanta, participates in Delaware Valley Cloud Security Alliance activities, and is involved with the Philadelphia Women & Cyber Security group. Tammy is also a 2019 Nominee for T.E.N Information Security Executive® of the Year.
- Panel Discussion
- Todd Bearman, ModeratorVP & CISO, Global Infrastructure and Security Solutions, TE Connectivity
Todd Bearman is the Chief Information Security Officer for TE Connectivity with responsibility for Information Security globally across nearly 150 countries with 75,000 employees.
Todd is responsible for ensuring collaboration and risk management across the corporate functions and business units where he leverages his leadership, technical, and business expertise to manage information and business risks. He manages the global Information Security Program defining strategy and executing on security initiatives.
Todd has over 25 years of information systems experience and has been involved with various aspects of Information Security for over 18 years.Prior to working at TE Connectivity, Todd was CISO at Towers Watson, as well as Director of Information Security at Commerce Bank (now TD Bank). Previously, Todd has spent much of his career as a consultant, helping global companies implement and improve their security programs.
- Panel Discussion
- Panel Discussion
- Chris GuarinoAssociate Director, Security Operations & Engineering, Spring Health
- Steve NaphyCIO, Morgan, Lewis & Bockius LLP
Steve Naphy serves as Morgan Lewis's Chief Information Officer. In his role, Steve concentrates on leveraging data analytics and process to drive efficiency and effectiveness in both business operations and the delivery of legal services. He has over 20 years of experience working in information technology (IT), including previously running information security at the firm for six years. Prior to joining Morgan Lewis, Steve held significant InfoSec roles in the retail and distribution industry. He holds an M.S. in information systems from Widener University and a B.S. from Drexel University.
- Pete Lindstrom, InstructorLeader in Cybersecurity Strategy, Innovation, and Economics
Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.
- Jordan Fischer, InstructorCyber Attorney, Global Leader of Privacy Practice Group, Octillo Law
Jordan Fischer leads Octillo Law's Global Privacy Team, where she represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.
Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Join your cybersecurity community for learning and professional growth. Register today!
