- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, April 19, 20237:30 amRegistration openRegistration Level:
- Open Sessions
7:30 am - 4:30 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] Cybersecurity and Cyber Risk Economics: Part 1Leader in Cybersecurity Strategy, Innovation, and EconomicsRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amLocation / Room: MagnoliaIt seems like every week there is a new cybersecurity incident making headlines. With so much negative attention, it is easy to see why some people–especially regulators–believe that cybersecurity is “failing,” but such a broad sentiment couldn’t be further from the truth. The truth is, neither the internet as a whole nor any of its connected entities will ever be 100% “secure.” While people realize this, the incidents and other failures loom large, even in the face of great silent successes. In reality, cybersecurity programs have complexities and nuances that matter, and our field must get better at communicating the concepts of complexity, risk, and economics.
This course is structured into four parts:
Session 1 – Cybersecurity Economics:
This session will provide a broad coverage of economic concepts and issues in managing a cybersecurity program. Key topics include: Concepts and Overview; Willingness to Accept/Willingness to Pay; Scarcity; Cognitive Biases; Perception of Risk; Benefit-Cost Analysis; Perverse Incentives; Unintended Consequences.Session 2 – Cybersecurity Risks:
This session will cover key cybersecurity-related risk discussion that incorporates history, risk in external disciplines, mathematical concepts, and more. Key concepts covered will include: The Risk Equation (frequency, impact, threats, vulnerabilities); Risk Heuristics; Estimating Value and Loss; the Attacker’s Equation; Calibrating Risk Matrices; Key Risk Indicators; Cyber Risk Quantification.Session 3 – Cybersecurity Controls:
This session will focus on the core disciplines of cybersecurity operations – identity management, vulnerability management, trust management, and threat management. It will highlight their goals and objectives, administrative processes, and technical solutions. Key concepts covered: Frameworks; RACI Matrices; Four Disciplines; Managing Resources – Time and Costs of People Process and Technologies. Examples: Benefit-Cost Analyses; Automation Justification; Return on Security Investment.Session 4 – Cybersecurity Metrics and Measures:
This session will tie the sessions together by applying the economics, risk, financial, and technical elements together with a full program that begins with operational details and rolls them up into a full strategic cybersecurity plan suitable to discuss with executives and board of directors. Key concepts covered will include: Cybersecurity Efficacy; Receiver Operating Characteristic (ROC) Curves; Asset and Activity Classification; Top Ten Strategic Metrics; The One Metric to Rule Them All.Our field is at a key point in its history. It is time to demonstrate cybersecurity leadership by creating programs that are diligent and not negligent; provide compliance with applicable regulations; and demonstrate the efficiency and effectiveness necessary to align with business objectives.
These sessions will be packed with examples, exercises, and anecdotes. Limited seating is available on a first-come, first-served basis. Sorry, no recording will be allowed.
7:30 am[PLUS Course] Operationalizing Privacy Laws into Your Organization: Part 1An Overview of US and Global Privacy LawsFounding Partner & Owner, Fischer Law, LLCRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amLocation / Room: MapleThis SecureWorld PLUS course will focus on key privacy laws and concepts, and how to implement privacy into your organization. The main components that the course will cover include:
- Overview of US and Global Privacy Laws
- Building an Effective and Practical Privacy and Security compliance program
- Creating a process to respond to data subject rights
- Addressing key privacy concepts: data minimization, privacy by design, data protection impact assessments, responding to privacy breaches.
Increasingly, each country, and even each state, is providing unique legal solutions to data privacy and information security. For businesses that cross borders, both national and domestic, this creates distinct challenges to building effective solutions that address legal requirements while also allowing a business to innovate and evolve. These changing privacy, security and technology requirements are impacting the growth and innovation within companies, requiring strategic decisions regarding risk, legal liability, and strategic planning.
Often, understanding the requirements of the law, and translating those requirements into technological solutions can be challenging. However, companies that are operationalizing privacy and information security within their organizations are able to address these evolving legal requirements while balancing growth and new opportunities. This workshop will provide in-depth understanding of those legal requirements, and provide a framework to help the industry incorporate privacy and security within their operations so that the law can work hand-in-hand with the business, and not become a barrier for the businesses growth and evolution.
The course will include both lecture and hands-on exercises. The goal is for attendees to take away tools and strategies to bring this conversation to their teams and departments.
Session 1 of the course will start with an overview of general privacy and security legal and policy principles, and then will focus on the key laws and regulatory decisions that are pushing the privacy and security legal landscape, including the European Union’s General Data Protection Regulation (“GDPR”), the Federal Trade Commission (“FTC”) rules and regulations, the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), and the various U.S. state privacy laws. Using these laws, we will discuss case studies, and how to communicate, plan, and strategize on products and solutions that
incorporate privacy and security requirements.8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 4:30 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amISSA Delaware Valley Chapter MeetingOpen to all attendeesPresident, ISSA Delaware Valley ChapterRegistration Level:- Open Sessions
8:00 am - 8:50 amLocation / Room: Parkview BallroomCome join chapter members to network, learn about ISSA, and meet your local chapter board members.8:00 amWiCyS Delaware Valley Affiliate MeetingOpen to all attendeesBoard President, WiCyS Delaware Valley AffiliateRegistration Level:- Open Sessions
8:00 am - 8:50 amLocation / Room: Laurel EastCome join chapter members to network, learn about WiCyS, and meet your local chapter board members.8:00 amAdvisory Council Roundtable Breakfast – (VIP / Invite only)Remaining Resilient and Identifying the Next Transformation Facing Cybersecurity ProfessionalsVP, CISO, TE ConnectivityRegistration Level:- VIP / Exclusive
8:00 am - 8:50 amLocation / Room: Chop HouseJoin this invitation-only meeting for SecureWorld Philadelphia Advisory Council members to discuss:
- The next transformation that is going to “bite cybersecurity professionals in the @ss” and the shifts to take note of in the cybersecurity landscape
- What transformations are coming in the next 5-10 years that cybersecurity professionals, and business leaders in general, should be thinking about
- Resilience. How do we stress the importance of resilience when it comes to data centers?
- What keeps cybersecurity professionals like you up at night is what you can’t even imagine is coming next.
Come prepared to add to the discussion. The more voices, the better. At 1:15 p.m. on Day 2, moderator Todd Bearman will lead a discussion open to all attendees where he will share what your closed-door meeting discussed and invite robust Q&A from those in attendance.
9:00 amChatGPT and Other AI Products: What Are the Implications for Cybersecurity?President, WiCyS Delaware Valley AffiliateCybersecurity Specialist and Founder of The Valander GroupRegistration Level:- Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterThis session explores how AI-powered language models like ChatGPT are transforming the cybersecurity industry. Our presenters will discuss how these models can be used to identify and prevent cyber attacks by analyzing vast amounts of data and detecting patterns that human analysts might miss. They will also examine the potential ethical concerns and limitations of using AI in cybersecurity.9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:15 amIncident Response: How to Triage Real and False AlarmsFormer CISO, ActBlue Technical ServicesRegistration Level:- Conference Pass
10:15 am - 11:00 amLocation / Room: Parkview BallroomOne of the biggest challenges in incident response is triaging real and false cybersecurity alarms. Come ready to hear tips to help you triage cybersecurity alarms effectively, including:
- Establishing a baseline
- Using multiple detection methods
- Analyzing the source of the alarm
- Validating the alarm
- Prioritizing incidents
- Responding appropriately
- Learning from false alarms
10:15 amDebunking Common Myths About XDRChief Cybersecurity Evangelist & Head of Technical Marketing, SentinelOneRegistration Level:- Open Sessions
10:15 am - 11:00 amLocation / Room: Laurel WestThere has been a tremendous buzz across the cybersecurity community about the emerging technology known as XDR (eXtended Detection & Response). Unfortunately for the practitioner, there has yet to be a single definition widely accepted by both analysts and vendors purporting to be knowledgeable on the subject. What is XDR and why should I consider the technology in my enterprise security stack? What should I expect from vendors who claim to have built the perfect mousetrap? What is reality, and what is just hype? This session will walk through some generally accepted value statements associated with XDR, while attempting to debunk a few common myths that continue to muddy the water for security teams.
10:15 amGet Ready 'Cause Here It Comes: Preparing for the Looming PCI 4.0 Compliance DeadlineDirector of Governance & Compliance, Risk Advisory Services, AccessIT GroupRegistration Level:- Open Sessions
10:15 am - 11:00 amLocation / Room: Laurel EastWith the release of PCI 4.0, the clock has started ticking for companies and service providers that must be PCI compliant to transition to the new framework. With the compliance deadline less than two years off, now is the time to “get ready” and close the gaps for standards you’re not currently meeting.
Join this session to learn about:
- The key changes in the recent PCI 4.0 update and what your organization needs to do to prepare
- How to leverage compliance to help your organization become more secure.
11:10 amSmall but Mighty: Building the Next Generation of Cybersecurity Professionals with Limited ResourcesFounder & Executive Director, Cybersecurity Gatebreakers FoundationRegistration Level:- Conference Pass
11:10 am - 11:55 amLocation / Room: Parkview BallroomThere are simply not enough people in the field of information security. According to the U.S. Department of Commerce, there are over half a million unfilled cybersecurity jobs in the U.S. Around the world, that number swells to an estimated 3.5 million jobs unfilled.Unfortunately, business leaders are constrained in their investment in the next generation of security professionals; security is, ultimately, a cost center. How then, with our limited budgets, time, and energy, can leaders build the next generation of cybersecurity professionals? After all, the cybersecurity professionals that we hire and train today will be the grizzled veterans that we need in the future.This session tackles practical tips and industry-proven methods for finding, training, and benefiting from incredible junior-level cybersecurity professionals for your growing information security team.11:10 amCovering Your Cyber AssetsConsultant, Cyber Risk Solutions Team, WTWRegistration Level:- Conference Pass
11:10 am - 11:55 amLocation / Room: Laurel WestThe cyber insurance market has gone through dramatic change over the past few years, with rapidly increasing rates and restricting coverages. Join a former CISO and cyber insurance underwriter to discuss the current market environment, where it may be going, and what you can do to improve your own coverages and pricing.11:10 am[Panel] There's a Bad Moon on the Rise – Are You Ready?Identifying the Current Threat LandscapePrincipal Partner Sales Engineer, Contrast SecuritySenior Field Sales Engineer, WithSecurePartner Sales Manager, ExpelRegional Sales Engineer, CrowdStrikeVP, CISO, TE ConnectivityRegistration Level:- Open Sessions
11:10 am - 11:55 amLocation / Room: Laurel EastLike the main character in the 1981 horror movie, An American Werewolf in London, cybercriminals continue to morph into something evil, lurking in the night (and day) to cause harm to people, organizations, and governments. Cue the Creedence Clearwater Revival song, Bad Moon Rising.
The cybersecurity community is smart and more than capable of thwarting bad actors, fangs and all. They have tools, technologies, partnerships across private and public entities, and solution vendors to help them along the way. Don’t forget about the consultants working hard to stay ahead of those wanting to do harm, as well.
Hear our panelists’ views on the current threat landscape, solutions they have to offer, and ideas they have for turning a bad moon into a harvest moon.
12:00 pm[Lunch Keynote] Transforming Information Security for Businesses of All SizesCTO, Center for Internet SecurityRegistration Level:- Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterIn order to combat cyber threats for organizations of all sizes and the supply chain, how information security is delivered and managed requires transformation. The burden of securing systems and networks has long been placed on the end organization, resulting in a distributed management requirement that does not scale. Requirements placed on the end organization exacerbate the burden, whereas “shift left,” setting requirements on the vendor, can alleviate it. Industry has a unique opportunity to aid a positive transformation to better scale security for solutions, with an aim towards improving the overall security posture and reducing the security professional deficit. Innovation to deploy security following scalable architectural patterns for security management is paramount.
12:00 pmAdvisory Council Lunch Roundtable (VIP / Invite Only)New State Privacy Laws Go Into Effect This Year – Are You Ready?Founding Partner & Owner, Fischer Law, LLCCEO & CISO, River Birch Data Security ConsultingRegistration Level:- VIP / Exclusive
12:00 pm - 12:45 pmLocation / Room: Chop HouseCome ready to discuss the five new privacy laws going into effect in 2023 in California, Utah, Virginia, Connecticut, and Colorado. How you are preparing, and what do they mean for you as security professionals? We’ll even have an attorney in the room to answer questions. In addition, we’ll tackle the topic of the many security compliance standards customers are requiring of companies and cybersecurity professionals (ISO, NIST, HITRUST, etc.) We’ll discuss what strategies, automation, and/or tools are working best for us.12:45 pmNetworking BreakRegistration Level:- Open Sessions
12:45 pm - 1:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pm[Panel] Pearls of Wisdom from Pioneering Females in CybersecurityAssociate CISO, St. Luke's University Health NetworkFounder & CEO, Cyber Job CentralEnterprise Cloud Security — Product Lead, UnitedHealth GroupPresident, WiCyS Delaware Valley AffiliateRegistration Level:- Conference Pass
1:15 pm - 2:15 pmLocation / Room: Parkview BallroomOur panelists share how they’ve managed to carve out successful careers in cybersecurity, including sharing networking techniques and tips for women just breaking into cybersecurity and those looking to move up the career ladder.
1:15 pm[Panel] Hitting the Right Note with Your Network SecurityDeveloping an Incident Response PlanLead Cybersecurity Consultant, vCISO, AccessIT GroupGlobal Security Strategist, Check Point Software TechnologiesRegional Sales Director – Northeast & Mid-Atlantic, BlackBerryFIS, Director, Information Security & Risk OfficerRegistration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: Laurel EastA new attack vector (or two or eight) is identified daily, and who knows what is coming down the pike from those with nefarious intentions. How do cybersecurity professionals keep up and strike the right note in their symphony of defenses? Cybersecurity teams must have solid Incident Response (IR) plans in place to mitigate these attacks.
Our panel of experts reveals the instruments—tools, technologies, and systems—they have to offer so that cybersecurity band members are all playing the same tune on behalf of their organizations. They’ll identify current threats and solutions for each so public and private entities have an IR plan that balances defense and offense, creating a beautiful song.
2:15 pmNetworking BreakRegistration Level:- Open Sessions
2:15 pm - 2:30 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:30 pmTaking a Proactive Approach to a Theoretical IncidentCISO, Flagship Credit AcceptanceRegistration Level:- Conference Pass
2:30 pm - 3:15 pmLocation / Room: Parkview BallroomIncidents don’t have to be major headline makers to significantly alter the security posture of an organization. This session walks through, theoretically, how an attacker might access a company’s system, what they will try to do while they are in it, and appropriate ways for the cybersecurity team and the business to react to the incident. The session answers, proactively, what the business could do differently to reduce potential impact and react faster.
2:30 pmBarCode Podcast Recording: CISOs Riff on the Latest in CybersecurityFounder, The BarCode PodcastCISO, Penn EntertainmentAssociate CISO, St. Luke's University Health NetworkDirector of Global Information Security Operations, Crown HoldingsRegistration Level:- Conference Pass
2:30 pm - 3:15 pmLocation / Room: Laurel EastJoin this live recording of the BarCode podcast, a happy hour-style audio engagement that “sits at the intersection of cybersecurity and bar room banter.” Host and Founder Chris Glanden will interview SecureWorld Philadelphia speakers and guests throughout the session, and include Q&A from the audience, for a recording that will air the week following the conference.2:30 pmCloud Security Alliance Chapter MeetingUnderutilized Cloud Security ToolboxSr. Solutions Architect, Security Specialist, Cloud Security Alliance Delaware ValleyRegistration Level:- Open Sessions
2:30 pm - 3:15 pmLocation / Room: Laurel WestDo you have too many security tools for cloud, some native, some purchased, some extended from data center? Are these just for compliance check or are you able to get meaningful data and visibility to monitor, secure and automatically remediate the issues? Are you grappling with native vs. COTS (Commercial Off The Shelf) security tools? This session will address those questions and provide a clear guidance to monitor and secure the infrastructure and applications in the cloud.3:15 pmNetworking BreakRegistration Level:- Open Sessions
3:15 pm - 3:45 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
3:15 pmHappy HourSponsored by BitLyft and CorelightRegistration Level:- Open Sessions
3:15 pm - 5:00 pmLocation / Room: Exhibitor FloorJoin your peers for conversation and complimentary beer, wine, and soda. This is a great opportunity to network with other security professionals from the area, and to discuss the hot topics from the day.
Generously sponsored by BitLyft and Corelight. Please visit BitLyft in booth 125 and Corelight in booth 195 to receive a drink ticket.
3:45 pmKeeping Score: The Power of Delivering Security-Centric Dashboards to Business LeadersSr. Director, Information Security, AddeparVP, Cyber Analytics, BlackRockRegistration Level:- Open Sessions
3:45 pm - 4:30 pmLocation / Room: Keynote TheaterThis presentation delivers a compelling argument for aggregating business facing security metrics into department specific dashboards. We discuss best practices for communicating these dashboards to ensure their use amongst business department leaders driving further integration between security teams and business departments. Done properly, these dashboards increase connectivity between InfoSec teams and the business and allow department leaders to focus on their specific security priorities. The presentation also provides a technical framework for the creation of these dashboards with example metrics that practitioners can implement immediately.3:45 pm[PLUS Course] Cybersecurity and Cyber Risk Economics: Part 2Leader in Cybersecurity Strategy, Innovation, and EconomicsRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmLocation / Room: MagnoliaSession 2 – Cybersecurity Risks:
This session will cover key cybersecurity-related risk discussion that incorporates history, risk in external disciplines, mathematical concepts, and more. Key concepts covered will include: The Risk Equation (frequency, impact, threats, vulnerabilities); Risk Heuristics; Estimating Value and Loss; the Attacker’s Equation; Calibrating Risk Matrices; Key Risk Indicators; Cyber Risk Quantification.3:45 pm[PLUS Course] Operationalizing Privacy Laws into Your Organization: Part 2Building an Effective and Practical Data Privacy and Information Security ProgramFounding Partner & Owner, Fischer Law, LLCRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmLocation / Room: MapleSession 2 will focus on the key components of an effective and practical data privacy and information security compliance program. This session will include an overview of key compliance documentation, including policies, procedures, and supporting documentation. We will discuss how to build a program that addresses the regulatory and legal requirements, while also balancing your business’ unique infrastructure and organization.
- Thursday, April 20, 20237:30 amRegistration openRegistration Level:
- Open Sessions
7:30 am - 4:30 pmLocation / Room: Registration Desk / LobbyCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] Cybersecurity and Cyber Risk Economics: Part 3Leader in Cybersecurity Strategy, Innovation, and EconomicsRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amLocation / Room: MagnoliaSession 3 – Cybersecurity Controls:
This session will focus on the core disciplines of cybersecurity operations – identity management, vulnerability management, trust management, and threat management. It will highlight their goals and objectives, administrative processes, and technical solutions. Key concepts covered: Frameworks; RACI Matrices; Four Disciplines; Managing Resources – Time and Costs of People Process and Technologies. Examples: Benefit-Cost Analyses; Automation Justification; Return on Security Investment.7:30 am[PLUS Course] Operationalizing Privacy Laws into Your Organization: Part 3Operationalizing Your Data Privacy and Information Security ProgramFounding Partner & Owner, Fischer Law, LLCRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amLocation / Room: MapleIn Session 3 and 4, we will focus on operationalizing your Data Privacy and Information Security Program, making it actionable for the teams that will implement the requirements into the organization’s day-to-day operations. With hands-on exercises and discussion, these sessions will provide step-by-step approaches to implementing key areas of your Data Privacy and Information Security Program, including data subject rights, privacy breaches, data protection agreements, cross-border data transfers, data mapping, and data protection impact assessments.
8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 4:30 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amSpecial Presentation by the FBIIn cooperation with Philadelphia InfraGardSpecial Agent, FBIRegistration Level:- Open Sessions
8:00 am - 8:50 amLocation / Room: Parkview BallroomFBI Special Agent Cerena Coughlin provides updates to InfraGard members and guests.
8:00 amAdvisory Council Roundtable Breakfast – (VIP / Invite only)Keeping Up With the Joneses (Standards)Owner, Carmel Consulting LLCRegistration Level:- VIP / Exclusive
8:00 am - 8:50 amLocation / Room: Chop HouseIn this invite-only session for Advisory Council members, we cover the latest updates to cybersecurity standards, including those from the National Institute of Standards and Technology (NIST) and the Cybersecurity Maturity Model Certification (CMMC). We discuss how these standards have evolved over time and the key changes that have been made to them.
We explore NIST’s cybersecurity framework, which provides a comprehensive set of guidelines, standards, and best practices for managing cybersecurity risks. We discuss the latest versions of the framework, including updates to help organizations better understand and manage cybersecurity risks.
We also dive into the CMMC, a set of cybersecurity standards developed by the U.S. Department of Defense (DoD) to protect sensitive government data. We discuss the different levels of certification and what they mean for organizations seeking to do business with the DoD.
9:00 am[Opening Keynote] Managing Through Transition: Maximizing the Value of People, Process, and TechnologiesCISO, CSCRegistration Level:- Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterTransition occurs almost constantly within an organization, perhaps more so in cybersecurity. Add in an acquisition, and the urgency to get people, systems and technologies aligned ramps up considerably. This session explores transition through the CISO lens, including performing a technology analysis and working through a checklist for examining vendor relations and enhancements. This allows the cybersecurity team to know the value of products and services they purchase and use (and what determines renewal or termination of a contract/vendor relationship).
9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:15 amUnderstaffed and Under PressureCISO, Penn EntertainmentRegistration Level:- Open Sessions
10:15 am - 11:00 amLocation / Room: Parkview BallroomStaffing challenges continue to be a pain point for CISOs as they work to build – and keep – teams while staying on top of an ever growing threat landscape.
The digital world continues to change and grow, companies continue to become more agile, and the speed of delivery continues to increase. Those are just the tip of the iceberg for security leaders when it comes to building and keeping security teams. Lets talk about those challenges and more as we walk through the different options we have as security leaders to build the best team possible.
10:15 amPost-Breach: CISOs, not Just Companies, at RiskCo-Founder & Managing Partner, XPAN Law PartnersRegistration Level:- Open Sessions
10:15 am - 11:00 amLocation / Room: Laurel EastThere are few things that people can count on in this world, but lawsuits following data breaches have now become a stalwart post breach. Previously, it was just the company that received (multiple) lawsuits alleging “damages” suffered by data subjects after the data breach. But in the past few years we have also seen the emergence of a new type of lawsuit, one where members of the C-Suite are also being named, personally.
A group of investors sued SolarWinds following its supply chain cyberattack and named the CISO in the lawsuit. They accused him, and the company, of embracing “intentional or severely reckless deceit on investors” because of alleged claims about the company’s cybersecurity. This session is an interactive discussion that explores the various types of risks posed to companies as a result of these lawsuits. It delves into the insurance implications and experiences related to insurance limits. The session also covers the various new laws and regulations that can impact liability of the company, its C-Suite, and board.
10:15 amPoint of Scary: The POS EcosystemDirector of Cloud Security, Financial ServicesRegistration Level:- Conference Pass
10:15 am - 11:00 amLocation / Room: Laurel WestWe all use point-of-sale (POS) systems on a regular basis and never give much thought to the technology powering these devices. What OS do these devices use? What kind of networking capabilities do they have? When was the last time the OS was patched? What countries do these devices beacon out to? Does the PCI logo emblazoned on the website actually mean anything? Join us as we delve into several different kinds of systems and discover the convergence of hardware, software, APIs, and an ecosystem built on scary.11:10 amNew State Privacy Laws Go Into Effect This Year – Are You Ready?CEO & Founder, Fischer Law, LLCRegistration Level:- Conference Pass
11:10 am - 11:55 amLocation / Room: Laurel WestLearn about the five new privacy laws going into effect in 2023 in California, Utah, Virginia, Connecticut, and Colorado. This session provides helpful tips and info, including:
- How to prepare.
- What the new laws mean for you as security professionals.
- Information about the many security compliance standards customers are requiring of companies and cybersecurity professionals (ISO, NIST, HITRUST, etc.).
- What strategies, automation, and/or tools are working to help cybersecurity professionals stay ahead of the laws.
Come with your questions and feel free to share your input.
11:10 amProtecting Against OT and IoT ThreatsSVP, IT, Caesars EntertainmentRegistration Level:- Conference Pass
11:10 am - 11:55 amLocation / Room: Parkview BallroomThere are several steps you can take to protect against cybersecurity threats in OT (Operational Technology) and IoT (Internet of Things) environments. This session explores these steps, including:
- Developing a comprehensive cybersecurity strategy
- Segmenting your networks
- Implementing strong access controls
- Using encryption
- Keeping your systems up to date
- Monitoring your systems
- Conducting regular training and awareness
But are IoT security solutions too expensive, or too complicated, to even implement? Come ready to learn and share your thoughts in this interactive session.
11:10 am[Panel] Lucy in the Cloud with DiamondsSecuring Your Cloud EnvironmentSolution Engineer, OktaSales Engineer, Identity and Access Management, ThalesSr. Sales Engineer, Orca SecuritySr. Manager, Information Security, Affiliated DistributorsRegistration Level:- Open Sessions
11:10 am - 11:55 amLocation / Room: Laurel EastCan you “imagine” if The Beatles, when first starting out, had to deal with having their catalog of music hacked, stolen, and held for ransom simply because it was in an unsecure cloud setting? While it is possible for that to happen with their hit-laden collection of songs today, it’s merely a tiny example of how businesses operate at a minimum in a hybrid cloud environment—many in a cloud-only platform.
With that comes security issues and another major area which cybersecurity professionals must work diligently to protect.
Our panel of experts share the good, the bad, and the ugly of operating in a cloud environment, what it takes to make the move to hybrid or multi-cloud successful, how to protect data from insider and outsider threats, and what it takes to provide the support DevOps teams need.
12:00 pm[Lunch Keynote] Achieving Operational Resilience Through Sustainable CybersecurityDeputy Regional Director, Region 3, Cybersecurity and Infrastructure Security AgencyRegistration Level:- Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterDespite a global focus on cybersecurity, our critical infrastructure faces an ever-growing and evolving threat environment from both criminal and state actors and is a persistent security challenge. Additionally, our critical infrastructure—which has historically been controlled by manual, physical mechanisms and processes using stand-alone technologies—is increasingly becoming interconnected. The convergence of physical and digital systems increases productivity and cost efficiencies, but it also increases risk of operational and cascading impacts when disruptions occur. Specifically, our critical infrastructure is vulnerable to cyber threats with physical consequences, as well as physical threats with cyber-related consequences. Understanding how to address this cyber-physical convergence while encouraging the adoption of secure-by-design and secure-by-default concepts is vital for building operational resilience and an effective defense against threats of today, as well as those of tomorrow.
While projects like Shields Up—which enabled CISA to provide urgent guidance in the wake of Russia’s attack on Ukraine—effectively helped organizations adopt a heightened posture, the fact is that our shields will likely be up for the foreseeable future. Maintaining the nation’s cybersecurity posture in the long-term will require governments and industries to continue to work alongside one another and adjust protection efforts when necessary. To that end, CISA is building an understanding of the cyber-physical convergence into the way we operate and working towards operational resilience with what CISA Director Jen Easterly calls a “posture of persistent collaboration” between the public and private sectors as part of growing a culture of sustainable cybersecurity.
12:00 pmAdvisory Council Lunch Roundtable – (VIP / Invite Only)AI and Machine Learning: Is It Hype or Help?VP, Information Security, Genesis HealthCareRegistration Level:- VIP / Exclusive
12:00 pm - 12:45 pmLocation / Room: Chop HouseNow that AI and machine learning have been introduced into security technology, are they worth the hype, or are they helpful tools for cybersecurity professionals? Come ready to join this invite-only gathering of SecureWorld Philadelphia Advisory Council members for an open exchange about the good, the bad and the ugly of artificial intelligence in our profession.12:45 pmNetworking BreakRegistration Level:- Open Sessions
12:45 pm - 1:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pmRemaining Resilient and Identifying the Next Transformation Facing Cybersecurity ProfessionalsVP, CISO, TE ConnectivityDeputy CISO / Sr. Director, Governance, Risk & Compliance, TE ConnectivityRegistration Level:- Conference Pass
1:15 pm - 2:15 pmLocation / Room: Parkview BallroomOn Day 1 of the conference, SecureWorld Philadelphia Advisory Council members gathered to discuss:
- The next transformation that is going to “bite cybersecurity professionals in the @ss” and the shifts to take note of in the cybersecurity landscape
- What transformations are coming in the next 5-10 years that cybersecurity professionals, and business leaders in general, should be thinking about
- Resilience. How do we stress the importance of resilience when it comes to data centers?
- What keeps cybersecurity professionals like you up at night is what you can’t even imagine is coming next.
Todd Bearman and Brandi Burton will share the insights from the closed-door session and open up the discussion to conference attendees to share their views.
1:15 pmI Can See Clearly Now, the Threats Are GoneThreat Intelligence: The State of InfoSec TodayCIO, Mandelbaum Barrett PCRegistration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: Laurel EastZero Trust is considered by many to be a marketing buzzword, but what it really alludes to is having good, basic cybersecurity hygiene. It’s what any cybersecurity professional worth their salt has been doing, and does, daily. Ransomware, phishing, and BEC grab the headlines, but your run-of-the-mill cyberattacks can’t be ignored because of the shiny new thing garnering all the attention.
The CISO is like a musical conductor that must pay attention to all the resources at his or her disposal—be it people, tools, technologies, systems, and more. How is the organization handling security awareness training? What about staffing shortages affecting the organization, or even the vendors with which CISOs and their teams work?
Join this session to hear insights and takeaways on the state of the information security profession today, including tips for seeing clearly and staying ahead of threats.
2:15 pmNetworking BreakRegistration Level:- Open Sessions
2:15 pm - 2:30 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:30 pmSecurity Awareness: Engaging People and Tracking the Right MetricsDevSecOps Lead, VanguardRegistration Level:- Conference Pass
2:30 pm - 3:15 pmLocation / Room: Parkview BallroomSecurity awareness is a critical component of any organization’s security posture. It refers to the process of educating employees and other stakeholders about potential security threats and how to prevent them. Engaging people in security awareness and tracking the right metrics are two essential aspects of building a robust security awareness program.
Come ready to hear tips for engaging people in security awareness, including making it relevant, interactive, frequent, and mandatory. When it comes to tracking the right metrics for security awareness, learn how to measure participation rates, comprehension, behavior change, and incident rates.
2:30 pmCloud Security Risks: Is My Cloud Environment Leaking Data?Director, Information Security, CubeSmartRegistration Level:- Open Sessions
2:30 pm - 3:15 pmLocation / Room: Laurel EastThere has never been a silver bullet to cloud security, and securing the cloud continues to become more and more complex over time. This session provides a general managerial overview of each of the areas of cloud security risk, how to protect your environment, and how to keep your information and resources safe and secure.2:30 pmISACA Philadelphia Chapter MeetingOpen to all attendeesBusiness Information Security Lead (BISO), BlackbaudRegistration Level:- Open Sessions
2:30 pm - 3:15 pmLocation / Room: Laurel WestCome join chapter members to network, learn about ISACA, and meet your local chapter board members.3:15 pmNetworking Break and Dash for PrizesRegistration Level:- Open Sessions
3:15 pm - 3:45 pmLocation / Room: Exhibitor HallVisit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.
Participating sponsors will announce their Dash for Prizes winners. Must be present to win.
3:45 pm[Fireside Chat] Transitioning from CISO to CIO: What Changes?CIO, Morgan, Lewis & Bockius LLPBoard President, WiCyS Delaware Valley AffiliateRegistration Level:- Open Sessions
3:45 pm - 4:30 pmLocation / Room: Keynote TheaterA talk with Steve Naphy, CIO of Morgan Lewis, about his move from head of InfoSec to Chief Information Officer.
3:45 pm[PLUS Course] Cybersecurity and Cyber Risk Economics: Part 4Leader in Cybersecurity Strategy, Innovation, and EconomicsRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmLocation / Room: MagnoliaSession 4 – Cybersecurity Metrics and Measures:
This session will tie the sessions together by applying the economics, risk, financial, and technical elements together with a full program that begins with operational details and rolls them up into a full strategic cybersecurity plan suitable to discuss with executives and board of directors. Key concepts covered will include: Cybersecurity Efficacy; Receiver Operating Characteristic (ROC) Curves; Asset and Activity Classification; Top Ten Strategic Metrics; The One Metric to Rule Them All.3:45 pm[PLUS Course] Operationalizing Privacy Laws into Your Organization: Part 4Operationalizing Your Data Privacy and Information Security ProgramFounding Partner & Owner, Fischer Law, LLCRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmLocation / Room: MapleIn Session 3 and 4, we will focus on operationalizing your Data Privacy and Information Security Program, making it actionable for the teams that will implement the requirements into the organization’s day-to-day operations. With hands-on exercises and discussion, these sessions will provide step-by-step approaches to implementing key areas of your Data Privacy and Information Security Program, including data subject rights, privacy breaches, data protection agreements, cross-border data transfers, data mapping, and data protection impact assessments.
- Abnormal SecurityBooth: 330
Abnormal is the most precise human behavior security engine for blocking all email attacks, including phishing, malware, ransomware, social engineering, executive impersonation, supply chain compromise, internal account compromise, spam, and graymail.
Secure email gateways and built-in Microsoft and Google security struggle to block email attacks that pass reputation checks, have no URLs or attachments, and appear to come from trusted sources.Only Abnormal uses behavioral AI to profile known good behavior and analyzes over 45,000 signals to detect anomalies that deviate from these baselines, delivering maximum protection for global enterprises.
- AccessIT GroupBooth: 220
AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.
AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.
- Atlantic Data SecurityBooth: 200
Since 1993, Atlantic has been representing industry leading security products to help get customers to an acceptable level of IT security risk. Atlantic works extensively with both large enterprises and SMB markets, understanding their business goals before any solution is recommended. Atlantic’s strict focus ensures that customers receive the highest level of both service and support.
- AxoniusBooth: 212
Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy with solutions for both cyber asset attack surface management (CAASM) and SaaS management.
- BitLyft SecurityBooth: 125
We help keep your organization safe by illuminating and eliminating cyber threats before they have time to harm you or your customers. We do this by providing a platform that merges the best of people and software for unparalleled protection for your organization. Overcome your cybersecurity challenges of finding talent and technology to protect your organization with BitLyft today.
- BlackBerry CybersecurityBooth: 220
BlackBerry Cybersecurity is a leader in endpoint security, endpoint management, encryption, and embedded systems, protecting enterprises and governments around the world. Our end-to-end approach is deeply rooted in Cylance® AI and machine learning, providing continuous preventative protection, detection, and instant response. We extend protection for your organization against current and future cyberthreats by combining network and endpoint telemetry and by delivering innovative solutions in the areas of cybersecurity, safety, and data privacy.
- Check Point Software TechnologiesBooth: 220
Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.
- Cloud Security Alliance Delaware Valley Chapter (CSA-DV)Booth: Exhibitor Hall Foyer
Cloud Security Alliance Delaware Valley Chapter (CSA-DV) is a not-for-profit organization for people interested in education, training and possible certification in cloud security. We seek to improve the understanding of cloud security and to promote the interaction of both professionals and students in order to discuss current trends and topics within the industry.
OUR PURPOSE:To promote cloud security best practices within the Greater Philadelphia region, to educate about cloud computing, identify its risks, methods to secure it, and to continually provide opportunities for the development of cloud security professionals.
- Cloud Security Alliance Lehigh Valley ChapterBooth: Exhibitor Hall Foyer
- CloudflareBooth: 145
Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company. It empowers organizations to make their employees, applications, and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.
Powered by one of the world’s largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations—from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.
Learn more about Cloudflare’s connectivity cloud at cloudflare.com/connectivity-cloud. Learn more about the latest internet trends and insights at radar.cloudflare.com.
- Contrast SecurityBooth: 220
Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast’s patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.
- CorelightBooth: 195
Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com
- CRESTBooth: 120
CREST is an international not-for-profit accreditation and certification body that represents and supports the technical information security market. CREST provides internationally recognised accreditations for organisations and professional level certifications for individuals providing penetration testing, cyber incident response, threat intelligence, and Security Operations Centre (SOC) services.
- Critical StartBooth: 360
Critical Start Managed Cyber Risk Reduction solutions deliver continuous security cyber risk monitoring and mitigation enabling strong protection against threats. Combined with a team of expert risk mitigators, our platform provides maturity assessments, posture and event analytics, response capabilities, comprehensive threat intelligence, and security workload management capabilities. We help you achieve the highest level of cyber risk reduction for every dollar invested, leading to increased confidence in reaching your desired level of security posture.
- CrowdStrikeBooth: 235
CrowdStrike sets the standard for cybersecurity in the cloud era. The CrowdStrike Falcon® platform protects and enables the people, processes, and technologies that drive modern enterprise, delivering superior protection, better performance, reduced complexity, and immediate time-to-value. CrowdStrike secures the most critical areas of enterprise risk—endpoints and cloud workloads, identity, and data—to keep organizations ahead of today’s adversaries and stop breaches.
- DarktraceBooth: 115
Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.
The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.
- DHS Cybersecurity and Infrastructure Security Agency (CISA), Region 3Booth: n/a
CISA Region 3, headquartered in Philadelphia, provides cybersecurity and infrastructure security services to seven Tribal Nations and the following states/district: State of Delaware, District of Columbia, State of Maryland, Commonwealth of Pennsylvania, Commonwealth of Virginia, and State of West Virginia.
Regional Director William J. Ryan leads a cadre of security professionals located throughout the region. Through our efforts to understand and advise on cyber and physical risks to the nation’s critical infrastructure, we help partners strengthen their own capabilities. We connect our stakeholders in industry and government to each other and to resources, analyses, and tools to help them build their own cyber, communications, and physical security and resilience, in turn strengthening national resilience.
- Envision Technology AdvisorsBooth: 102
Envision Technology Advisors is a business and technology consultancy specializing in Digital Transformation, Cybersecurity, Business Continuity, Infrastructure Consulting, Web Design and Development, and much more. With offices in Rhode Island and the Boston area, Envision serves clients throughout New England and beyond.
- ExabeamBooth: 220
Exabeam is a global cybersecurity leader that adds intelligence to every IT and security stack. The leader in Next-gen SIEM and XDR, Exabeam is reinventing the way security teams use analytics and automation to solve Threat Detection, Investigation, and Response (TDIR), from common security threats to the most critical that are difficult to identify. Exabeam offers a comprehensive cloud-delivered solution that leverages machine learning and automation using a prescriptive, outcomes-based approach to TDIR. We design and build products to help security teams detect external threats, compromised users and malicious adversaries, minimize false positives and best protect their organizations.
- ExpelBooth: 220
Expel provides transparent managed security, on-prem and in the cloud. It’s the antidote for companies trapped in failed relationships with their managed security service provider (MSSP) and those looking to avoid the frustration of working with one in the first place. To learn more, go to https://www.expel.io.
- GigamonBooth: 220
Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com.
- ISC2Booth: Exhibitor Hall Foyer
ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, ISC2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation, The Center for Cyber Safety and Education™.
- ISACA PhiladelphiaBooth: Exhibitor Hall Foyer
The Philadelphia Chapter of ISACA has a membership base of more than 1,600 individuals primarily located in the Philadelphia and the surrounding suburbs, extending into Delaware and Southern New Jersey. The membership of the Chapter includes professionals working in various industries and capacities. From students through experienced C-level executives, the Philadelphia Chapter provides, training, networking and social events to this diverse group who share the common goal of providing expertise in IT audit, security, risk, and governance topics to their colleagues. The Chapter conducts events on a monthly basis led by an active, vibrant and dedicated group of volunteers and is actively seeking business partners to help provide value and knowledge to its members.
- ISSA Delaware ValleyBooth: Exhibitor Hall Foyer
Our chapter serves the Delaware Valley and Mid-Atlantic region. This is comprised of Eastern Pennsylvania, Northern Maryland, Southern New Jersey, and Delaware.
We are making history as we continue to grow the chapter with your membership, and bring exciting programs to you. If you have not already been involved in the membership meetings, we encourage you to do so. Hopefully, you will walk away with more ideas to take back to your organizations, or you may come away with a sense of – “Hey, we had that same problem”, or “Our company is not alone in dealing with these issues.” - LaceworkBooth: 335
Lacework automates security across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), providing a comprehensive view of risks across cloud workloads and containers. Lacework’s unified cloud security platform provides unprecedented visibility, automates intrusion detection, delivers one-click investigation, and simplifies cloud compliance.
- Noname SecurityBooth: 200
Noname Security is the only company taking a complete, proactive approach to API Security. Noname works with 20% of the Fortune 500 and covers the entire API security scope across three pillars: Posture Management, Runtime Security, and API Security Testing. Noname Security is backed by leading venture capital firms, including Lightspeed, Georgian, The Syndicate Group (TSG), Forgepoint, Next47, Insight Partners, and Cyberstarts, and has raised $220M, achieving “unicorn” status only one year out of stealth.
- Orca SecurityBooth: 220
We’re on a mission to make it fast, easy, and cost effective for organizations to address the critical security issues in their AWS, Azure, and GCP estates so that they can operate in the cloud with confidence.
- OktaBooth: 345
Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.
- OptivBooth: 135
Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.
- Philadelphia InfraGard Members AllianceBooth: Exhibitor Hall Foyer
InfraGard is a partnership between the FBI and the private sector. It is an association of people from businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. Philadelphia InfraGard Members Alliance (IMA) provides a forum for the exchange of information between the government, the owners and operators of the national infrastructure, and others concerned with the protection of the national infrastructure. Philadelphia IMA supports eastern Pennsylvania and southern New Jersey. Membership is free and new members are welcome.
- Recorded FutureBooth: 275
Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.
- ReliaQuestBooth: 165
ReliaQuest, the force multiplier of security operations, increases visibility, reduces complexity, and manages risk with its cloud native security operations platform, GreyMatter. ReliaQuest’s GreyMatter is built on an open XDR architecture and delivered as a service anywhere in the world, anytime of the day, by bringing together telemetry from tools and applications across cloud, on-premises and hybrid cloud architectures. Hundreds of Fortune 1000 organizations trust ReliaQuest to operationalize security investments, ensuring teams focus on the right problems while closing visibility and capability gaps to proactively manage risk and accelerate initiatives for the business. ReliaQuest is a private company headquartered in Tampa, Fla., with multiple global locations. For more information, visit www.reliaquest.com.
- RubrikBooth: 130
Rubrik, the Zero Trust Data Security Company, delivers data security and operational resilience for enterprises. Rubrik’s big idea is to provide data security and data protection on a single platform, including Zero Trust Data Protection, ransomware investigation, incident containment, sensitive data discovery and orchestrated application recovery. This means data is ready at all times so you can recover the data you need and avoid paying a ransom. Because when you secure your data, you secure your applications, and you secure your business.
- SayersBooth: 210
At Sayers, we have more than 30 years of experience in providing personalized IT services and solutions. We bring an in-depth knowledge of the most innovative technologies which allows us to diagnose your problems, create a personalized plan, and implement the exact solutions to help your business overcome its most difficult IT challenges. Sayers mission is to help clients solve their business challenges with innovative IT solutions. Our success is founded on building strong relationships with our clients and going above and beyond to help those clients succeed.
- SecurEnds, IncBooth: 240
SecurEnds provides companies with a tool to automate user access reviews (UAR) across cloud and on-prem applications to meet SOX, ISO27001, PCI, HIPAA, HITRUST, FFEIC, GDPR, and CCPA audit requirements. Utilizing fuzzy logic to pull data from systems of record (SOR), complimentary identity governance and administration (IGA) solutions, and SaaS-based, custom, and legacy downstream applications, SecurEnds provides a complete, end-to-end process for UAR, then automates it out of the box.
- SentinelOneBooth: 340
SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.
- SynopsysBooth: 140
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
- SysdigBooth: 155
The Sysdig Secure DevOps Platform provides security to confidently run containers, Kubernetes and cloud services. Only Sysdig has the deep visibility needed to see all threats, vulnerabilities and suspicious activity. With Sysdig you can secure the build pipeline, detect and respond to runtime threats, continuously validate compliance, and monitor and troubleshoot cloud infrastructure and services.
Sysdig is a SaaS platform, built on an open source stack that includes Falco and sysdig OSS, the open standards for runtime threat detection and response. Hundreds of organizations rely on Sysdig to secure containers, Kubernetes and cloud services.
- TechTargetBooth: n/a
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- ThalesBooth: 220
As the global leader in cloud and data protection, we help the most trusted brands and largest organizations in the world protect their most sensitive data and software, secure the cloud and achieve compliance through our industry-leading data encryption, access management, and software licensing solutions.
- The Teneo GroupBooth: 245
The Teneo Group’s sole focus is IT security engineering. Without that critical security perspective, any project, big or small, can open an organization to at best more risk, and at worst catastrophic.
Teneo is uniquely qualified to support all areas of the information technology life cycle. We have the technical engineering skills needed to successfully complete the projects at hand and we always consider security first.
Teneo also designs and maintains systems of several large government and private organizations. Teneo is a certified partner with many security vendors including Check Point, RSA, Blue Coat, Solarwinds, Guidance Software, and Solutionary.
- ThreatLockerBooth: 265
ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com
- WithSecureBooth: 375
WithSecure™ (formerly F-Secure Business) is cybersecurity’s reliable partner. IT service providers, MSSPs and businesses—along with the largest financial institutions, manufacturers, and thousands of the world’s most advanced communications and technology providers—trust us for outcome-based cybersecurity that protects and enables their operations. Our AI-driven protection secures endpoints and cloud collaboration, and our intelligent detection and response are powered by experts who identify business risks by proactively hunting for threats and confronting live attacks. Our consultants partner with enterprises and tech challengers to build resilience through evidence-based security advice. WithSecure™ is part of F-Secure Corporation, founded in 1988, and listed on NASDAQ OMX Helsinki Ltd.
- WiCyS Delaware ValleyBooth: Exhibitor Hall Foyer
Women make up only 11% of the cyber security workforce. With such low representation, it is essential that we advocate for and assist women as they navigate through the cyber security industry.
Philadelphia Women & Cyber Security’s Mission: To provide opportunities to advance careers for professionals in Cyber Security through education, mentoring, and networking. A Supportive community for women in cyber security that works to promote and encourage women to develop their careers. We are open to any support for our mission from any gender. Come to the next Philadelphia Women and Cyber Security’s event to get to know other like-minded, female cyber security professionals in the area. We will discuss industry best practices, the latest security trends and solutions, and share lessons we’ve learned over the years. For more information, contact wicysdelawarevalley@wicys.org.
- WizBooth: 230
We’re on a mission to help organizations effectively reduce risks in their Cloud environments. Purpose-built for the unique complexities of multi-environment, multi-workload, and multi-project cloud estates, Wiz automatically correlates the critical risk factors to deliver actionable insights that don’t waste time.
Wiz connects in minutes using a 100% API-based approach that scans both platform configurations and inside every workload. Our full security stack context surfaces the toxic combinations that show the attackers’ view to a breach. Security and DevOps teams use Wiz workflows to proactively remove risks and prevent them from becoming breaches. For more information, visit www.wiz.io.
- ZeroFoxBooth: 150
Using diverse data sources and artificial intelligence-based analysis, the ZeroFox Platform identifies and remediates targeted phishing attacks, credential compromise, data exfiltration, brand hijacking, executive and location threats and more. The patented ZeroFox SaaS technology processes and protects millions of posts, messages and accounts daily across the social and digital landscape, spanning LinkedIn, Facebook, Slack, Twitter, Instagram, Pastebin, YouTube, mobile app stores, the deep & dark web, domains, email and more.
Led by a team of information security and high-growth company veterans, ZeroFox has raised funding from NEA, Highland Capital, Intel Capital, Hercules Capital and others, and has collected top industry awards such as Red Herring Top 100 North America, the SINET16 Champion, Dark Reading’s Top Security Startups to Watch, Tech Council of Maryland’s Technology Company of the Year and the Security Tech Trailblazer of the Year.
- Pete Lindstrom, InstructorLeader in Cybersecurity Strategy, Innovation, and Economics
Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.
- Jordan Fischer, InstructorFounding Partner & Owner, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP) - Scott Laliberte, ModeratorPresident, ISSA Delaware Valley Chapter
Scott Laliberte, President of ISSA Delaware Valley Chapter for over 10 years, has grown the chapter significantly by creating a collaborative community for Cyber Security professionals to share their knowledge and experience and satisfy their CPE needs. Scott also leads Protiviti’s Emerging Technology practice where he enables clients to leverage emerging technologies to solve complex business problems and manage risk. His team specializes in many technology areas including Artificial Intelligence (AI) and Machine Learning, Internet of Things (IoT), Cloud, Blockchain, and Quantum Computing. In previous roles, Scott was the Global leader of Protiviti’s Cyber Security Practice.
- Nancy Hunter, ModeratorBoard President, WiCyS Delaware Valley Affiliate
Nancy Hunter is the VP, CISO and Data Privacy Security Officer at the Federal Reserve Bank of Philadelphia. With more than 25 years of experience in technology including 15 years in Information Security, Nancy joined the Federal Reserve Bank in 2017 where is accountable for Information Security Operations and Consulting, Information Risk Management, Records Management, and guides the implementation of the Bank’s data and system privacy program and serves as Bank representative in System data privacy policy setting. Nancy is certified in Risk and Information Systems Controls (CRISC) and holds a B.A. in Mathematics from Temple University.
- Todd Bearman, ModeratorVP, CISO, TE Connectivity
Todd Bearman is the Chief Information Security Officer for TE Connectivity with responsibility for Information Security globally across nearly 150 countries with 75,000 employees.
Todd is responsible for ensuring collaboration and risk management across the corporate functions and business units where he leverages his leadership, technical, and business expertise to manage information and business risks. He manages the global Information Security Program defining strategy and executing on security initiatives.
Todd has over 25 years of information systems experience and has been involved with various aspects of Information Security for over 18 years.Prior to working at TE Connectivity, Todd was CISO at Towers Watson, as well as Director of Information Security at Commerce Bank (now TD Bank). Previously, Todd has spent much of his career as a consultant, helping global companies implement and improve their security programs.
- Donna RossPresident, WiCyS Delaware Valley Affiliate
Dynamic leader and board member demonstrating over 20 years of diverse risk, compliance, information security, technology, and operations experience within the manufacturing, insurance, banking, financial services, and retail sector. Adept in developing and implementing strategic technology and risk solutions, performing research and analysis to keep employer advised regarding emerging technologies and management of risk. Security and DEI evangelist.
- Eric RobuckCybersecurity Specialist and Founder of The Valander Group
Eric Robuck is a seasoned cybersecurity expert with over two decades of experience in the industry. As the owner and founder of The Valander Group, he leads a team of top-notch business experts dedicated to providing comprehensive cybersecurity solutions for business owners.
Eric's extensive military background as a Warrant Officer focused on information technology and security has equipped him with the necessary skills and knowledge to handle complex cybersecurity challenges. He has a deep understanding of programming, database design, electronic information transfer, and project management, which allows him to develop and implement effective cybersecurity strategies for his clients.
Eric holds multiple professional certifications, including the CISSP, CEH, Security+, and AWS Practitioner. He has done masters work in Cybersecurity and leadership in Cyber Security to further enhance his knowledge and skills. Eric's expertise in cybersecurity makes him an invaluable asset to businesses looking to protect themselves from cyber threats.
When he's not working, Eric enjoys spending time with his family and staying active on the golf course. With his impressive track record and diverse skillset, Eric is a force to be reckoned with in the world of cybersecurity, and his clients trust him to keep their businesses safe from cyber-attacks.
- Michael LelandChief Cybersecurity Evangelist & Head of Technical Marketing, SentinelOne
Michael joined SentinelOne in May 2020 as Head of Technical Marketing where he brings over 25 years of security domain expertise. He is responsible for messaging and strategic development of the XDR product roadmap. Prior to SentinelOne, he held the title of Chief Technical Strategist for McAfee. Michael served formerly as the CTO at NitroSecurity where he was responsible for developing and implementing NitroSecurity's overall SIEM technology vision and roadmap. Michael has held senior technical management positions at Eziaz, Cabletron and Avaya. At Avaya, a global telecommunications equipment and services vendor, he served as CTO where he led the company in its strategic efforts for converged data/voice development initiatives.
- Chad BarrDirector of Governance & Compliance, Risk Advisory Services, AccessIT Group
Chad Barr is a seasoned leader in the field of information security, currently serving as the Director of Governance, Risk and Compliance (GRC) within the Risk Advisory Service practice at AccessIT Group (AITG). With a proven track record of success, Chad brings a wealth of experience to AccessIT Group.
As a visionary leader in the realm of cybersecurity, Chad has honed his skills across multiple disciplines, including security engineering, project management, risk management, and compliance. His extensive background underscores his ability to guide organizations toward robust and resilient security postures.
- Naomi BuckwalterFounder & Executive Director, Cybersecurity Gatebreakers Foundation
Naomi Buckwalter, CISSP CISM, is the Director of Product Security for Contrast Security and author of the LinkedIn course: “Training today for tomorrow's solutions - Building the Next Generation of Cybersecurity Professionals”. She is also the founder and Executive Director of Cybersecurity Gatebreakers Foundation, a nonprofit dedicated to closing the demand gap in cybersecurity hiring. She has over 20 years' experience in IT and Security and has held roles in Software Engineering, Security Architecture, Security Engineering, and Security Executive Leadership. As a cybersecurity career adviser and mentor for people around the world, her passion is helping people, particularly women, get into cybersecurity. Naomi has two Masters degrees from Villanova University and a Bachelors of Engineering from Stevens Institute of Technology.
- Sean ScrantonConsultant, Cyber Risk Solutions Team, WTW
Cyber Liability National Practice Leader (current). IT Security / IT Auditor at RLI for eight years. Network / security consulting / auditor for financial institutions, government for nine years. Network / firewall administrator in healthcare for seven years. Designations: CPCU, RPLU+, CISSP, CISM, CISA, CRISC, CSXF, MBA.
- Jennifer GalvinPrincipal Partner Sales Engineer, Contrast Security
Jennifer Galvin is a Principal Channel Sales Engineer at Contrast Security, where she provides technical leadership supporting Contrast Channel Partners to help secure their customer's applications from the inside out. She has helped architect and build many critical application services you may use today. If you've viewed NASDAQ's video wall in Times Square, applied for a minority or women-owned business license in New York, registered for Medicare or Medicaid, registered a drone with the FAA or used Disney FastPass, you are using an application she helped to create. She serves as an expert in the field of Presales Strategy and DevOps and holds a Master of Science Degree in Computer Science from Johns Hopkins University. Jennifer Galvin is local to Washington, DC and is a proud member of Cloudgirls.
- Raj PatelSenior Field Sales Engineer, WithSecure
Raj Patel is a Senior Field Sales Engineer with Finland-based cybersecurity firm, WithSecure. His 20 years of experience leading IT projects has focused on analyzing business requirements and customer goals to deliver enterprise solutions with a focus on cloud and cybersecurity technologies.
- Stu SafferPartner Sales Manager, Expel
After spending the first half of his career in fintech, Stu moved into cyber security as a Strategic Global Account Manager with RSA in 2012. Since joining Expel in 2019, Stu has spent time in a variety of roles with clients and partners of all sizes. He currently manages the partner ecosystem in the Northeast.
- Robert YoungRegional Sales Engineer, CrowdStrike
Robert Young is a Regional Sales Engineer for CrowdStrike in the northeast U.S. territory, with an extensive background in security and IT operations. Over his career, Robert has worked both in the private and public sectors, as the customer and in sales, giving him a deep understanding of the people, processes, and technologies involved in stopping breaches.
- Todd Bearman, ModeratorVP, CISO, TE Connectivity
Todd Bearman is the Chief Information Security Officer for TE Connectivity with responsibility for Information Security globally across nearly 150 countries with 75,000 employees.
Todd is responsible for ensuring collaboration and risk management across the corporate functions and business units where he leverages his leadership, technical, and business expertise to manage information and business risks. He manages the global Information Security Program defining strategy and executing on security initiatives.
Todd has over 25 years of information systems experience and has been involved with various aspects of Information Security for over 18 years.Prior to working at TE Connectivity, Todd was CISO at Towers Watson, as well as Director of Information Security at Commerce Bank (now TD Bank). Previously, Todd has spent much of his career as a consultant, helping global companies implement and improve their security programs.
- Kathleen MoriartyCTO, Center for Internet Security
Kathleen Moriarty, Chief Technology Officer, Center for Internet Security, has over two decades of experience. Formerly as the Security Innovations Principal in Dell Technologies Office of the CTO, Kathleen worked on ecosystems, standards, and strategy. During her tenure in the Dell EMC Office of the CTO, Kathleen had the honor of being appointed and serving two terms as the Internet Engineering Task Force (IETF) Security Area Director and as a member of the Internet Engineering Steering Group from March 2014-2018. Named in CyberSecurity Ventures, Top 100 Women Fighting Cybercrime. She is a 2020 Tropaia Award Winner, Outstanding Faculty, Georgetown SCS.
Kathleen achieved over 20 years of experience driving positive outcomes across Information Technology Leadership, IT Strategy and Vision, Information Security, Risk Management, Incident Handling, Project Management, Large Teams, Process Improvement, and Operations Management in multiple roles with MIT Lincoln Laboratory, Hudson Williams, FactSet Research Systems, and PSINet.
Kathleen holds a Master of Science Degree in Computer Science from Rensselaer Polytechnic Institute, as well as, a Bachelor of Science Degree in Mathematics from Siena College. Published work: "Transforming Information Security: Optimizing Five Concurrent Trends to Reduce Resource Drain," July 2020.
- Jordan Fischer, Special GuestFounding Partner & Owner, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP) - Cindy Allen, ModeratorCEO & CISO, River Birch Data Security Consulting
Cindy Allen has over 30 years of experience in technology and security and has served as CISO, Privacy Officer, and HIPAA Security Officer for a global organization of roughly 5,000 employees in 8 countries. Prior to this role she was CIO for a Philadelphia-based professional services firm. She holds both CISSP and ITIL Expert certifications as well as a master’s degree in information science.
Since retiring from full-time employment, Cindy has moved into semi-retirement, focusing on her passion, privacy, and IT compliance. She also aspires to author a book on building effective privacy programs.
- Krista ArndtAssociate CISO, St. Luke's University Health Network
Krista Arndt is the Associate CISO at SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day to day operational effectiveness. Krista has been working in information security in various capacities for more than 15 years. In her previous roles, Krista assisted with developing and leading security programs in national healthcare, crypto, finance, and the Department of Defense. She currently holds her CISM and CRISC certifications and NHRA competition driver's license.
Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council, and is Marketing Committee Chair for Women in CyberSecurity (WiCyS) Delaware Valley Affiliate. Through this service, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.
When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.
- Vijaya RaoEnterprise Cloud Security — Product Lead, UnitedHealth Group
Vijaya Rao is a Senior executive with over 25 plus years of experience in the Engineering and Cybersecurity space. She has worked for different fortune 100 companies such as CenturyLink, AOL, JP Morgan Chase, and Google. She also founded the last mile Technology enabled platform called DeliveryCircle, raised multiple rounds of funding and currently serves as the Chairman of the board. In her current role as the Product Leader at UnitedHealth Group, she leads Enterprise Cloud Security. Vijaya is also a Certified CISO.
Vijaya is an expert at synergizing teams, by setting the vision for excellence and building out team alignment, while ensuring that members have the information, support, and tools necessary for success. She has steered technology organizations of over 200 people, maintaining team cohesion amid significant change while boosting performance and fostering a team culture of collaboration, innovation, and shared success. Vijaya’s core belief is that innovative technology-based solutions should be at the core of every business model. This helps companies achieve a strong ROI and leads to sustainable growth.
Vijaya loves travelling and volunteering time mentoring young girls into STEM programs. She currently also serves as an advisor for technology start-ups at the University of Delaware (Horn Entrepreneurship program).
- Donna Ross, ModeratorPresident, WiCyS Delaware Valley Affiliate
Dynamic leader and board member demonstrating over 20 years of diverse risk, compliance, information security, technology, and operations experience within the manufacturing, insurance, banking, financial services, and retail sector. Adept in developing and implementing strategic technology and risk solutions, performing research and analysis to keep employer advised regarding emerging technologies and management of risk. Security and DEI evangelist.
- Brett Price, CISSP, CISMLead Cybersecurity Consultant, vCISO, AccessIT Group
Brett Price is a Senior Cybersecurity Consultant for the Risk Advisory Services practice at AccessIT Group (AITG). Brett is a knowledgeable cybersecurity consultant with over twenty years of experience and an extensive background in security consulting, network engineering/administration and cybersecurity best practices. Brett’s skills range from analyzing network packet behavior to securing enterprise critical infrastructure with expertise in assessing and consulting on risk management frameworks and standards such as NIST 800-53, NIST CSF, CIS and ISO/IEC 2700X. Brett has experience working with enterprise and mid-market customers across various industry sectors such as healthcare, banking, industrial, retail, pharmaceutical and insurance.
- Eddie DoyleGlobal Security Strategist, Check Point Software Technologies
Eddie Doyle works with enterprise organizations, university think tanks and corporate leaders to articulate the complex subject of cyber security in an engaging manner, championing his customer’s initiatives to fruition and finding the holy grail of cyber security… making cyber a profit center for the business.
LinkedIn recognizes Eddie’s forté as a keynote speaker and livestreamer of cyber security strategy for the everyday user of technology. Leading Board discussions and attack/defense simulation, Eddie proudly works with executive on disaster recovery planning and holds a global revenue responsibility for a fortune 500 company.
- Eric StormRegional Sales Director – Northeast & Mid-Atlantic, BlackBerry
Eric Storm is the Regional Sales Director for the North East & Mid-Atlantic territories at BlackBerry. He has been a sales leader with BlackBerry for over two years, and his passion has only grown over that time for Cyber Security and the solutions we provide. He has worked in AI and Technology over the last 10+ years at companies such as Citrix and SunGard/FIS, as well as some smaller start-ups. He has led Enterprise Sales, Inside Sales, Business Development, and Marketing for these firms.
Eric holds a degree from Bucknell University and currently resides in Northern New Jersey, where he was born and raised, with his wife, son, and daughter. Go Giants!
- Dan Herrmann, ModeratorFIS, Director, Information Security & Risk Officer
- Bryan BechardCISO, Flagship Credit Acceptance
Bryan is a 20+ year InfoSec career professional currently serving as CISO for an auto finance company and teaching the next generation of InfoSec pros.
- Chris Glanden, HostFounder, The BarCode Podcast
Chris Glanden is an experienced cybersecurity strategist and the Founder & CEO of BarCode Security, a full-service consulting firm he launched in November 2023. Through BarCode, Glanden provides advisory services, pentesting, training, and incident response with a team of seasoned industry experts.
In 2020, Glanden started the BarCode Security podcast to have engaging discussions with global cybersecurity leaders. As COVID restrictions lifted, he took the show on the road nationwide, recording live at venues like private yachts, tech meetups, and hacker conventions. The podcast and live events aim to educate on diverse perspectives in cybersecurity leadership and culture.
Concurrently, Glanden is producing his first documentary film “Inhuman,” focused on weaponized AI, slated for release in 2024. His approach across projects combines the technical aspects of cybersecurity with a creative and entertainment angle, emphasizing the importance of understanding the human side in establishing efficient security programs.
- David LingenfelterCISO, Penn Entertainment
David Lingenfelter is the Chief Information Security Officer at Penn Entertainment, responsible for ensuring the highest possible level of security for the rapidly changing risk landscape. David manages teams that oversee IT security and compliance for both the retail and digital aspects of the business. David believes that in order to implement a successful security program it’s important for everyone to understand the threats and risks that could adversely impact the business.
Prior to joining Penn Entertainment, David oversaw security for the MaaS360 mobile device management platform at IBM. During his tenure at IBM, David helped onboard and integrate the team supporting MaaS360 as part of the acquisition of Fiberlink Communications into IBM. Prior to the acquisition by IBM, David was the Information Security Officer at Fiberlink Communications working as part of the team that designed and built an early Software as a Service cloud model for its MaaS360 platform. David also led the charge for getting MaaS360 to be the first mobile device management platform certified for use by the federal government under the FedRAMP program.
As a member of the Cloud Security Alliance David was co-chair of the Mobile Working Group culminating in the publication of the “Security Guidance for Critical Areas of Mobile Computing”. David also gave input to early versions of the Cloud Control Matrix and other publications and is a former president of the Delaware Valley chapter of the Cloud Security Alliance. David’s career in IT security has always included a strong emphasis on awareness and understanding of the threats and risks associated with poor security. This passion for helping bring awareness to others and has lead David around the world giving presentations on multiple aspects of IT security and the overall impact on business and personal lives.
- Krista ArndtAssociate CISO, St. Luke's University Health Network
Krista Arndt is the Associate CISO at SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day to day operational effectiveness. Krista has been working in information security in various capacities for more than 15 years. In her previous roles, Krista assisted with developing and leading security programs in national healthcare, crypto, finance, and the Department of Defense. She currently holds her CISM and CRISC certifications and NHRA competition driver's license.
Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council, and is Marketing Committee Chair for Women in CyberSecurity (WiCyS) Delaware Valley Affiliate. Through this service, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.
When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.
- Bistra LutzDirector of Global Information Security Operations, Crown Holdings
Bistra has been in information security for 15 years; and all of it she spent in security operations/engineering for various industries from financial, to health care, to consulting; and most recently, manufacturing. Bistra is a passionate blue teamer, likes experimenting with new technologies, and is a team builder with a knack for process improvement. She is currently preoccupied philosophizing about the (scary) generative AI and ZTA.
- Vana KhuranaSr. Solutions Architect, Security Specialist, Cloud Security Alliance Delaware Valley
Vana Khurana is CISSP, AWS Certified Architect (A), CCSP, CCSK, GSEC, and TOGAF certified. Vana serves as Director of Training and a Board Member of Cloud Security Alliance Delaware Valley Chapter. She is also an Adjunct Faculty at Temple University, Philadelphia. Vana has authored the book "IT Process Management," available on Amazon.
- Happy Hour
- Richard IsraeliteSr. Director, Information Security, Addepar
Richard Israelite is Sr. Director of Information Security at Addepar. He is an information security leader with over 15 years experience building and leading global teams in some of the world’s largest Financial Services firms as well as smaller, cloud native FinTech companies. Christopher Jennings is the head of Cyber Analytics and Data Operations for Information Security at BlackRock. He has held various positions in technology support and software development.
- Pete Lindstrom, InstructorLeader in Cybersecurity Strategy, Innovation, and Economics
Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.
- Jordan Fischer, InstructorFounding Partner & Owner, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP) - Pete Lindstrom, InstructorLeader in Cybersecurity Strategy, Innovation, and Economics
Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.
- Jordan Fischer, InstructorFounding Partner & Owner, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP) - Cerena CoughlinSpecial Agent, FBI
FBI Special Agent Cerena Coughlin is the Employment Recruiter and Applicant Coordinator for the Philadelphia Field Office and local Private Sector Coordinator overseeing InfraGard, a public/private partnership between the FBI and representatives of critical infrastructure. She was a member of the Los Angeles Innocent Images SAFE Team, where she participated in investigations of child exploitation, and was assigned to Counterterrorism squads in Los Angeles and Baltimore and Cyber in Philadelphia. Prior to joining the FBI in March 2001, Coughlin served as Director of Operations for an LA-based non-profit supporting students and educational institutions across the United States.
- Cheryl Carmel, ModeratorOwner, Carmel Consulting LLC
Ms. Carmel is a member of (ISC)2 where she holds her CISSP, and IAPP where she holds her CIPT. She is a member of InfraGard and has been on the Advisory Council for SecureWorld for many years.
Ms. Carmel began her career in technology with experience in application development, infrastructure operations, technical support, and teaching. She pivoted to focus on security in 1999. Her most recent role was VP of Security, Privacy, and Compliance at OnSolve where she was responsible for maturing the program to enable successfully implement security controls to meet the rigors of FedRAMP, while maintaining the controls for ISO 27001, HIPAA, and privacy laws. Before that, she was the BISO at FIS (SunGard Financial Systems).
- Mark Eggleston, CISSP, GSEC, CHPSCISO, CSC
Mark Eggleston is the chief information security officer (CISO) for CSC, responsible for the global security and privacy program design, operations and continual maturation. As a senior executive specializing in security and privacy program development and management, Mark’s unique background and expertise in information technology, program, and people management have positioned him as a thought leader and frequent industry speaker.
Mark started his career as a program manager and psychotherapist at a hospital serving children and adolescents. Later, Mr. Eggleston helped develop an internal compliance approach—complete with policies and tools—ensuring a geographically dispersed health care provider organization (across 19 states) complied with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Mr. Eggleston then transitioned to applying his HIPAA expertise at an HMO where he has implemented many successful security controls and technologies, including single sign-on (SSO), Identity and Access Management (IAM), Cloud Access security broker (CASB), and a vulnerability assessment program.
Mark received his Bachelor of Science in psychology from Radford University. Later, Mark received both his Master of social work and his post-baccalaureate certificate in management information systems from Virginia Commonwealth University. In addition, Mark holds CHPS, CHPS, and CISSP certifications.
- David LingenfelterCISO, Penn Entertainment
David Lingenfelter is the Chief Information Security Officer at Penn Entertainment, responsible for ensuring the highest possible level of security for the rapidly changing risk landscape. David manages teams that oversee IT security and compliance for both the retail and digital aspects of the business. David believes that in order to implement a successful security program it’s important for everyone to understand the threats and risks that could adversely impact the business.
Prior to joining Penn Entertainment, David oversaw security for the MaaS360 mobile device management platform at IBM. During his tenure at IBM, David helped onboard and integrate the team supporting MaaS360 as part of the acquisition of Fiberlink Communications into IBM. Prior to the acquisition by IBM, David was the Information Security Officer at Fiberlink Communications working as part of the team that designed and built an early Software as a Service cloud model for its MaaS360 platform. David also led the charge for getting MaaS360 to be the first mobile device management platform certified for use by the federal government under the FedRAMP program.
As a member of the Cloud Security Alliance David was co-chair of the Mobile Working Group culminating in the publication of the “Security Guidance for Critical Areas of Mobile Computing”. David also gave input to early versions of the Cloud Control Matrix and other publications and is a former president of the Delaware Valley chapter of the Cloud Security Alliance. David’s career in IT security has always included a strong emphasis on awareness and understanding of the threats and risks associated with poor security. This passion for helping bring awareness to others and has lead David around the world giving presentations on multiple aspects of IT security and the overall impact on business and personal lives.
- Rebecca RakoskiCo-Founder & Managing Partner, XPAN Law Partners
Rebecca L. Rakoski is the managing partner at XPAN Law Partners, LLC. Rebecca advises her clients on a proactive, multi jurisdictional approach to identify and address data privacy and cybersecurity compliance gaps and potential liabilities. She uses her extensive experience to work with her clients to create and tailor a security and privacy governance program that fits their specific needs in order to limit their regulatory exposure.
Rebecca counsels and aggressively defends public and private corporations, and their boards, during data breaches and responds to state/federal regulatory compliance and enforcement actions. As an experienced litigator, Rebecca has handled hundreds of matters in state and federal courts. Rebecca skillfully manages the intersection of state, federal, and international regulations that affect the transfer, storage, and collection of data to minimize her client's litigation risks.
Rebecca regularly negotiates complex contractual provisions that are impacted by domestic and international data privacy regulations including the California Consumer Privacy Act of 2018, and the European Union's General Data Protection Regulation. She understands how the nature of the data can affect the role her client plays in the data transaction and uses that knowledge to mitigate corporate liability.
As a thought leader in the area of data privacy and cybersecurity, Rebecca serves on the New Jersey State Bar Association's Cyber Task Force. Rebecca is Vice-Chair Elect for the New Jersey State Bar Association's Bankruptcy Law Section.Rebecca has been appointed and served in multiple highly complex litigation matters by the New Jersey Superior Court as a Special Master in the areas of technology and eDiscovery. She also served on the Complex Business Litigation Committee that drafted and revised the New Jersey Court Rules involving electronic discovery. Rebecca was on the eDiscovery committee of her prior law firm and created its eDiscovery subgroup.
Rebecca is on the Board of Governors for Temple University Health Systems and is also the Acting Dean of Online Learning and an adjunct professor at Drexel University’s Thomas R. Kline School of Law.
- Aaron WeaverDirector of Cloud Security, Financial Services
Aaron Weaver has over 20 years' experience specializing in application and cloud security and providing training sessions at various international industry events. His work includes security consulting, penetration testing, threat modeling, and code reviews. Aaron also enjoys honey bees and recently has been experimenting with hive designs.
- Jordan FischerCEO & Founder, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP) - John RoskophSVP, IT, Caesars Entertainment
- Jose AcostaSolution Engineer, Okta
Jose Acosta is a Solution Engineer at Okta, with more than 20 years of experience in the IT industry. He has specialized in Identity and Access Management, Business Analysis, and Software Engineering, honing his skills to become a trusted advisor and subject matter expert in these areas. Jose’s extensive IT experience has equipped him to lead numerous organizations through complex software implementation projects, utilizing technology to drive growth and improve profitability.
- Naiche RobisonSales Engineer, Identity and Access Management, Thales
Naiche Robison is a Field Sales Engineer with Thales Group covering their Identity and Access Management Solutions; SafeNet Trusted Access and OneWelcome. With 16yrs of channel/distribution experience covering multiple solutions, Naiche has worked with some of the biggest players in the field from Palo Alto Network’s, to Aruba, and Brocade to provide customer focused solution sets and technical expertise.
- Taylor SpeakerSr. Sales Engineer, Orca Security
Taylor Speaker has been working in the information security industry for over 13 years. His experience includes working with organizations in the trading industry, technology startups, in addition to consulting across a wide variety of industries.
- Joseph Arahill, ModeratorSr. Manager, Information Security, Affiliated Distributors
Joe Arahill is the Senior Manager of Information Security at Affiliated Distributors (AD). He oversees the people, processes, and technology that secures AD's infrastructure and business systems. Joe started his career in information security for a commercial loan software company, and for most of his career, he has worked in the financial sector, helping to secure systems and meet financial compliance requirements. Joe received his Bachelor of Science in Management of Information Systems and later a Master of Science in Information Assurance from Norwich University. In addition, Joe holds the CISSP and CISA certifications.
- Jim CrattyDeputy Regional Director, Region 3, Cybersecurity and Infrastructure Security Agency
James Cratty currently serves as the Deputy Regional Director within DHS CISA Region 3 In this role, he is responsible for the coordination of critical infrastructure protection via the operational delivery of CISA resources to include training, vulnerability assessments, and efforts between the public and private sector to secure and ensure resilient infrastructure. This mission encompasses cyber, physical, communications, and chemical security. James joined CISA in 2017 as a Protective Security Advisor prior to becoming the Region’s Chief of Protective Security.
Prior to coming to CISA, James served with the U.S. Department of Homeland Security Federal Protective Service (FPS) from 2008 to 2017. He held many leadership positions to include the Deputy Regional Director for FPS Region 3. He was responsible for operational and support aspects of FPS program activities to include a broad range of law enforcement, criminal investigation, physical security, and protective security operations.
James began his law enforcement career with the Baltimore County Police Department (Baltimore, MD) in 1997. Being a police officer laid the foundation of his views on community involvement and collaboration to effectively provide law enforcement services. He served our country for 21 years as a Commissioned Infantry Officer in the Maryland Army National Guard. He worked over 20 state emergency incidents, always volunteering to lead military response efforts and/or work with the Maryland Emergency Management Agency. He was called to active duty two times post 9/11, the latter for an overseas combat tour for which he received a Bronze Star.
James graduated with a Bachelor of Arts Degree in Law Enforcement from Towson University (Towson, Maryland).
- Michael DaGrossa, ModeratorVP, Information Security, Genesis HealthCare
A mission and customer focused Senior Information Technology Risk Management professional with a strong concentration in Computer Security Initiatives, Governance, Risk Management and Forensics. Extensive experience in creating security and risk programs for companies of various industries, sizes, and complexities. Hands-on pen testing, application testing, social engineering and phishing program development and application. Strong threat intelligence background with the ability to decipher tactics, techniques, and procedures to minimize threat profiles across multiple business lines. Extensive experience in strategic systems planning, design and implementation utilizing structured methodologies. Seasoned team leader in successful Business Development and Sales activities possessing a keen ability to present solutions to senior leadership and technical management
- Todd BearmanVP, CISO, TE Connectivity
Todd Bearman is the Chief Information Security Officer for TE Connectivity with responsibility for Information Security globally across nearly 150 countries with 75,000 employees.
Todd is responsible for ensuring collaboration and risk management across the corporate functions and business units where he leverages his leadership, technical, and business expertise to manage information and business risks. He manages the global Information Security Program defining strategy and executing on security initiatives.
Todd has over 25 years of information systems experience and has been involved with various aspects of Information Security for over 18 years.Prior to working at TE Connectivity, Todd was CISO at Towers Watson, as well as Director of Information Security at Commerce Bank (now TD Bank). Previously, Todd has spent much of his career as a consultant, helping global companies implement and improve their security programs.
- Brandi BurtonDeputy CISO / Sr. Director, Governance, Risk & Compliance, TE Connectivity
Brandi Burton has more than 25 years experience in information and cyber security, with a specialty in technology risk management. Brandi has successfully helped companies in various industries design and lead information security and risk management programs that enable the organization's business strategies while meeting stakeholder expectations and regulatory obligations. Brandi pairs her expertise in information security with a keen business acumen in order to bridge the gap between geek speak and awesome business outcomes.
- Tom BrennanCIO, Mandelbaum Barrett PC
Tom Brennan is the CIO of the national law firm Mandelbaum Barrett PC and leads the U.S. arm of CREST International. In this role, he works with government and commercial organizations to optimize the value of CREST as a cybersecurity accreditation body and industry standards advocate, particularly for companies in the Cybersecurity & Infrastructure Security Agency’s 16 critical infrastructure sectors which are vital to U.S. security, national economy, and public health and safety. As CREST USA Chairman, Brennan spearheads strategic plans for CREST USA’s organizational growth while also serving as an industry evangelist and educator on the value of using accredited cybersecurity products and professionals to improve consumer privacy, security, and protection worldwide.
As a proud U.S. Marine veteran, Brennan became involved with CREST International in 2016 while serving the Global Board of Directors for the Open Web Application Security Project (OWASP). Seeing similar goals, he became more active in the CREST organization and was nominated to lead the organization’s U.S. Advisory in 2019. Over his career, Brennan has amassed security expertise across the cybersecurity spectrum, including penetration testing, vulnerability assessment, application security, threat intelligence, and more. In addition to being CREST USA Chairman, he is the Chief Information Officer of the national law firm Mandelbaum Barrett, overseeing critical infrastructure, privacy, and security operations. He is also an Advisory Board Member of the information services advisory Gerson Lehrman Group, a Cyber Fellows Advisory Council Member, a Member of the Information Technology Advisory Committee of the County College of Morris, a Senior Advisor and Industry Advisory Board Member of the New Jersey Institute of Technology, and a Cyber Fellows Advisory Council Member of the NYU Tandon School of Engineering.
- Chris GuarinoDevSecOps Lead, Vanguard
- Paul LynchDirector, Information Security, CubeSmart
Paul Lynch, who has more than 20 years of experience in information technology, is Director of Information Security and Infrastructure for CubeSmart Self Storage. He has established security governance programs and best practices for government, non-profit, private, and publicly traded organizations ranging from technology startup to city. He holds several information security certifications, including Certified CISO, CISSP, ISSMP, and CCSP. He has served as a subject matter expert for EC-Council and (ISC)2, specializing in security governance and cloud security. He serves on the Customer Advisory Board for eSentire.
- Kelly Rogers, HostBusiness Information Security Lead (BISO), Blackbaud
- Steve NaphyCIO, Morgan, Lewis & Bockius LLP
Steve Naphy serves as Morgan Lewis's Chief Information Officer. In his role, Steve concentrates on leveraging data analytics and process to drive efficiency and effectiveness in both business operations and the delivery of legal services. He has over 20 years of experience working in information technology (IT), including previously running information security at the firm for six years. Prior to joining Morgan Lewis, Steve held significant InfoSec roles in the retail and distribution industry. He holds an M.S. in information systems from Widener University and a B.S. from Drexel University.
- Nancy Hunter, ModeratorBoard President, WiCyS Delaware Valley Affiliate
Nancy Hunter is the VP, CISO and Data Privacy Security Officer at the Federal Reserve Bank of Philadelphia. With more than 25 years of experience in technology including 15 years in Information Security, Nancy joined the Federal Reserve Bank in 2017 where is accountable for Information Security Operations and Consulting, Information Risk Management, Records Management, and guides the implementation of the Bank’s data and system privacy program and serves as Bank representative in System data privacy policy setting. Nancy is certified in Risk and Information Systems Controls (CRISC) and holds a B.A. in Mathematics from Temple University.
- Pete Lindstrom, InstructorLeader in Cybersecurity Strategy, Innovation, and Economics
Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.
- Jordan Fischer, InstructorFounding Partner & Owner, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP)
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes