Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, November 8, 2017
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast
    • session level icon
    (VIP / INVITE ONLY)
    speaker photo
    3-time former CISO (vArmour, Sears, Silver Trail Systems), Founder and IT Security Strategist, Blue Lava Consulting
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: 408
    8:00 am
    SecureWorld PLUS Part 1 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 303

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    8:00 am
    SecureWorld PLUS Part 1 – How To Build And Maintain A Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 401

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 407

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor - Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    8:30 am
    Speaking to the C-Suite: Legal Terminology You Must Know
    • session level icon
    speaker photo
    Attorney, Newman Du Wors LLP
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 404

    Security professionals must communicate with executives to explain security risks and request remediation resources. It’s no secret that communication with executives is challenging for security professionals. This talk will teach legal terminology and how to find real-world examples of legal consequences to help you effectively convey your security risks and needs.

    8:30 am
    Beyond the Cybersecurity Medium Aevum – A Renaissance in Security Education
    • session level icon
    speaker photo
    Director of Technology, Center for Information Assurance and Cybersecurity, University of Washington
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 403

    This session will unpack and examine some of the unprecedented challenges faced by cybersecurity practitioners and educators today as the Internet dissolves organizational perimeters. We will explore how technical systems and existing cybersecurity knowledge can be rendered unreliable in "socio-technical" settings, and how the concept of "identity" is emerging as a security super-factor. We will also trace out 13 emerging mega-trends that each pose unfamiliar challenges for future information networks - and exceptional opportunities for prepared cyber-professionals and citizens.

    8:30 am
    DFIR Redefined: Deeper Functionality for Investigators with R
    • session level icon
    speaker photo
    Principal Security GPM, Microsoft
    speaker photo
    Senior Data Scientist, Microsoft
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 406

    Those of us who operate within the constructs of digital forensics and incident response understand the nuances of the related acronym (DFIR) initimately. This presentation will offer insight on a slightly different take on DFIR using R, the open source programming language and software environment for statistical computing and graphics.
    Forensics and incident response both suffer from, and can benefit from, the data explosion. That said, modern DFIR programs are obligated to embrace and attempt to master security data science.
    Doing so effectively can lead to vastly improved visualization, and behavioral analysis.
    We'll discuss such opportunities and provide an overview of some basic tools, tactics and procedures to get you started. Code examples will be included and shared for practice and exploration.

    8:30 am
    A Cybersecurity Policy That Crosses Borders
    • session level icon
    Creating policy during global uncertainty
    speaker photo
    Principal, ASA Risk Consultants, Annie Searle & Associates LLC (ASA); and Lecturer, The University of Washington
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 405

    Searle will discuss a global cybersecurity policy initiative that she is working on with the University of Washington's Jackson School of International Studies and the Wilson Center in Washington, D.C. She’ll speak more broadly on how cybersecurity policy can influence international law and regulation.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    LUNCH KEYNOTE: Building and Nurturing Your Modern Cybersecurity Risk Programs
    • session level icon
    speaker photo
    3-time former CISO (vArmour, Sears, Silver Trail Systems), Founder and IT Security Strategist, Blue Lava Consulting
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    In this presentation, Demetrios Lazarikos (Laz) will explore topics that are top of mind for Fortune 1000 Executives, Board of Directors, and practitioners that have direct involvement in building and assessing modern cybersecurity strategies and programs. Additionally, Laz will provide real world examples and best practices to effectively create, support, and evaluate the lifecycle of cybersecurity programs—a pragmatic session that is not to be missed.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable: Impacts of GDPR on Security
    • session level icon
    (VIP / Invite Only)
    speaker photo
    CISO, DocuSign
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 408
    11:15 am
    Trend Micro: Security Automation in the Cloud
    • session level icon
    speaker photo
    Principal Engineer, Trend Micro, Inc.
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 405

    How do you properly apply security in a Cloud Computing environment without creating complexity. Automation is key. In this session we will discuss the drivers for security automation and how this can be achieved through not only API-based security automation but also through what is normally considered detection controls.

    11:15 am
    Equifax and The “Reasonable” Cybersecurity Standard
    • session level icon
    speaker photo
    CEO , Cyber Risk Opportunities, LLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 406

    The Equifax data breach announced on September 7th will surely drive a good chunk of the $6 trillion in worldwide damages expected from cybersecurity breaches by 2021, as recently predicted by Cybersecurity Ventures. Given over 140 million records were exposed, it's appropriate to ask "Did Equifax practice reasonable cybersecurity?" And, what is "reasonable" cybersecurity anyway? Does it apply to me? How? Come join us for a lively session and find out!

    11:15 am
    Risk Modeling 101
    • session level icon
    speaker photo
    Cyber Security Architect, Symetra
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 403

    This session will help you understand the process of building risk or threat models that include both IT and business logic in the model. We are looking for results in a prioritized list of work to be performed to reduce the overall risk footprint and identify potential threats to your company.

    11:15 am
    Analyze Two Wire Fraud Cases With One Potential Commonality
    • session level icon
    Join this interactive discussion about the source of wire fraud scams.
    speaker photo
    Certified Computer Examiner, CTIN
    speaker photo
    Certified Computer Examiner, CTIN
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 402

    Allison and Jeff worked on two separate wire fraud cases by analyzing hard drives and email accounts long after the events. Jeff was able to find very strong evidence indicating one of the attacks was an "inside job." But there was an odd commonality in both. Is it relevant, and if so, to what extent? We'd like to hear the opinions of other experts.

    11:15 am
    Radware: Cyber War Chronicles – Stories from the Virtual Trenches
    • session level icon
    speaker photo
    Security Evangelist, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 404

    2016 saw a continuation of some cybersecurity threats, as well as the emergence of some attack types and trends. Ransom attacks, political hacks, and new dynamics around the accessibility and capability of attack tools have added even more challenges to security. This session will explore some of the latest evolutions of the threat landscape, through a combination of market intelligence, real-world case studies, and direct insights from those on the front lines of cybersecurity.

    12:00 pm
    Advisory Council Lunch Roundtable: Equifax and Other Breaches-Post Mortem Analysis: How Did This Happen?
    • session level icon
    (VIP / Invite Only)
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 408
    12:15 pm
    LUNCH KEYNOTE: Optiv - Guilty by Association: Changing the Paradigm of Managing Third-Party Risk
    • session level icon
    speaker photo
    Vice President, Information Risk Management, Optiv
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Over 50% of all security breaches originate from a third-party breach. How can you extend your internal security practices to your third-parties? This session details how to establish a third-party IT risk management program using five repeatable steps. Using firsthand experience from managing a large number of third-parties, the speaker will discuss what works and what doesn’t.

    1:15 pm
    OneTrust: EU Privacy Update: All About the New Disruptive Regulation, The GDPR
    • session level icon
    speaker photo
    GDPR Solutions, OneTrust
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm
    Location / Room: 406

    As a new era of privacy regulations approaches, security and compliance professionals need to make the GDPR a top priority by building privacy into your security plans. In this session, we'll discuss the key components and importance of the EU's GDPR, and how it directly affects the security professional from data mapping and classification to strict incident response requirements. We’ll also address the importance of demonstrating on-going compliance, and how privacy management software can support security and compliance teams.

    1:15 pm
    Panel: Beware the Highwaymen: Rise of the Cyber Criminal
    • session level icon
    speaker photo
    Sr. Compliance Officer, CenturyLink Business
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 404

    Modern civilization has always been plagued by various classes of criminals. Travelers would hire guards to protect their caravans from hijackers. Thieves came up with various ploys to trick travelers on the road. In today’s day and age the advent of interconnected devices, allowing for portability of corporate secrets, has given rise to a completely different class of nefarious actors. Cyber criminals range from those bent on stealing your personal information to “cyber terrorists” who have the capability to inflict harm on a much wider scale. Uninhibited by current laws, they are very effective given the speeds of networks, lack of appropriate security controls, and the anonymous nature of the attacker. Making matters worse, the crime may be perpetrated by entities outside of the legal jurisdiction where the unlawful act took place. This panel will explore the tools these criminals use, what can be done to prevent them, and how to safeguard your data.
    Panelists:
    Carol Sun, InfoSec Institute
    Ron Winward, Radware
    Justin Woody, FireEye
    Eric Thomas, ExtraHop
    Moderator: Mike Metzler

    1:15 pm
    Panel: Hazards on the Horizon - Emerging Threats
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Just as in the days of yore, you must have watch guards in the tower scanning the horizon for enemy banners. If you follow cyber threats, then you know that the landscape is constantly changing. From the bring your own device (BYOD) workplace to mobile-malware, social engineering, and everything in between, information security has transformed. In order stay ahead of the ever-changing threats, it is imperative to constantly improve and change security policies. Join industry experts as they discuss the importance of rolling with the changes, and how your company can stop the threat before it gets to the castle gate.
    Panelists:
    Jon Clay, Trend Micro
    Kellen Christensen, Dasher Technologies
    Hariom Singh, Qualys
    Tom Gallo, Symantec
    Gary Southwell, CSPi
    Moderator: Dan Lohrmann

    1:15 pm
    Forcepoint: Practical Human Centric Security
    • session level icon
    speaker photo
    CTO, Insider Threat, Engineering, Forcepoint
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 405

    A real world view on human centric security and investigations. A practical breakdown of how insider threat is different than typical cybersecurity with a focus on operational and technical considerations.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Panel: Manage the Damage - The Current Threatscape
    • session level icon
    speaker photo
    Executive Consultant, ISSA Distinguished Fellow
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 404

    Every week we learn about some business, government entity, bank, or healthcare entity in the news that has been hacked. Often times the intruders had been sitting collecting information for months before being discovered. Now more than ever it is crucial for organizations to develop, practice, and fine tune their incident response plans. When do you get law enforcement involved? What about the legal team or PR? Will your business recover? This panel discussion will tackle these issues as well as your questions on what you need to know after the hack.
    Panelists:
    Imry Linden, CyberArk
    Peter McNaull, LogRhythm
    Karthik Krishnan, Aruba Networks
    Andrew Cook, Delta Risk
    Bill Shelton, ThinAir
    Moderator: Jean Pawluk

    3:00 pm
    Eliminating Eeny, Meeny, Miny, Moe Syndrome: How Modeling Access Influences Control Application
    • session level icon
    speaker photo
    Deputy Director Strategic Programs, UHG
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 406

    Global security top $75 million in 2015, yet we continue to experience significant security breaches. Maybe it’s because picking controls has become a game wherein anyone with the ability to ready a spreadsheet and a budget can select and purchase controls. Compromise continues to occur when we don’t understand opportunities for access. This presentation will examine how to identify access opportunities along with methodologies for selecting effective controls.

    3:00 pm
    Juniper Networks: Software-Defined Secure Networking
    • session level icon
    speaker photo
    Security Architect, Juniper Networks
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 403

    Software-Defined Secure Networking (SDSN) presents an evolutionary leap in Security effectiveness, accomplishing in seconds what would take human analysts hours or days. Join us to hear in-depth technical analysis of modern malware infection methods, command and control channels, and learn how SDSN realigns incident response and prevention to scale with accelerated attack and exfiltration present in modern attacks.

    3:00 pm
    Your Board Wants To Hear From You. Now What?
    • session level icon
    speaker photo
    Vice President and Chief Information Security Officer, Premera Blue Cross
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 405

    Governing boards of organizations are increasingly motivated to know and influence their organization’s security management. Security professionals have long-identified the importance and need to meet with their corporate board. Now that boards want to hear from the CISO, are CISOs ready to be heard?

    3:00 pm
    SecureWorld PLUS Part 2 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 303

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    3:00 pm
    SecureWorld PLUS Part 2 – How To Build And Maintain A Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 401

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 407

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor - Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    4:30 pm
    Optiv Reception
    • session level icon
    Join Optiv and Partners for Happy Hour!
    Registration Level:
    • session level iconOpen Sessions
    4:30 pm - 8:30 pm
    Location / Room: Cast Iron Studios - 10650 NE 4th St. Bellevue

    Join your peers for complimentary hors d'oeuvres beverages and conversation following the first day of SecureWorld. This is a great opportunity to network with other security professionals from the Seattle / Bellevue area, and to discuss the hot topics from the day. The Cast Iron Studios is a short walk from the Meydenbauer Center.

    Register Here: https://live.optiv.com/profile/form/index.cfm?PKformID=0x35379abcd&

    Please Note: This event is for SecureWorld attendees and Optiv partners only, thank you.

    Cast Iron Studios
    10650 NE 4th St.
    Bellevue, WA 98004

  • Thursday, November 9, 2017
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 303

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    8:00 am
    SecureWorld PLUS Part 3 – How To Build And Maintain A Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 401

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 407

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor - Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    8:00 am
    InfraGard Chapter Meeting and Presentation: Cybersecurity 101 - An Introduction to DHS Services
    • session level icon
    Open to all Attendees
    speaker photo
    Cybersecurity Advisor, Region X, NPPD Office of Cybersecurity & Communications
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 9:15 am
    Location / Room: Keynote Theater

    Join InfraGard for their chapter meeting and guest presentation. This session is for InfraGard members and all attendees interested in the local association. This is also a great networking opportunity.
    8:00-8:30 a.m. - Networking
    8:30-9:15 a.m. – Speaker Presentation: Cybersecurity 101 - An Introduction to DHS Services

    8:30 am
    How to Build a Secure Cloud Solution That Can Pass a Compliance
    • session level icon
    speaker photo
    Distinguished Fellow, ISSA
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 406

    The session will explore how you can implement a cloud solution that is secure by design, and compliant by default. The session and demo will provide developers, architects, designers, and operators what it takes to build a secure and compliant solution in the cloud.

    8:30 am
    Lessons Learned From a Real Security Incident That You Need to Take Public
    • session level icon
    • session level icon
    speaker photo
    CISO, DocuSign
    Registration Level:
    • session level iconOpen Sessions
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 405

    This presentation will cover lessons learned from an actual public security incident. We will discuss what worked and what didn't, and what you need to be prepared if you have an incident.

    8:30 am
    Regulatory Scope Creep: We’re All Third Parties Now
    • session level icon
    speaker photo
    Founder and President, Critical Informatics
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 404

    This presentation will go over requirements that apply specifically to covered entities that are being increasingly applied to vendors, service providers, and business partners.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: The Internet of Threats - A Look at Macro Trends in Technology and the Ever Expanding Cyber Threat Landscape
    • session level icon
    FUD is back, can you pitch it correctly?
    speaker photo
    CISO, Cigna
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable: ISO 27001 and Privacy Regulations
    • session level icon
    (VIP / Invite Only)
    speaker photo
    CISO, Unify Square
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 408
    11:15 am
    GDPR: Mapping Tools & Resources
    • session level icon
    speaker photo
    Sr. Enterprise IT Compliance & Risk Trainer, Bellevue College
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 406

    This session is a ‘tip your toe in the water” brief overview of GDPR, and provides basic and publicly available mapping resources to enable individuals and organizations the means to begin identifying, understanding and mapping GDPR requirements to their respective data assets.

    11:15 am
    Gigamon: The Squeaky Wheel Gathers No Moss
    • session level icon
    How to use the GigaSecure platform to run your Security Operations Center.
    speaker photo
    Fellow Security Architect & CISO, Gigamon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 402

    In most companies, the IT department is stretched thin. Their ability to provide data to the security operations center is limited. Arguably some of the most important data to security is packets. They’re one of the most useful sources of intel to a SOC and one of the hardest for IT Ops to deliver.

    Learn how the GigaSecure platform enables the Security Operations team to deliver on their mission without causing network resource exhaustion. The GigaSecure Platform lets the security team provide their tools clean packet flows without dealing with firewall changes or network overhead. The security team’s ability to deliver doesn’t need to burden the IT and Network team.

    11:15 am
    BluVector: The Next Evolution of Malware
    • session level icon
    speaker photo
    Chief Data Scientist & Development Director, BluVector
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 403

    Malware has become the new weapon of choice for cybercriminals. It enables even non-technical criminals to produce highly effective and profitable cyberattacks with little effort. If you’re not already working to protect your network, you’re already at risk.

    Attend with BluVector’s Chief Data Scientist to learn:
    · How damaging destructive malware can be
    · How this new malware operates
    · Why your current malware detection will likely miss destructive malware
    · How newly developed techniques with supervised machine learning can help detect destructive malware

    11:15 am
    Internet Society / Online Trust Alliance: Are You Ready For the Next Data Breach Hurricane? Lessons from Equifax
    • session level icon
    speaker photo
    Online Trust Alliance, Chairman Emeritus & Founder
    speaker photo
    Partner Cybersecurity & Data Privacy, White Collar, Investigations, Securities Litigation & Compliance, Orrick LLP
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 404

    Once again consumers have been faced by a breach of epic scale underscoring the need to address the basics and prepared for the worst. Increasingly organizations are demonstrating their inability to protect consumer data and lack of fiduciary responsibility for the consumers impacted. This session will explore what is know and what "building codes" are required moving forward.

    11:15 am
    Cybersecurity & GRC Metrics That Tell a Story!
    • session level icon
    speaker photo
    Senior Associate, KPMG LLP
    speaker photo
    Manager, KPMG LLP
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 405

    The success and failure of modern enterprises is dependent on the ability to quantify cyber risk, understand cyber risk appetite and conduct fact-based decision making. Between complicated data outputs and information overload, many businesses either don’t have visibility into their information security systems or aren’t using data to its highest potential. Learn how you can revolutionize your cyber security reporting capabilities and produce robust action oriented reports and visualizations. In this session you will:
    o Understand the challenges that many customers face with cyber security reporting and metrics
    o Discuss critical success factors for reporting for improved risk based decision making
    o Learn how you can enable advanced metrics and visualization with leading edge technology solutions and the latest in industry trends.

    12:00 pm
    Advisory Council Lunch: How are Companies That Are Storing Data in the Cloud Protecting Their Data?
    • session level icon
    (VIP / INVITE ONLY)
    speaker photo
    Sr. Client Technology Architect, CenturyLink
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 408
    12:15 pm
    LUNCH KEYNOTE: Surviving the Siege – Medieval Lessons in Modern Security
    • session level icon
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Warfare and the arts of intrusion have advanced considerably since the Middle Ages, but in many ways the principles of fortification we use today remain the same. The great castles of antiquity were ingeniously designed with multiple layers of physical security to protect their inhabitants from persistent, even advanced enemy threats. Their carefully planned and creative defensive measures provide rich metaphors, both positive and negative, for today’s cyber guardians. On the other hand, clever, daring, sometimes brilliant offensive strategies and tactics have historically breached battlements thought to be unassailable. Come join us as we examine lessons that can be applied to securing our own sophisticated digital fortresses.

    1:15 pm
    CSPi: How to Unite InfoSec and DevOps to Achieve Security Without Compromise
    • session level icon
    speaker photo
    GM & VP Security Products Division , CSPi
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 406

    Data breaches are not going away. As organizations move to an agile DevOps model how are they manage the existing information security processes to ensure data privacy? What organization really need to focus on is how to make breaches irrelevant so that they do no harm. In this presentation, CSPi will review best practices and a framework that harmonizes the need for stringent InfoSec, across any environment, yet maintains the agile benefits of DevOps while providing automated protection of critical data under any use.

    1:15 pm
    RSA: Addressing the Identity Risk Attack Challenge
    • session level icon
    speaker photo
    Advisory Solutions Architect, RSA
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 405

    In Todays identity-based access world, Identities themselves have become the leading cyber attack channel.
    Traditional IT and IAM controls are no longer effective to manage today’s changing identity risk situation. Where before there was a core set of applications, VPN control and an established perimeter of the past, now that perimeter is vanishing, and the attack surface is expanding.

    In todays session we will look at a methodology to reduce risk against:
    • Expanding internal and external populations needing resource access
    • Proliferating number of applications- growth of the cloud and islands of identity in today’s always-on business
    • Increasing Compliance failure- Growing compliance and regulatory requirements with greater scrutiny
    • Minimum and ineffective sets of Control Objectives and Processes

    1:15 pm
    Panel: Close the Front Gate: Identify all Travelers
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 404

    One of the first lines of defense for a castle was the front gate or portcullis. When the need arose, they would simply close the gate and stop everyone from entering. Castle guards would stop each traveler and determine their identity and if they were a threat before letting them in. Sort of like today’s network access control and firewalls. Identity or the perception of one’s identity was all that mattered and a smart spy or thief would gain access to the castle with only minor delays. Our experts will discuss your options for defending your castle.
    Panelists:
    Michael Stuyt, SailPoint
    Gina Osmond, Venafi
    Michael Feiertag, tCell
    David Hawkins, Centrify
    Moderator: Bruce Lobree

    1:15 pm
    Panel: The Court Jester Has the Crown Jewels (Ransomware)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Way back in the day if you wanted to get someone to bend to your will you could just kidnap the princess or steal the Crown Jewels. Kingdoms would do just about anything to get these things back. It was probably a bit easier to grab the princess and leave a note with your demands. The exchange of coin for the princess was a risky maneuver but worth the reward if you escaped. Now it just takes one foolish click to become a victim of ransomware. Sadly, they are not easily caught when you make the trade with bitcoin. This panel will talk about the current schemes happening with ransomware and how you can try to keep the Crown Jewels safe.
    Panelists:
    Donald Meyer, Check Point Security
    Ryan Peters, Bluvector
    Mat Gangwer, Rook
    Ed Metcalf, Cylance
    Brian Lain, Lastline
    Moderator: Jake Bernstein

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    The Rise of Wearable Payment Smartwatches and the Need For Security
    • session level icon
    speaker photo
    Business Development Director, Newport Technologies
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 405

    Wearable Smartwatches aren't just for health and fitness, they are also going to be used for busy business executives for mobile payments, especially for mass transportation sectors. Since they will use NFC turnstile in the subway, in the taxi, or on a bus, the payment credentials need to be stored in tamper resistant security enclaves. Karl will explain all the methods currently being used on mobile devices to secure wearable smartwatches that have NFC for mobile payment.

    3:00 pm
    10 Steps to Mastering Cybersecurity for Parents
    • session level icon
    speaker photo
    CEO , Cyber Risk Opportunities, LLC
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 406

    Kids do what their parents do. So, parents need to practice good cyber hygiene and then teach those habits to their kids. They also need to enforce healthy boundaries on Internet usage. We'll explore specific risks to kids using the Internet along with specific things parents should be doing to minimize those risks. These lessons are drawn from my experience both at work and at home and are based on what we do with our family.

    3:00 pm
    Resiliency: Defense Lessons Learned from WannaCry and Petya
    • session level icon
    speaker photo
    Lt Colonel, US Air Force (Ret)
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 404

    Ransomware is a growing cyber attack method that has proven to be destructive to your business. Learn how to protect your data and infrastructure in this highly interactive session where you learn from your peers.

Exhibitors
  • Arbor Networks
    Booth: 340

    Arbor Networks is the leading provider of network security and management solutions for enterprise and service provider networks. Arbor Networks protects enterprises from distributed denial of service attacks and advanced malware using Arbor’s global network intelligence. Arbor's proven solutions help grow and protect customer networks, businesses and brands.

  • Aruba
    Booth: 220

    Aruba, a Hewlett Packard Enterprise company (NYSE:HPE), introduces Aruba 360 Secure Fabric, an enterprise security framework that gives security and networking teams an integrated, more comprehensive way to gain visibility and control of their networks. It provides a quick way to respond to cyberattacks across multivendor infrastructures, with support for hundreds to thousands of users and devices. It’s the only solution that combines a complete campus, branch, and cloud-connected network infrastructure with built-in security, along with secure network access control and advanced threat detection and response – for any network.

    To learn more, visit Aruba 360 Secure Fabric at http://www.arubanetworks.com/solutions/security/ . For real-time news updates follow Aruba on Twitter and Facebook, and for the latest technical discussions on mobility and Aruba products visit Airheads Social at http://community.arubanetworks.com.

  • Avecto
    Booth: 172

    Avecto is a leader in Privilege Elevation and Delegation Management. Since 2008, the company has enabled over 8 million users to successfully work without admin rights, enabling many of the world’s biggest brands to achieve the balance between overlocked and underlocked environments.

    Avecto’s Defendpoint software has been deployed in the most highly regulated industries, enabling organizations to achieve compliance, gain operational efficiency and stop internal and external attacks.

    Defendpoint combines privilege management and application control technology in a single lightweight agent. This scalable solution allows global organizations to eliminate admin rights across the entire business – across Windows and Mac desktops and even in the data center.

    Actionable intelligence is provided by Defendpoint Insights, an enterprise class reporting solution with endpoint analysis, dashboards and trend data for auditing and compliance.

  • Bay Pay Forum
    Booth: n/a

    The BayPay Forum, a Silicon Valley-based international network composed of over 14,000 payment and commerce executives, entrepreneurs and investors from thousands of different companies, serves as a forum to connect members in identifying and understanding the emerging trends and innovations in the industry.

  • Binary Defense Systems
    Booth: 408

    BDS is a company that works with you to understand your environment, what you have and building defenses to combat what we face today and for the attacks of tomorrow. Technology is continuously changing, businesses change every day – in order to keep up with the changes, BDS has created an extensively flexible yet highly accurate way of detecting attackers. We are attackers, and we know the best ways in detecting how attackers breach your network. An added bonus with BDS – continual penetration tests are performed regularly to enhance and develop additional safeguards. We are here to defend, protect and secure your company.

  • BluVector, Inc.
    Booth: 336

    BluVector helps security teams respond to malicious threats up to 80% faster than current approaches. As a leader in Network Security Monitoring & Analytics, BluVector applies supervised machine learning and automation so security teams can detect and respond to advanced security threats at digital speed. For more information visit: www.bluvector.io

  • CA Technologies
    Booth: 148

    CA Technologies helps customers succeed in a future where every business— from apparel to energy— is being rewritten by software. With CA software at the center of their IT strategy, organizations can leverage the technology that changes the way we live— from the data center to the mobile device.

    Our business management software and solutions help our customers thrive in the new application economy by delivering the means to deploy, monitor and secure their applications and infrastructure. Our goal is to help organizations develop applications and experiences that excite and engage and, in turn, open up money-making opportunities for their businesses.

  • Carbon Black
    Booth: 101

    Carbon Black is the market leader in next-generation endpoint security. The company expects that by the end of 2015 it will achieve $70M+ in annual revenue, 70 percent growth, 7 million+ software licenses sold, almost 2,000 customers worldwide, partnerships with 60+ leading managed security service providers and incident response companies, and integrations with 30+ leading security technology providers. Carbon Black was voted Best Endpoint Protection by security professionals in the SANS Institute’s Best of 2014 Awards, and a 2015 SANS survey found that Carbon Black is being used or evaluated by 68 percent of IR professionals. Companies of all sizes and industries—including more than 25 of the Fortune 100—use Carbon Black to increase security and compliance.

  • Centrify
    Booth: 338

    Centrify provides unified identity management across data center, cloud and mobile environments. Centrify software and cloud-based Identity-as-a-Service (IDaaS) solutions leverage an organization’s existing identity infrastructure to enable single sign-on, multi-factor authentication, privileged identity management, auditing for compliance and mobile device management.
    Centrify customers can typically reduce their total cost of identity management and compliance by more than 50 percent.

  • Check Point Security
    Booth: 314

    Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. We are committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.

  • CIOReview
    Booth: n/a

    CIOReview is a technology magazine that talks about the enterprise solutions that can redefine the business goals of enterprises tomorrow. It is the leading source that shares innovative enterprise solutions developed by established solutions providers, upcoming hot enterprises and is a neutral source for technology decision makers. Published from Fremont, California, CIOReview is an excellent platform for the enterprise to showcase their innovative solutions.

  • Cloud Security Alliance (CSA)
    Booth: TBD

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • CrowdStrike
    Booth: 140

    CrowdStrike was founded in 2011 to fix a fundamental problem: The sophisticated attacks that were forcing the world’s leading businesses into the headlines could not be solved with existing malware-based defenses. Co-founders George Kurtz and Dmitri Alperovitch realized that a brand new approach was needed — one that combines the most advanced endpoint protection with expert intelligence to pinpoint the adversaries perpetrating the attacks, not just the malware.

  • CSPi
    Booth: 216

    At CSPi we are committed to helping our customers meet some of computing’s most demanding performance, availability and security challenges.

    Today’s security teams receive a great deal of real-time information and intrusion alerts, generated from their security equipment and tools; yet, the volumes of data make it make it nearly impossible for incident response teams to validate a data breach. With our Myricom nVoy Series solution we offer our customers a new approach to cyber threat identification and investigation – a rapid breach response solution that identifies alerts associated with a specific asset and provides an extraction of the entire set of conversations associated with that breach.This detailed data is crucial in performing timely and accurate analysis needed to comply with data-privacy regulations such as GDPR, PCI DSS, HIPPA, SOX, and 48 different U.S. state laws related to PII.

  • CTIN
    Booth: TBD

    CTIN has been providing high tech crime fighting training since 1996 in the areas of high-tech security, investigation, and prosecution of high-tech crimes for both private and public sector security and investigative personnel and prosecutors. CTIN sponsors training from experts world-wide for the benefit of private organizations and law enforcement agencies.

  • Cyber-Ark Software
    Booth: 320

    Cyber-Ark® Software is a global information security company that specializes in protecting and managing privileged users, sessions, applications and sensitive information to improve compliance, productivity and protect organizations against insider threats and advanced external threats. With its award-winning Privileged Identity Management, Privileged Session Management and Sensitive Information Management Suites, organizations can more effectively manage and govern data center access and activities, whether on-premise, off-premise or in the cloud, while demonstrating returns on security investments.

  • Cybereason
    Booth: 304

    Cybereason was founded in 2012 by a team of ex-military cybersecurity experts with the mission of detecting and responding to complex cyber-attacks in real time. Cybereason is the only Endpoint Detection and Response platform deployed in user space that detects both known and unknown attacks and connects isolated indicators of compromise to form a complete, contextual attack story. Cybereason's behavioral analytics engine continuously hunts for adversaries and reveals the timeline, root cause, adversarial activity, related communication and affected endpoints and users of every attack. Cybereason provides security teams with actionable data, enabling fast decision making and proper response.

  • Cylance
    Booth: 156

    Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.

  • Darktrace
    Booth: 310

    Darktrace is the world’s leading machine learning company for cyber security. Created by mathematicians from the University of Cambridge, the Enterprise Immune System uses AI algorithms to automatically detect and take action against cyber-threats within all types of networks, including physical, cloud and virtualized networks, as well as IoT and industrial control systems. A self-configuring platform, Darktrace requires no prior set-up, identifying advanced threats in real time, including zero-days, insiders and stealthy, silent attackers. Headquartered in San Francisco and Cambridge, UK, Darktrace has 24 offices worldwide.

  • Dasher Technologies
    Booth: 324

    Dasher Technologies, Inc. ® is a premier IT solution provider that delivers expert technical resources along with trusted account executives to architect and deliver complete IT solutions and services to help our clients execute their goals, plans and objectives.

  • Delta Risk
    Booth: 218

    Delta Risk was founded in 2007 from a vision of strategic and operational effectiveness to assist private sector and government organizations in understanding their current cyber security posture and building advanced cyber defense and risk management capabilities. We are a global provider of strategic, operational, and advisory solutions, including managed security services and security consulting services. Delta Risk is a Chertoff Group company.

  • Digital Guardian
    Booth: 232

    Digital Guardian provides the industry’s only threat aware data protection platform that is purpose built to stop data theft from insiders and outside adversaries. The Digital Guardian platform performs across the corporate network, traditional endpoints, mobile devices and cloud applications and is buttressed by a big data security analytics cloud service, to make it easier to see and block all threats to sensitive information.

  • DirectDefense
    Booth: 306

    Founded in 2011, DirectDefense offers security services that are unmatched within the industry. Our core strength is our deep experience in performing assessments for a wide array of networks, platforms, and applications. Our seasoned consultants are focused on providing world-class security services to our clients.

    Regardless of industry – financial, insurance, retail, hospitality, healthcare, education, gaming, technology, or energy and utilities, our wealth of knowledge and experience can assist you in achieving your security testing and strategy goals.

  • Duo
    Booth: 204

    Duo was founded with the belief that security can only be effective if it is easy to use. Through that vision, Duo has built a world-class security platform that is actually enjoyable to use. Duo supports thousands of customers and millions of users in organizations like Accenture, Boston Medical, Emblem Health, Facebook, Toyota, Twitter, Virginia Tech, Yelp and others, and enjoys the highest NPS score in the industry.

  • EC-Council
    Booth: n/a

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Endace
    Booth: 208

    Customers choose Endace products for one primary reason: they deliver, where competitor products fail. Whether it is capture accuracy, fidelity of time stamps, write-to-disk performance or speed of traffic retrieval, Endace is famous for delivering the very best performing products. Telcos, broadcasters, governments, defence departments, investment banks and many other large enterprises trust our products to help them manage their critical data networks.

  • ExtraHop
    Booth: 222

    ExtraHop is a force multiplier for IT teams struggling with increasing complexity. With the ExtraHop platform, organizations can regain control over the security and performance of their applications and infrastructure, and capitalize on their data analytics opportunity to improve business operations and results. Learn more at www.extrahop.com

  • Fidelis Cybersecurity
    Booth: 346

    Fidelis Cybersecurity protects the world’s most sensitive data by equipping organizations to detect, investigate and stop advanced cyber attacks. Our products, services and proprietary threat intelligence enable customers to proactively face advanced threats and prevent data theft with immediate detection, monitoring and response capabilities. With our Fidelis Network and Fidelis Endpoint, customers can get one step ahead of any attacker before a major breach hits. To learn more about Fidelis Cybersecurity, please visit www.fidelissecurity.com and follow us on Twitter @FidelisCyber

  • FireEye
    Booth: 124

    FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 5,000 customers across 67 countries, including more than 940 of the Forbes Global 2000.

  • Forcepoint
    Booth: 112

    Forcepoint safeguards users, data and networks against the most determined adversaries, from insider threats to outside attackers, across the threat lifecycle – in the cloud, on the road, in the office. It simplifies compliance and enables better decision-making for more efficient remediation, empowering organizations to focus on what’s most important to them.

  • Gemalto
    Booth: 160

    SafeNet and Gemalto have joined forces to create the worldwide leader in enterprise and banking security from core data protection to secure access at the edge of the network. Together, we protect more data, transactions, and identities than any other company, delivering security services that are used by more than 30,000 businesses and two billion people in more than 190 countries around the world. We support 3,000 financial institutions and secure more than 80% of the world’s intra-bank fund transfers, and protect the world’s leading software applications.

  • Gigamon
    Booth: 116

    Gigamon (NYSE: GIMO) provides active visibility into physical and virtual network traffic, enabling stronger security and performance. Gigamon’s Visibility Fabric™ and GigaSECURE®, the industry’s first Security Delivery Platform, deliver advanced intelligence so that security, network, and application performance management solutions in enterprises government, and service provider networks operate more efficiently.

  • GuidePoint Security LLC
    Booth: 204

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com.

  • IBM
    Booth: 162

    Digital is the wires, but digital intelligence, or artificial intelligence as some people call it, is about much more than that. This next decade is about how you combine those and become a cognitive business. It’s the dawn of a new era.

  • IBM Resilient
    Booth: 308

    IBM Resilient’s mission is to help organizations thrive in the face of any cyberattack or business crisis. The industry’s leading Incident Response Platform (IRP) empowers security teams to analyze, respond to, and mitigate incidents faster, more intelligently, and more efficiently. The Resilient IRP is the industry’s only complete IR orchestration and automation platform, enabling teams to integrate and align people, processes, and technologies into a single incident response hub. With Resilient, security teams can have best-in-class response capabilities. IBM Resilient has more than 150 global customers, including 50 of the Fortune 500, and hundreds of partners globally. Learn more at www.resilientsystems.com.

  • Infoblox, Inc
    Booth: 168

    For 17 years, we’ve been the market leader for core network services, including DNS, DHCP, and IP address management, a category known as DDI.

  • InfoSec Institute
    Booth: 202

    InfoSec Institute provides award-winning security awareness and training solutions. We deliver certification-based training courses for security professionals and enterprise-grade security awareness and phishing training for businesses, agencies and institutions of all sizes. Rooted deeply in science-backed education methods that achieve measurable results, our security solutions fortify your organization against harmful and expensive security threats. Our mission is to transform the largest information security risk -- your workforce -- into your strongest line of defense.

  • Institute of Internal Auditors (IIA)
    Booth: TBD

    Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession's global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.

  • Infragard – Evergreen / WA chapter
    Booth: TBD

    InfraGard is a partnership of individuals representing businesses, academic institutions, state and local law enforcement agencies, and communities who are dedicated to collaborating and sharing information to prevent hostile acts against the United States.

    The Evergreen InfraGard Members Alliance area of operation is Washington State and over 600 members. As part of the Western Region, we work closely with the IMAs in Los Angeles, San Diego, Oregon, and Idaho. Our chapter’s mission is, “To protect Washington State’s Infrastructure and critical services by providing a secure platform and trusted community to share experiences and information.”

  • ISACA
    Booth: TBD

    As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

  • ISC2
    Booth: TBD

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation - The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • ISSA Puget Sound Chapter
    Booth: TBD

    ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. Join today.

  • Ixia
    Booth: 326

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks.
    Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Juniper
    Booth: 412

    Our customers don’t set out to build networks. They build on ideas that reinvent, reimagine, and improve the world around them. It makes sense that we should begin there, too.

    Through our passion for creating high-performing networks, Juniper extends knowledge, collaboration, and human advancement in industries around the world—such as energy, healthcare, education, and many others.

    While our innovative product and services portfolio evolves continuously, we need to reach farther to secure our customers’ long-term success. We’re looking beyond the horizons of today’s business challenges, and the technology future we see is built on real-time service integration. That means everything we develop must align with our vision.

  • Kaspersky Lab
    Booth: 318

    In 1999, Kaspersky Lab was the first company to introduce integrated antivirus software for workstations, file servers and application servers running on Linux/FreeBSD operating systems. Today, the company offers a whole range of effective corporate security solutions for the most popular operating systems specifically designed for different types of businesses. The company?s product range covers all of the main information security requirements that businesses and large state organizations have to adhere to, including: excellent protection levels, adaptability to changing circumstances, scalability, compatibility with different platforms, high performance, high fault tolerance, ease of use and high value.

    One of the primary advantages of Kaspersky Lab?s corporate range is the easy, centralized management provided by Kaspersky Security Center that extends to the entire network regardless of the number and type of platforms used.

  • Lastline
    Booth: 344

    Lastline is innovating the way companies detect active breaches caused by APTs, targeted attacks and evasive malware with its software-based Breach Detection Platform. Inspection of suspicious objects occurs at scale in real-time using a full-system emulation approach to sandboxing, and superior to VM based and OS emulation techniques. Lastline is the only company to achieve 100% detection with 0 false positives in an NSS Labs Breach Detection Test (2016). Lastline's patented technology correlates network and object analysis for timely breach confirmation and incident response. Headquartered in California.

  • LogRhythm
    Booth: 144

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • Malwarebytes
    Booth: 348

    Malwarebytes provides anti-malware and anti-exploit software designed to protect users against zero-day threats that consistently escape detection by traditional endpoint security solutions. Malwarebytes Anti-Malware earned an “Outstanding” rating by CNET editors, is a PCMag.com Editor’s Choice, and was the only security software to earn a perfect malware remediation score from AV-TEST.org. That’s why large Enterprise businesses worldwide, including Disney, Dole, and Samsung, trust Malwarebytes to protect their mission-critical data. For more information visit www.malwarebytes.com/business

  • Mimecast
    Booth: 330

    Mimecast Is Making Email Safer For Business.
    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service.
    Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • New Tech Seattle
    Booth: TBD

    Seattle's largest ongoing monthly event with more than 5,600 members. New Tech Seattle is the place where you'll always make great connections, enjoy great food and drinks, learn about new companies doing cool things, laugh, smile, and have a fun night out. And most importantly, you'll discover the people, partners, organizations, and resources to help you to build your dreams.

    It's your community, we just love it and give everyone a place to play together. New Tech Seattle happens on the 2nd or 3rd Tuesday of every month. You can also join us on the 1st or 2nd Tuesday of every month at New Tech Eastside if you spend more time in Kirkland, Bellevue, Redmond, and the surrounding cities.

  • Northwest Tech Alliance (NWTA)
    Booth: TBD

    The Northwest Tech Alliance (NWTA) is an independent technology association dedicated to bringing together some of the brightest minds from the technology industry.
    NWTA events are focused on helping attendees:
    · Network with other technology industry professionals
    · Provide education and information relative to the latest technologies and industry trends
    · Generate opportunities for personal, professional and business growth
    · Promote the Puget Sound area as a desirable place to start and grow successful technology companies
    · Learn about local food/chefs, wineries, breweries, and distilleries
    · Support local businesses and give back to the community
    · Build lifelong relationships

  • Okta
    Booth: 108

    Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

  • OneTrust
    Booth: 300

    OneTrust is the leading and fastest growing privacy management software platform used by hundreds of organizations globally to comply with data privacy regulations across sectors and jurisdictions, including the EU GDPR and Privacy Shield.

  • Online Trust Alliance (OTA)
    Booth: 300

    The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust, while promoting innovation and the vitality of the internet. OTA’s goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users' security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, meaningful self-regulation and data stewardship.

  • Optiv
    Booth: 136

    Optiv is the largest holistic pure-play cyber security solutions provider in North America. Our diverse and talented employees are committed to helping businesses, governments and educational institutions plan, build and run successful security programs through the right combination of products, services and solutions related to security program strategy, enterprise risk and consulting, threat and vulnerability management, enterprise incident management, security architecture and implementation, training, identity and access management, and managed security.

    Created in 2015 as a result of the Accuvant and FishNet Security merger, Optiv has served more than 12,000 clients of various sizes across multiple industries, offers an extensive geographic footprint, and has premium partnerships with more than 300 of the leading security product manufacturers.

  • Palo Alto Networks
    Booth: 217

    Palo Alto Networks™ is the network security company. Its next-generation firewalls enable unprecedented visibility and granular policy control of applications and content – by user, not just IP address – at up to 20Gbps with no performance degradation. Based on patent-pending App-ID™ technology, Palo Alto Networks firewalls accurately identify and control applications – regardless of port, protocol, evasive tactic or SSL encryption – and scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. Most recently, Palo Alto Networks has enabled enterprises to extend this same network security to remote users with the release of GlobalProtect™ and to combat targeted malware with its WildFire™ service. For more information, visit www.paloaltonetworks.com.

  • Proofpoint
    Booth: 316

    Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.

    Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.

  • Qualys, Inc.
    Booth: 312

    Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 120 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

  • Radware
    Booth: 206

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware's solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • Rook
    Booth: 152

    Rook Security provides 24/7 Managed Detection and Response to prevent incidents from impacting business operations. We unite the brightest minds in digital defense with the most advanced, rapid-to-deploy technology to protect your organization. As a managed service, there is no need to worry about configuring, monitoring, or managing technology – our team does the hard part for you.

  • RSA Security
    Booth: 132

    RSA’s business-driven security solutions help customers comprehensively and rapidly link security incidents with business context to respond effectively and protect what matters most. With award-winning solutions for rapid detection and response, identity and access assurance, consumer fraud protection, and business risk management, RSA customers can thrive in an uncertain, high-risk world.

  • SailPoint
    Booth: 100

    In 2005, Mark and Kevin set out to create a new type of company – one that promised to provide innovative solutions to business problems and an exciting, collaborative work environment for identity rock stars. Together, we’re redefining identity’s place in the security ecosystem.

    We love taking on new challenges that seem daunting to others. We hold ourselves to the highest standards, and deliver upon our promises to our customers. We bring out the best in each other, and we’re having a lot of fun along the way.

  • Security Scorecard
    Booth: 204

    SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their third-parties through continuous, non- intrusive monitoring. The company’s approach to security focuses on identifying vulnerabilities from an outside perspective, the same way a hacker would. Visit us at www.securitysecorecard.com

  • Skybox Security
    Booth: 226

    Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.

  • Splunk
    Booth: 102

    You see servers and devices, apps and logs, traffic and clouds. We see data—everywhere. Splunk® offers the leading platform for Operational Intelligence. It enables the curious to look closely at what others ignore—machine data—and find what others never see: insights that can help make your company more productive, profitable, competitive and secure. What can you do with Splunk?
    Just ask.

  • Structured
    Booth: 412

    Structured is a leading information technology consultancy and systems integrator that has partnered with hundreds of clients throughout the U.S. to maximize the value of IT.

    For two decades, Structured consultants have collaborated with CIOs and IT departments to develop and implement technology strategies that drive measurable improvements throughout the organization.

  • Sumo Logic
    Booth: 224

    Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world.

  • Symantec
    Booth: 128

    Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. Organizations across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud and infrastructure. Symantec operates one of the world’s largest civilian cyber intelligence networks, allowing it to see and protect against the most advanced threats. For additional information, please visit www.symantec.com or connect with us on Facebook, Twitter and LinkedIn.

  • tCell
    Booth: 328

    tCell protects web applications and API services from attacks. Using advanced Runtime Application Self-Protection functionality, tCell secures web applications in production using server-side instrumentation, browser-side instrumentation, and cloud-based analytics. tCell is the only solution for companies leveraging DevOps, Agile, or microservices to protect their applications without code or network changes. Whether applications are on-premises or cloud-based, tCell’s unique approach makes application security easy. Funded by Menlo Ventures, A Capital, Allegis Capital, Webb Investment Network, CrunchFund, and SV Angel.

  • TechTarget
    Booth: n/a

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • ThinAir
    Booth: 322

    ThinAir simplifies information visibility and security, and enables insider threat and information leak investigation in 90 seconds. ThinAir has built the world’s first insider detection and investigation platform that answers sophisticated questions about information creation, consumption, and communication, empowering security and IT professionals to have instant data-element level visibility in real time and historically. To learn more visit thinair.com and connect with us on Twitter @thinairlabs and LinkedIn.

  • Trend Micro
    Booth: 210

    As a global leader in cloud security, Trend Micro develops Internet content security and threat management solutions that make the world safe for businesses and consumers to exchange digital information. With more than 20 years of experience, we're recognized as the market leader in server security for delivering top-ranked client, server, and cloud-based security solutions that stop threats faster and protect data in physical, virtualized, and cloud environments.

  • Thales e-Security
    Booth: 164

    Thales e-Security is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales e-Security is part of Thales Group.

  • TrustedSec
    Booth: 303

    Our #1 priority is you, our customer. We believe in our services and our quality of them. We truly care about each and every organization as much as you do. Our team is highly talented, skilled, senior, and not a commodity service like other INFOSEC consulting companies. TrustedSec’s model is to staff with only senior level resources and the highest quality of information security consulting. Our brand, reputation, and quality is how we have established ourselves in this industry and with the mindset of “always doing the right thing”. When we work with our customers, it’s more than “just another engagement” – it’s establishing an understanding with an organization, and working to make them better.

  • Venafi
    Booth: 406

    Venafi secures and protects keys and certificates so they can’t be used by bad guys in cyber attacks. Criminals want to gain trusted status and go undetected. This makes keys and certificates a prime target. Criminals steal and compromise keys and certificates that are not properly protected, and use them to circumvent security controls. This has become the attack of choice. As a Gartner-recognized Cool Vendor, Venafi delivered the first trust protection platform to secure cryptographic keys and digital certificates that businesses and governments depend on for secure communications, commerce, computing, and mobility. Venafi finds all keys and certificates and puts them under surveillance to detect anomalies. Vulnerable keys and certificates are fixed to prevent attack. Ongoing remediation is performed automatically. Venafi strengthens defenses of today’s critical security controls.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Demetrios Lazarikos
    3-time former CISO (vArmour, Sears, Silver Trail Systems), Founder and IT Security Strategist, Blue Lava Consulting

    Demetrios Lazarikos (Laz), a recognized visionary for building Information Security, fraud, and big data analytics solutions, is the Founder and IT Security Strategist for Blue Lava Consulting.

    Laz has more than 30 years' experience in building and supporting some of the largest InfoSec programs for financial services, retail, hospitality, and transportation verticals. Some of his past roles include: CISO at vArmour, CISO at Sears, CISO at Silver Tail Systems (acquired by RSA/EMC), VP of Strategic Initiatives at ReddShell Corporation (acquired by TrustWave), and a former PCI QSA.

    Laz is an Adjunct Professor at Pepperdine University's Graziadio School of Business and Management. He holds a Master’s in Computer Information Security from the University of Denver and an MBA from Pepperdine University, and has earned several security and compliance certifications.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Larry Wilson
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    Jake Bernstein, Esq.
    Attorney, Newman Du Wors LLP

    Jake is a former Washington State Assistant Attorney General who now represents companies subject to investigations and actions brought by federal and state regulatory agencies, including the FTC and state attorneys general. He provides privileged cybersecurity assessments and strategic planning in addition to advertising, marketing, regulatory compliance, and privacy advice.

  • speaker photo
    Scott David
    Director of Technology, Center for Information Assurance and Cybersecurity, University of Washington

    Scott L. David, J.D., LL.M., is the Director of Policy at the Center for Information Assurance and Cybersecurity (CIAC) at the University of Washington. Scott is a member of the World Economic Forum's Global Futures Council on Digital Economy and Society, and the WEF Initiative on Ethics of AI and Machine Learning. Previously, Scott worked as an attorney for 30 years, counseling commercial and governmental entities worldwide in the structures and transactions of technology and business networks including issues of data security, ecommerce, privacy, standards setting, IP, telco, and tax. Scott was a partner at K&L Gates from 1992 to 2012.

  • speaker photo
    Russ McRee
    Principal Security GPM, Microsoft

    Russ McRee is Group Program Manager of the Blue Team for Microsoft’s Windows & Devices Group (WDG). He writes toolsmith, a monthly column for information security practitioners, and has written for other publications including Information Security, (IN)SECURE, SysAdmin, and Linux Magazine.

    Russ has spoken at events such as DEFCON, Derby Con, BlueHat, Black Hat, SANSFIRE, RSA, and is a SANS Internet Storm Center handler. He serves as a joint forces operator and planner on behalf of Washington Military Department’s cyber and emergency management missions. Russ advocates for a holistic approach to the practice of information assurance as represented by holisticinfosec.org.

  • speaker photo
    Eric Kapfhammer
    Senior Data Scientist, Microsoft

    Eric Kapfhammer is a data scientist at Microsoft, where he focuses on applying statistical and machine learning approaches to computer and network security. Prior to joining Microsoft, Eric spent the previous decade in the quantitative trading space as a Managing Director and Portfolio Manager, leading teams of data scientists and software engineers. He has also worked in software engineering and program management roles at companies such as Starbucks, Expedia, and Boeing. Eric obtained a BA in Business and International Relations from the University of Puget Sound, a MSc in Finance from Seattle University, and is currently pursuing a MSc in Computer Science with a machine learning specialization at the Georgia Institute of Technology.

  • speaker photo
    Annie Searle
    Principal, ASA Risk Consultants, Annie Searle & Associates LLC (ASA); and Lecturer, The University of Washington

    Annie Searle is Principal of Annie Searle & Associates LLC – also known as ASA Risk Consultants -- an independent consulting and research firm, serving businesses and organizations that are part of the nation’s critical infrastructure. ASA’s Institute for Risk and Innovation helps drive policy change in areas ranging from public-private sector critical infrastructure resilience, to financial regulation, cybersecurity and terrorism, digital privacy and crisis management best practices. More information can be found at www.anniesearle.com.

    Searle is a full-time faculty lecturer at the University of Washington’s School of Information, where she teaches two operational risk graduate courses that she designed as well as a course on the impact of technology on ethics, policy and law. She is a lifetime member of The Institute of American Entrepreneurs, and a 2011 inductee into The Hall of Fame for Women in Homeland Security and Emergency Management. Since 2007, she has been an invited participant at New York University’s annual Global Roundtable on Public-Private Preparedness.

  • speaker photo
    Demetrios Lazarikos
    3-time former CISO (vArmour, Sears, Silver Trail Systems), Founder and IT Security Strategist, Blue Lava Consulting

    Demetrios Lazarikos (Laz), a recognized visionary for building Information Security, fraud, and big data analytics solutions, is the Founder and IT Security Strategist for Blue Lava Consulting.

    Laz has more than 30 years' experience in building and supporting some of the largest InfoSec programs for financial services, retail, hospitality, and transportation verticals. Some of his past roles include: CISO at vArmour, CISO at Sears, CISO at Silver Tail Systems (acquired by RSA/EMC), VP of Strategic Initiatives at ReddShell Corporation (acquired by TrustWave), and a former PCI QSA.

    Laz is an Adjunct Professor at Pepperdine University's Graziadio School of Business and Management. He holds a Master’s in Computer Information Security from the University of Denver and an MBA from Pepperdine University, and has earned several security and compliance certifications.

  • speaker photo
    Vanessa Pegueros
    CISO, DocuSign

    Vanessa is currently VP and CISO for DocuSign helping to lead the company in providing an industry leading security program to its customers. Vanessa formally worked with US Bank as the Senior VP responsible for Enterprise Information Security and a team of over 120 people. She also was the CISO at Expedia and has held senior level security roles with Washington Mutual, Cingular and AT&T Wireless. She has held numerous other roles specifically within the wireless arena including Network Planning, Architecture & Engineering, Technical Sales, and Product Development. She has an MBA from Stanford University, a MS in Telecommunication from the University of Colorado, and a BS in Engineering from UC Berkeley. She holds GSEC, CRISC, CISM and CISSP security certifications. Additionally, she holds the CIPP/E Privacy certification.

  • speaker photo
    Craig Schippers
    Principal Engineer, Trend Micro, Inc.

    Craig Schippers is a CISSP Certified Principal Sales Engineer at Trend Micro. He has worked in the security industry for approximately 17 years, assisting customers with their Infrastructure Security needs. He lives in Portland, Oregon.

  • speaker photo
    Kip A. Boyle
    CEO , Cyber Risk Opportunities, LLC

    Kip Boyle is the CEO of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Bruce Lobree
    Cyber Security Architect, Symetra

    Mr. Lobree has worked as a Security Engineer, Architect and CSO in roles with global responsibilities. His experience crosses Utility, Retail, Financial and Software industries. He has built security programs within corporations and implemented a wide variety of security tools in his career. He is a published author and educator.

  • speaker photo
    Allison Goodman
    Certified Computer Examiner, CTIN

    Allison Goodman is a Certified Computer Examiner at eDiscovery Inc. in Bellevue, Washington. Allison is the President of CTIN, a local non-profit organization that provides training to other digital examiners. She is also a dialogue leader for the Sedona Conference WG1 on transparency and cooperation in the discovery process. Most of her work is for civil litigators on either the plaintiff or defense side with testifying experience.

  • speaker photo
    Jeff Whitney
    Certified Computer Examiner, CTIN

    Jeff Whitney is a Certified Computer Examiner at eDiscovery Inc. in Bellevue, Washington. Most of his work is for civil litigators on either the plaintiff or defense side and he has testifying experience.

  • speaker photo
    Ron Winward
    Security Evangelist, Radware

    Ron Winward is a Security Evangelist for Radware, where he helps execute the company’s thought leadership on today’s security threat landscape. Ron brings nearly 20 years of experience in the Internet service provider space, most recently as Director of Network Engineering for a global infrastructure and colocation provider. With an expertise in network architectures and DDoS mitigation, Ron has helped design solutions for carriers, enterprises, and cybersecurity service providers around the world.

  • speaker photo
    James Christiansen
    Vice President, Information Risk Management, Optiv

    James Christiansen is a seasoned business leader with deep technical expertise and is recognized as a global thought leader. As Vice President, Information Risk Management in the Office of the CISO at Optiv, he helps chief experience officers (CXOs) make executive decisions based on the balance of risk and cost. He is responsible for developing and delivering a comprehensive suite of strategic services and solutions to help CXO executives change their security strategies through innovation.

    Prior to his tenure at Optiv, Christiansen was Chief Information Risk Officer for Evantix and Chief Security Officer for Experian Americas. He joined Experian after serving as chief information security officer for General Motors where his responsibilities included worldwide implementation of security plans for the largest financial (GMAC) and the largest manufacturing corporation in the world. He previously served as SVP and division head of information security for Visa International.

    Christiansen is a patent inventor and has received three innovation awards in cybersecurity, GRC, and cloud computing. He is the author of the “Internet Survival Series” and contributing author of “CISO Essentials,” as well as numerous industry papers.

    Christiansen earned his master’s degree in business administration in international management and his bachelor’s degree in business management from Westminster College.

  • speaker photo
    Ben Feldman
    GDPR Solutions, OneTrust

    Ben Feldman serves on the GDPR Solutions team at OneTrust. In his role, Feldman manages relationships with leading enterprise organization's and provides resources to operationalize data privacy compliance. Prior to OneTrust, Feldman spent 3 years at a leading global provider of telecommunications services where he gained valuable experience in the Managed Network, Global WAN, Cybersecurity, HostedPBX and SaaS space. Feldman holds a B.S. from the University of Georgia.

  • speaker photo
    Moderator: Michael T. Metzler
    Sr. Compliance Officer, CenturyLink Business

    Michael (CISSP, CGEIT, CISM) has over 35 years of industry experience delivering security consulting service internationally in security policy, security risk management, network design, and troubleshooting. He has designed global networks and provided security consultation for many corporations, as well as for U.S. Defense contractors and foreign government agencies. He currently provides Information Assurance Advisory and Consulting Services for CenturyLink Technology Solutions.

  • speaker photo
    Brandon Swafford
    CTO, Insider Threat, Engineering, Forcepoint

    Brandon has 12 years of experience in legal, counterintelligence, and financial security across worldwide organizations. He has worked with hedge funds, the US Intelligence community, and the International Monetary Fund.

  • speaker photo
    Jean Pawluk
    Executive Consultant, ISSA Distinguished Fellow

    Jean is an Executive Consultant, ISSA Distinguished Fellow, and honored as a 2015 SC Magazine “Woman of Influence”. With a global focus on strategy, architecture, and technology in the high tech and financial industries, she alternates between technical and executive leadership roles. Once focused on security and cryptography for the financial industry, her current focus is on the use and abuse of blockchains, augmented reality, and the Internet of Things (IoT).

  • speaker photo
    Ravila White
    Deputy Director Strategic Programs, UHG

    Ravila Helen White is the Deputy Director of Strategic Programs – Enterprise Security Architecture for UHG. Prior to that, she headed up the information security programs for Providence Health & Services, The Bill & Melinda Gates Foundation and drugstore.com. Ravila has more than 15 years of professional IT experience, with experience as a strategist, architect, auditor and a front line information security practitioner. Ravila is a strong advocate in influencing organizations to choose to do the right things, through her philosophy of "making it better without making it complex."

    Ravila carries CISSP, CISM, CISA, CIPP, GCIH and ITIL v3 certifications, with an MSc Information Security from the University of Royal Holloway. She regularly presents at local events on information assurance issues and has been published on a national and global level. She is also a member of the PacCISO and Agora.

  • speaker photo
    Zach Forsyth
    Security Architect, Juniper Networks

    Zach Forsyth thrives on understanding advanced threats and designing solutions to combat them. His 20-year career has focused on malware delivery and weaponization, advanced malware prevention, next generation firewalls, automation, threat hunting, deception networks, adversarial response systems, intrusions, exploits, social engineering and related fields. Zach has appeared on the AT&T ThreatTraq show, and as a speaker and panelist at leading security conferences such as RSA, Interop, Blackhat, and Secureworld. In addition, he has been published by CNN, DarkReading, Defend Magazine, SC Magazine, CSO Online, TechNewsWorld and Infosecurity Magazine.

  • speaker photo
    Sean Murphy
    Vice President and Chief Information Security Officer, Premera Blue Cross

    Sean Murphy is the Vice President and Chief Information Security Officer for Premera Blue Cross (Seattle, WA).

    He is responsible for providing and optimizing an enterprise-wide security program and architecture that minimizes risk, enables business imperatives, and further strengthens the health plan company’s security posture. He works closely with Premera’s leadership team to establish and maintain a comprehensive program to protect employees, information assets and technologies and mature the corporate culture from security awareness to accountability.

    He’s a healthcare information security expert, with more than 20 years of experience in the field. Sean retired from the U.S. Air Force (Medical Service Corps) after achieving the rank of lieutenant colonel. He has served as CIO and CISO in the military service and private sector at all levels of healthcare organizations. He has served at the forefront of building robust security programs while responding and recovering healthcare organizations from major security events. But his proudest professional accomplishment was his service as a senior mentor to the Afghan National Police Surgeon General’s Office in 2008–2009 in support of Operation Enduring Freedom.

    Sean has a master’s degree in business administration (advanced IT concentration) from the University of South Florida, a master’s degree in health services administration from Central Michigan University, and a bachelor’s degree in human resource management from the University of Maryland. He is a board member of the Association for Executives in Healthcare Information Security (AEHIS). Sean is a past chairman of the HIMSS Privacy and Security Committee. He is also a noted speaker at a national level and the author of numerous industry whitepapers, articles, and educational materials, including his recent book, “Healthcare Information Security and Privacy,” published in 2015.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Larry Wilson
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Larry Wilson
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    Ronald Watters
    Cybersecurity Advisor, Region X, NPPD Office of Cybersecurity & Communications

    Ron serves as the Region X (WA, OR, AK, ID) Cybersecurity Advisor for the Stakeholder Engagement and Cyber Infrastructure Resilience Division of the Office of Cybersecurity and Communications (CS&C) National Protection and Programs Directorate (NPPD). Based in Seattle, WA, he supports the Department of Homeland Security (DHS) mission of strengthening the security and resilience of the nation's critical infrastructure.

    Prior to joining DHS, Ron served 27 years with the U.S. Navy and Naval Reserve as a Submarine Sonar Technician and Diver. Finding not much use for a Submarine Sonar Technician in the Surface reserve Ron utilized his talents as an Intelligence Analyst and was utilized accordingly. Ron retired from the US Navy in 2007. During his active duty Ron completed his Bachelor’s degree in Public Administration with Criminal Justice emphasis (Cum Laude). Ron completed his two Master’s Degrees in Education (School Administration and Secondary Education) at Loyola Marymount University. He continued his education and achieved certification as a Microsoft Certified Systems Engineer and Microsoft Certified Trainer, in 1998 he was hired as the Computer science department chairman at Chaminade College Preparatory high School in West Hills, CA until he was recalled to Active duty following 9/11. Upon his demobilization he was offered a position as the Deputy Information Systems Management Officer with the 4th Marine Corps recruiting District in New Cumberland, PA. He rose to the position of S-6 before leaving in 2009 to take a position as the Chief, Information Assurance Division, Directorate of Information Management Ft Irwin, CA. Ron remained in that positon until he left to become the Branch Manager of the Cybersecurity Branch of the Puget Sound Naval Shipyard in March of 2016. Ron interviewed and was hired as the Region X Cybersecurity advisor in June of 2017 and has filled that position presently.

    Ron’s computer certifications are numerous to include Microsoft Certified Systems Engineer (MCSE), Certified Novell Administrator (CNA), GIAC Security Leadership Certification (GSLC), CompTia Security+ CE, and Microsoft Certified Trainer (MCT). In addition to the professional certifications Ron has been awarded numerous Commander’s Coins for excellence and received Two Commander’s Awards for his work at Fort Irwin.

  • speaker photo
    Frank Simorjay
    Distinguished Fellow, ISSA

    Frank Simorjay (CISSP, ISSA Distinguished Fellow) is a cloud security and compliance subject matter expert. Frank works for Microsoft Azure global ecosystem organization as the Lead PM of the Azure automation Blueprint program, that includes the PCI automation blueprint. Frank has written an extensive library of papers, and blogs (http://cloudntech.blogspot.com/)

  • speaker photo
    Vanessa Pegueros
    CISO, DocuSign

    Vanessa is currently VP and CISO for DocuSign helping to lead the company in providing an industry leading security program to its customers. Vanessa formally worked with US Bank as the Senior VP responsible for Enterprise Information Security and a team of over 120 people. She also was the CISO at Expedia and has held senior level security roles with Washington Mutual, Cingular and AT&T Wireless. She has held numerous other roles specifically within the wireless arena including Network Planning, Architecture & Engineering, Technical Sales, and Product Development. She has an MBA from Stanford University, a MS in Telecommunication from the University of Colorado, and a BS in Engineering from UC Berkeley. She holds GSEC, CRISC, CISM and CISSP security certifications. Additionally, she holds the CIPP/E Privacy certification.

  • speaker photo
    Michael Hamilton
    Founder and President, Critical Informatics

    Mr. Hamilton is a former cybersecurity policy adviser to Washington State, CISO, City of Seattle, and VeriSign Managing Consultant.

  • speaker photo
    James Beeson
    CISO, Cigna

    James has over 28 years of experience in cyber security and technology. He has 17 years of direct experience as an information security leader and is currently the Chief Information Security Officer at Cigna, a global health insurance company. James previously worked 20 years for General Electric in various security and technology leadership positions.

    James was an Evanta 2016 Breakaway Leadership Award finalist and a T.E.N. ISE North America Executive Award finalist in 2011.

    He has Co-Chaired the CISO Executive Summit in Dallas for the past eight years, and participates as a keynote speaker at various events across the globe.

    James also works closely with the SINET, the Security Innovation Network, to promote public and private sector collaboration and increase the awareness of innovative emerging companies.

    James is actively involved in FS-ISAC (Financial Services – Information Sharing and Analysis Center), ISSA (Information Systems Security Association), and ISACA (Information Systems Audit and Control Association), which work to drive standards, improvements, and networking in security and risk management globally.

    He has an MBA from Southern Methodist University and a BBA in Management and Leadership.

    He is a Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), and Six Sigma Quality certified.

  • speaker photo
    Chris Vaughn
    CISO, Unify Square

    Chris Vaughn is an information security and risk management leader with two decades of experience developing information security strategies and programs for international organizations. He is the Chief Information Security Officer (CISO) at Unify Square, the leading provider of software and managed cloud services for Microsoft Skype for Business, where he owns global responsibility for information security and privacy. Prior to Unify Square, he held key leadership positions at Nestlé and the Bill & Melinda Gates Foundation. In addition to strategy development, governance, and risk management, he has also led teams specializing in security engineering, service continuity, identity management, and ISO 27001 implementation.

  • speaker photo
    Deanna Locke
    Sr. Enterprise IT Compliance & Risk Trainer, Bellevue College

    Deanna Locke, CIPP, CISSP, CISA, ITILv3, is a privacy/security professional with 25+ years combined IT, security, international privacy, Big 4 audit and cybersecurity advisory, and corporate risk and governance experience. Ms. Locke works with senior leadership to shift static, compliance-adverse, and vulnerable enterprise cultural behaviors towards becoming agile, dynamic, and innovative results-producing organizations. “There’s a control for that….” Currently, Ms. Locke is developing Enterprise IT training for traditional software development environments towards transformation to DevOps.

  • speaker photo
    Simon Gibson
    Fellow Security Architect & CISO, Gigamon

    Simon Gibson is a Fellow Security Architect at Gigamon. He provides security strategy and technology roadmap direction for Gigamon products that secure physical and virtual network traffic. Simon has been working on Internet infrastructure for nearly 20 years. From small ISP’s , to developing streaming media technology at AOL/Time Warner and working on hardware accelerated appliances with Extreme Networks for WinAmp/Shoutcast. Simon was a Systems Architect at Verisign. Prior to Gigamon, Simon led the Information Security Group at Bloomberg LP in New York and was their CISO from 2008 to 2013.

  • speaker photo
    Ryan Peters
    Chief Data Scientist & Development Director, BluVector

    As BluVector’s Chief Data Scientist, Ryan Peters leads the company’s efforts in data science and analytics-related efforts for updating and improving the product’s malware detection engines. Peters’ contributions have included rewriting most of the company’s supervised machine learning engine, developing “In-Situ Learning” to allow customers to use their data to retrain their BluVector appliance classifiers, as well as expanding the product’s detection capability to include fileless memory-based malware.

    Peters holds a bachelor’s degree in biomedical engineering from Case Western Reserve University and a master’s degree in biomedical engineering from Duke University. He has co-authored publications in the Journal of Neurophysiology and PLOS ONE and holds multiple U.S. patents.

  • speaker photo
    Craig Spiezle
    Online Trust Alliance, Chairman Emeritus & Founder

    Craig is a recognized authority and industry consultant focused on the convergence of privacy and security. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.

  • speaker photo
    Aravind Swaminathan
    Partner Cybersecurity & Data Privacy, White Collar, Investigations, Securities Litigation & Compliance, Orrick LLP

    Aravind Swaminathan is global co-chair of the firm's Cybersecurity & Data Privacy team, which was named Privacy Practice Group of the Year in 2016 by Law360, and is nationally ranked by The Legal 500 in two categories. Aravind earned "particular praise" from Legal 500, as part of a team known for being "extremely responsive and client focused, succeeding at meeting the needs of both in-house counsel and tech-savvy business clients." Aravind is a former federal cybercrime prosecutor, an accomplished trial lawyer, and class action litigator, with extensive experience in handling cybersecurity incidents and data breaches, government and internal investigations, and privacy-related matters.

    Aravind advises clients in cybersecurity risk assessment and management, breach incident response planning, and corporate governance responsibilities related to cybersecurity. Aravind has directed over 100 data breach investigations and cybersecurity incident response efforts, including ones with national security implications. He also represents companies and organizations facing cybersecurity and privacy-oriented FTC, SEC, and State Attorney General investigations and class action litigation. Aravind is a sought-after speaker on cybersecurity issues, including threat landscapes, mitigation strategies, incident response plans, and threat management in mobile device ecosystems. Aravind previously served on the City of Seattle’s Privacy Advisory Committee, as general counsel to Washington State Governor Jay Inslee's task force on drone legislation, and is currently serving as counsel to PISCES, a first-of-its-kind organization whose purpose is to facilitate information sharing between state and local agencies and municipalities to improve threat intelligence availability to support critical government services.

    Until 2013, Aravind served as an Assistant United States Attorney for the Western District of Washington, where he served as one of the district's Computer Hacking and Intellectual Property Section attorneys. As a prosecutor, Aravind investigated and prosecuted a broad array of cybercrime cases, including ones involving hacking, phishing, theft of trade secrets, click fraud, cyber threats, and identity theft. Aravind also led the United States Attorney's Office cybercrime outreach program for the Western District of Washington, where he worked with members of the Department of Justice, state and federal regulators, law enforcement and other organizations on cybersecurity and related privacy issues.

  • speaker photo
    Eva Benn
    Senior Associate, KPMG LLP

    Eva is a Senior Associate at KPMG’s Advisory Cyber Security practice. Through her time with KPMG, she has served as a trusted advisor to leading telecommunications and technology organizations by helping them define, mature and scale their Cyber and Governance, Risk and Compliance (GRC) processes. She has been focusing primarily on enterprise GRC strategy and enterprise program development as well as medium to large scale RSA Archer implementations. As a top performer in her area of expertise, Eva has been involved in highly impactful business transformation initiatives in the area of information security and risk management, third party risk and business continuity management. She was invited to speak about some of her impactful work at the RSA Charge 2016 conference in New Orleans.

  • speaker photo
    Swarnika Mehta
    Manager, KPMG LLP

    Swarnika- Swarnika is a Manager in KPMG’s Cyber practice a frequent speaker at global information security and governance, risk and compliance industry events. She leads Cyber Security and Governance, Risk and Compliance (GRC) related business transformation initiatives for technology and telecommunication industries in the PNW. She has over 6 years of risk consulting experience and has a strong background GRC and Cyber program development and implementation, cloud security and compliance, information security & risk management, and certification and accreditation (C&A).She was recognized by the US Consulting Magazine as the Top 35 under 35 Rising Stars of the Profession, for long-term commitment to excellence.

  • speaker photo
    LTC John Sutherland, PhD
    Sr. Client Technology Architect, CenturyLink

    John is a Senior Technology Architect at CenturyLink, a retired US Army intelligence officer, a former Defense Attaché, and SE Asian Foreign Area Officer fluent in Vietnamese with over 26 years of experience in information security and political-military operations. CISM, CISSP.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Gary Southwell
    GM & VP Security Products Division , CSPi
  • speaker photo
    Christopher Williams
    Advisory Solutions Architect, RSA

    Christopher is a leading voice in the convergence of operational IT practices and Identity, Audit, and Compliance programs. His career features 15 years as a practicing manager of data centers, operations & technical services and consulting teams for fortune 500 companies and DOD contractors; plus another 20 years of technical services, product, and product marketing management. Christopher now serves as the Advisory Solutions Architect for RSA, the industry’s leading Security, Identity & Access Governance solutions provider. In this role Christopher continues to help organizations around the world define and achieve their goals through process workshops, mentoring seminars, and numerous publications.
     

  • speaker photo
    Karl Weaver
    Business Development Director, Newport Technologies

    Mandarin Chinese-speaking, Mobile Device ecosystem specialist for the Smart Card sector of the Wireless industry. Newport Technologies is Karl’s public speaking vehicle to evangelize cutting edge mobile technologies within Greater China and Asia. Karl’s career in the Smart Card/Semiconductor ecosystem and embedded software World spans 13 years. Additionally, Karl spent 5 years working in China for Gemalto (and Trustonic) as Rainmaker for design in of embedded Mobile NFC Payments & TEE security technologies to the OEM Smartphone/Tablet PC ecosystem. He possesses a B.S degree in Business Management from Salve Regina University, Certification in Mandarin Chinese Language, Customs and Culture from National Taiwan Normal University – Mandarin Training Center and Certification in Broadband wireless communications from University of Washington (Seattle). Karl has many streaming videos on YouTube and Youku discussing mobile payment and security technologies. In 2014, Karl stablished an NFC, Payments & TEE Security Meetup Group in the Seattle tech corridor. Karl is a top public speaker on Wearable Payment Smartwatches for subway transit ticketing in China.

  • speaker photo
    Kip A. Boyle
    CEO , Cyber Risk Opportunities, LLC

    Kip Boyle is the CEO of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    LTC Kevin J. Murphy
    Lt Colonel, US Air Force (Ret)

    Kevin is the VP of Cyber Operations at IOActive.com, a retired US Air Force intelligence officer, and the former Director of Windows Security Architecture at Microsoft. He has over 25 years' of experience in threat intelligence and information security. CISM, CISSP, CGEIT.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store