googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, November 8, 2017
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Topic: A Legal Post-Mortem: What Did the Lawyers Learn From a Ransomware Attack?
    speaker photo
    Former CISO of vArmour, Sears, and Silver Trail Systems, Founder and IT Security Strategist, Blue Lava Consulting
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: 408

    This session is for Advisory Council members only.

    8:00 am
    SecureWorld PLUS Part 1 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    President, CISSP, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 303

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    8:00 am
    SecureWorld PLUS Part 1 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CSO, Security Mentor; Former CISO, State of Michigan
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 401

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    8:00 am
    [SecureWorld PLUS] Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 407

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:30 am
    Speaking to the C-Suite: Legal Terminology You Must Know
    • session level icon
    speaker photo
    Partner, Data Protection, Privacy & Security Group, K&L Gates LLP
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 404

    Security professionals must communicate with executives to explain security risks and request remediation resources. It’s no secret that communication with executives is challenging for security professionals. This talk will teach legal terminology and how to find real-world examples of legal consequences to help you effectively convey your security risks and needs.

    8:30 am
    Beyond the Cybersecurity Medium Aevum – A Renaissance in Security Education
    • session level icon
    speaker photo
    Director of Technology, Center for Information Assurance and Cybersecurity, University of Washington
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 403

    This session will unpack and examine some of the unprecedented challenges faced by cybersecurity practitioners and educators today as the Internet dissolves organizational perimeters. We will explore how technical systems and existing cybersecurity knowledge can be rendered unreliable in “socio-technical” settings, and how the concept of “identity” is emerging as a security super-factor. We will also trace out 13 emerging mega-trends that each pose unfamiliar challenges for future information networks – and exceptional opportunities for prepared cyber-professionals and citizens.

    8:30 am
    DFIR Redefined: Deeper Functionality for Investigators with R
    • session level icon
    speaker photo
    Principal Security GPM, Microsoft
    speaker photo
    Founder and Executive Director, Metycus
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 406

    Those of us who operate within the constructs of digital forensics and incident response understand the nuances of the related acronym (DFIR) initimately. This presentation will offer insight on a slightly different take on DFIR using R, the open source programming language and software environment for statistical computing and graphics.
    Forensics and incident response both suffer from, and can benefit from, the data explosion. That said, modern DFIR programs are obligated to embrace and attempt to master security data science.
    Doing so effectively can lead to vastly improved visualization, and behavioral analysis.
    We’ll discuss such opportunities and provide an overview of some basic tools, tactics and procedures to get you started. Code examples will be included and shared for practice and exploration.

    8:30 am
    A Cybersecurity Policy That Crosses Borders
    • session level icon
    speaker photo
    Associate Teaching Professor, The Information School, University of Washington
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 405

    Searle will discuss a global cybersecurity policy initiative that she is working on with the University of Washington’s Jackson School of International Studies and the Wilson Center in Washington, D.C. She’ll speak more broadly on how cybersecurity policy can influence international law and regulation.

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    LUNCH KEYNOTE: Building and Nurturing Your Modern Cybersecurity Risk Programs
    • session level icon
    speaker photo
    Former CISO of vArmour, Sears, and Silver Trail Systems, Founder and IT Security Strategist, Blue Lava Consulting
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    In this presentation, Demetrios Lazarikos (Laz) will explore topics that are top of mind for Fortune 1000 Executives, Board of Directors, and practitioners that have direct involvement in building and assessing modern cybersecurity strategies and programs. Additionally, Laz will provide real world examples and best practices to effectively create, support, and evaluate the lifecycle of cybersecurity programs—a pragmatic session that is not to be missed.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: Securing the Cloud
    speaker photo
    Board Member, Cybersecurity Leader, Angel Investor
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 408

    This session is for Advisory Council members only.

    11:15 am
    Trend Micro: Security Automation in the Cloud
    • session level icon
    speaker photo
    Principal Engineer, Trend Micro, Inc.
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 405

    How do you properly apply security in a Cloud Computing environment without creating complexity. Automation is key. In this session we will discuss the drivers for security automation and how this can be achieved through not only API-based security automation but also through what is normally considered detection controls.

    11:15 am
    Equifax and The “Reasonable” Cybersecurity Standard
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 406

    The Equifax data breach announced on September 7th will surely drive a good chunk of the $6 trillion in worldwide damages expected from cybersecurity breaches by 2021, as recently predicted by Cybersecurity Ventures. Given over 140 million records were exposed, it’s appropriate to ask “Did Equifax practice reasonable cybersecurity?” And, what is “reasonable” cybersecurity anyway? Does it apply to me? How? Come join us for a lively session and find out!

    11:15 am
    Risk Modeling 101
    • session level icon
    speaker photo
    Security & Privacy Information Systems Leader, Philips
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 403

    This session will help you understand the process of building risk or threat models that include both IT and business logic in the model. We are looking for results in a prioritized list of work to be performed to reduce the overall risk footprint and identify potential threats to your company.

    11:15 am
    Analyze Two Wire Fraud Cases With One Potential Commonality
    • session level icon
    Join this interactive discussion about the source of wire fraud scams.
    speaker photo
    Certified Computer Examiner, CTIN
    speaker photo
    Certified Computer Examiner, CTIN
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 402

    Allison and Jeff worked on two separate wire fraud cases by analyzing hard drives and email accounts long after the events. Jeff was able to find very strong evidence indicating one of the attacks was an “inside job.” But there was an odd commonality in both. Is it relevant, and if so, to what extent? We’d like to hear the opinions of other experts.

    11:15 am
    [Radware] Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Security Evangelist, North America, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 404

    Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Topic: Approaches to Staffing a Security Operations Center – Focus on Outsourcing One or More Aspects of the Function.
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 408

    This session is for Advisory Council members only.

    12:15 pm
    LUNCH KEYNOTE: Optiv - Guilty by Association: Changing the Paradigm of Managing Third-Party Risk
    • session level icon
    speaker photo
    VP, CSO - Cloud Security Transformation, Netskope
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Over 50% of all security breaches originate from a third-party breach. How can you extend your internal security practices to your third-parties? This session details how to establish a third-party IT risk management program using five repeatable steps. Using firsthand experience from managing a large number of third-parties, the speaker will discuss what works and what doesn’t.

    1:15 pm
    OneTrust: EU Privacy Update: All About the New Disruptive Regulation, The GDPR
    • session level icon
    speaker photo
    GDPR Solutions, OneTrust
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm
    Location / Room: 406

    As a new era of privacy regulations approaches, security and compliance professionals need to make the GDPR a top priority by building privacy into your security plans. In this session, we’ll discuss the key components and importance of the EU’s GDPR, and how it directly affects the security professional from data mapping and classification to strict incident response requirements. We’ll also address the importance of demonstrating on-going compliance, and how privacy management software can support security and compliance teams.

    1:15 pm
    Panel: What Will They Think of Next? (Emerging Threats)
    • session level icon
    speaker photo
    Sr. Compliance Officer, CenturyLink Business
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 404

    It would seem the more we “build a better mousetrap” the better the threats become. Will machine learning and AI be used against us in the future? Will these and other innovations be hacked and used for gain? Will the Crime-as-a-Business platform take off where business competitors are utilizing these attacks for the upper hand? Perhaps the cars that are being hacked will evolve into driverless vehicles that are hacking companies from inside their own parking lots. What about drones?
    Panelists:
    Tam Huynh, SentinelOne
    Steve Shalita, Pluribus Networks
    Ron Winward, Radware
    Nelson Cottier, IXIA
    Dave Caldwell, Optiv
    Moderator: Larry Wilson

    1:15 pm
    Panel: Phishing and Social Engineering Scams 2.0
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Phishing continues to be the #1 attack vector for the bad guys. Why? Simply put: it works. These attacks keep getting more realistic and sophisticated. In the future we should expect nothing less. Criminals will do more homework on their potential victims and possibly pose as business leads or clients to gain our trust. What sales person doesn’t want email from a potential client who wants a new solution? Or they may just lay in wait until they’ve collected enough information to strike. Will they actually come to your business and drop thumb drives like pen testers do? Use drones to do their dirty work?
    Panelists:
    Jon Clay, Trend Micro
    Zoe Lindsay, Duo Security
    Wayne Tynes, Mimecast
    Kellen Christensen, Dasher Technologies
    Moderator:
    Dan Lohrmann

    1:15 pm
    Forcepoint: Practical Human Centric Security
    • session level icon
    speaker photo
    CTO, Insider Threat, Engineering, Forcepoint
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 405

    A real world view on human centric security and investigations. A practical breakdown of how insider threat is different than typical cybersecurity with a focus on operational and technical considerations.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Panel: Identity and Access Management
    • session level icon
    speaker photo
    Executive Consultant, ISSA Distinguished Fellow
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 404

    Access control, tokens, firewalls, and biometrics will play a role in how we manage who is on the network or in our offices. VR may be the way of the future for remote employees. Will we be able to determine who is actually logging in? Did someone spoof the VR hardware and become a secret insider threat? Is someone piggybacking on the signal and learning more than they should? Can AI be used against us so that perpetrators can infiltrate the network? Sounds like science fiction, but is it?

    Panelists:
    Tapan Shah, Sila
    Heather Howland, Preempt
    Rod Soto, Jask
    Sean Ventura, Atmosera

    3:00 pm
    Eliminating Eeny, Meeny, Miny, Moe Syndrome: How Modeling Access Influences Control Application
    • session level icon
    speaker photo
    Deputy Director Strategic Programs, UHG
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 406

    Global security top $75 million in 2015, yet we continue to experience significant security breaches. Maybe it’s because picking controls has become a game wherein anyone with the ability to ready a spreadsheet and a budget can select and purchase controls. Compromise continues to occur when we don’t understand opportunities for access. This presentation will examine how to identify access opportunities along with methodologies for selecting effective controls.

    3:00 pm
    Juniper Networks: Software-Defined Secure Networking
    • session level icon
    speaker photo
    Security Architect, Juniper Networks
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 403

    Software-Defined Secure Networking (SDSN) presents an evolutionary leap in Security effectiveness, accomplishing in seconds what would take human analysts hours or days. Join us to hear in-depth technical analysis of modern malware infection methods, command and control channels, and learn how SDSN realigns incident response and prevention to scale with accelerated attack and exfiltration present in modern attacks.

    3:00 pm
    Your Board Wants To Hear From You. Now What?
    • session level icon
    speaker photo
    Vice President and Chief Information Security Officer, Premera Blue Cross
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 405

    Governing boards of organizations are increasingly motivated to know and influence their organization’s security management. Security professionals have long-identified the importance and need to meet with their corporate board. Now that boards want to hear from the CISO, are CISOs ready to be heard?

    3:00 pm
    SecureWorld PLUS Part 2 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    President, CISSP, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 303

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    3:00 pm
    SecureWorld PLUS Part 2 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CSO, Security Mentor; Former CISO, State of Michigan
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 401

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    3:00 pm
    [SecureWorld PLUS] Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 407

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    4:30 pm
    Optiv Reception
    • session level icon
    Join Optiv and partners for Happy Hour on the 4th floor!
    Registration Level:
    • session level iconOpen Sessions
    4:30 pm - 8:30 pm
    Location / Room: Cast Iron Studios - 10650 NE 4th St. Bellevue

    Join your peers for complimentary hors d’oeuvres, beverages, and conversation following the first day of SecureWorld. This is a great opportunity to network with other security professionals from the area, and to discuss the hot topics from the day. NOTE: This event is for SecureWorld attendees and Optiv partners only, thank you.

  • Thursday, November 9, 2017
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    SecureWorld PLUS Part 3 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    President, CISSP, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 303

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    8:00 am
    SecureWorld PLUS Part 3 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CSO, Security Mentor; Former CISO, State of Michigan
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 401

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    8:00 am
    [SecureWorld PLUS] Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 407

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    InfraGard Chapter Meeting - Open to all Attendees
    • session level icon
    Presentation: Being Smart About Intelligence
    speaker photo
    Regional Cybersecurity Advisor, Region 10, DHS CISA
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 9:15 am
    Location / Room: Keynote Theater

    Join InfraGard for their chapter meeting and guest presentation. This session is for InfraGard members and all attendees interested in the local association. This is also a great networking opportunity.
    8:00 – 8:30 – Networking
    8:30 – 9:15am – Janet’s presentation
    Presentation:
    Adversaries are sophisticated, clever, motivated and highly focused. Attacks are well planned, coordinated and use a variety tactics combining cyber, physical, human and technical to accomplish their goals. Learn more about adversarial focus, strategies and tactics and how effective threat intelligence can proactively mitigate attacks, enhance enterprise risk management and get you ahead of the game. No matter how big or small your organization is…you are a target! Knowing your adversaries gives you the strategic advantage when protecting your organization.

    8:30 am
    How to Build a Secure Cloud Solution That Can Pass a Compliance
    • session level icon
    speaker photo
    Distinguished Fellow, ISSA
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 406

    The session will explore how you can implement a cloud solution that is secure by design, and compliant by default. The session and demo will provide developers, architects, designers, and operators what it takes to build a secure and compliant solution in the cloud.

    8:30 am
    Lessons Learned From a Real Security Incident That You Need to Take Public
    • session level icon
    • session level icon
    speaker photo
    Board Member, Cybersecurity Leader, Angel Investor
    Registration Level:
    • session level iconOpen Sessions
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 405

    This presentation will cover lessons learned from an actual public security incident. We will discuss what worked and what didn’t, and what you need to be prepared if you have an incident.

    8:30 am
    Regulatory Scope Creep: We’re All Third Parties Now
    • session level icon
    speaker photo
    Founder and President, Critical Informatics
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 404

    This presentation will go over requirements that apply specifically to covered entities that are being increasingly applied to vendors, service providers, and business partners.

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    OPENING KEYNOTE: The Internet of Threats - A Look at Macro Trends in Technology and the Ever Expanding Cyber Threat Landscape
    • session level icon
    FUD is back, can you pitch it correctly?
    speaker photo
    CISO, Cigna
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: The Scope of Pen Testing
    speaker photo
    CISO, Unify Square
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 408

    This session is for Advisory Council members only.

    11:15 am
    GDPR: Mapping Tools & Resources
    • session level icon
    speaker photo
    Sr. Enterprise IT Compliance & Risk Trainer, Bellevue College
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 406

    This session is a ‘tip your toe in the water” brief overview of GDPR, and provides basic and publicly available mapping resources to enable individuals and organizations the means to begin identifying, understanding and mapping GDPR requirements to their respective data assets.

    11:15 am
    Gigamon: The Squeaky Wheel Gathers No Moss
    • session level icon
    How to use the GigaSecure platform to run your Security Operations Center.
    speaker photo
    Fellow Security Architect & CISO, Gigamon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 402

    In most companies, the IT department is stretched thin. Their ability to provide data to the security operations center is limited. Arguably some of the most important data to security is packets. They’re one of the most useful sources of intel to a SOC and one of the hardest for IT Ops to deliver.

    Learn how the GigaSecure platform enables the Security Operations team to deliver on their mission without causing network resource exhaustion. The GigaSecure Platform lets the security team provide their tools clean packet flows without dealing with firewall changes or network overhead. The security team’s ability to deliver doesn’t need to burden the IT and Network team.

    11:15 am
    BluVector: The Next Evolution of Malware
    • session level icon
    speaker photo
    Chief Data Scientist & Development Director, BluVector
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 403

    Malware has become the new weapon of choice for cybercriminals. It enables even non-technical criminals to produce highly effective and profitable cyberattacks with little effort. If you’re not already working to protect your network, you’re already at risk.

    Attend with BluVector’s Chief Data Scientist to learn:
    · How damaging destructive malware can be
    · How this new malware operates
    · Why your current malware detection will likely miss destructive malware
    · How newly developed techniques with supervised machine learning can help detect destructive malware

    11:15 am
    Internet Society / Online Trust Alliance: Are You Ready For the Next Data Breach Hurricane? Lessons from Equifax
    • session level icon
    speaker photo
    Founder & President, AgeLight Advisory & Research Group
    speaker photo
    Partner, Cybersecurity & Data Privacy, White Collar, Investigations, Securities Litigation & Compliance, Orrick LLP
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 404

    Once again consumers have been faced by a breach of epic scale underscoring the need to address the basics and prepared for the worst. Increasingly organizations are demonstrating their inability to protect consumer data and lack of fiduciary responsibility for the consumers impacted. This session will explore what is know and what “building codes” are required moving forward.

    11:15 am
    Cybersecurity & GRC Metrics That Tell a Story!
    • session level icon
    speaker photo
    Program Manager 2, Microsoft
    speaker photo
    Manager, KPMG LLP
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 405

    The success and failure of modern enterprises is dependent on the ability to quantify cyber risk, understand cyber risk appetite and conduct fact-based decision making. Between complicated data outputs and information overload, many businesses either don’t have visibility into their information security systems or aren’t using data to its highest potential. Learn how you can revolutionize your cyber security reporting capabilities and produce robust action oriented reports and visualizations. In this session you will:
    o Understand the challenges that many customers face with cyber security reporting and metrics
    o Discuss critical success factors for reporting for improved risk based decision making
    o Learn how you can enable advanced metrics and visualization with leading edge technology solutions and the latest in industry trends.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Topic: Addressing the Talent Gap
    speaker photo
    Sr. Client Technology Architect, CenturyLink
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 408

    This session is for Advisory Council members only.

    12:15 pm
    LUNCH KEYNOTE: Surviving the Siege – Medieval Lessons in Modern Security
    • session level icon
    speaker photo
    President, CISSP, O'Leary Management Education
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Warfare and the arts of intrusion have advanced considerably since the Middle Ages, but in many ways the principles of fortification we use today remain the same. The great castles of antiquity were ingeniously designed with multiple layers of physical security to protect their inhabitants from persistent, even advanced enemy threats. Their carefully planned and creative defensive measures provide rich metaphors, both positive and negative, for today’s cyber guardians. On the other hand, clever, daring, sometimes brilliant offensive strategies and tactics have historically breached battlements thought to be unassailable. Come join us as we examine lessons that can be applied to securing our own sophisticated digital fortresses.

    1:15 pm
    CSPi: How to Unite InfoSec and DevOps to Achieve Security Without Compromise
    • session level icon
    speaker photo
    GM & VP Security Products Division , CSPi
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 406

    Data breaches are not going away. As organizations move to an agile DevOps model how are they manage the existing information security processes to ensure data privacy? What organization really need to focus on is how to make breaches irrelevant so that they do no harm. In this presentation, CSPi will review best practices and a framework that harmonizes the need for stringent InfoSec, across any environment, yet maintains the agile benefits of DevOps while providing automated protection of critical data under any use.

    1:15 pm
    RSA: Addressing the Identity Risk Attack Challenge
    • session level icon
    speaker photo
    Advisory Solutions Architect, RSA
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 405

    In Todays identity-based access world, Identities themselves have become the leading cyber attack channel.
    Traditional IT and IAM controls are no longer effective to manage today’s changing identity risk situation. Where before there was a core set of applications, VPN control and an established perimeter of the past, now that perimeter is vanishing, and the attack surface is expanding.

    In todays session we will look at a methodology to reduce risk against:
    • Expanding internal and external populations needing resource access
    • Proliferating number of applications- growth of the cloud and islands of identity in today’s always-on business
    • Increasing Compliance failure- Growing compliance and regulatory requirements with greater scrutiny
    • Minimum and ineffective sets of Control Objectives and Processes

    1:15 pm
    Panel: Extortion-as-a-Service? (Ransomware and Beyond)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 404

    Remember when ransomware just seized up your computer and forced you to send Bitcoin to unlock it? With the advances in cybercrime, the thieves are not only locking and encrypting your files, but they are also finding your dirty little secrets. You may not pay for the run of the mill files you have backed up, but you might be more inclined to pay even more to make sure no one finds out some of your more compromising personal information. Or what about all the credit card numbers you aren’t storing correctly? It would be a shame if your boss knew you were sending out resumes…. Will these attacks also be available for purchase on the dark web?
    Panelists:
    Scott Giordano, Spirion
    Eric Wong, Comodo
    Collin Miller, Structured
    Allan Vogel, Fidelis
    Doug Clifford, Tenable
    Matt Tycksen, Thales
    Grant Asplund, Check Point Security
    Moderator: Bruce Sussman, SecureWorld

    1:15 pm
    Panel: Stopping the Attacks (Incident Response)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Security teams are struggling to keep up with the myriad of attack vectors that exist. Future InfoSec professionals will take a more adversarial approach to incident response. Will we have Artificial Intelligence helping threat hunters squash attacks before they can do any significant damage on the network, while alerting the authorities in real time? Can a true partnership form between organizations and law enforcement to share information?
    Panelists:
    Ben Derr, CyberArk
    Cameron Naghdi, Malwarebytes
    TJ Biehle, Gigamon
    Steve Jordan, Fortinet
    Dan Katz, Anomali
    Corey Smith, Qualys
    Moderator: Michael Ray

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    The Rise of Wearable Payment Smartwatches and the Need For Security
    • session level icon
    speaker photo
    Business Development Director, Newport Technologies
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 405

    Wearable Smartwatches aren’t just for health and fitness, they are also going to be used for busy business executives for mobile payments, especially for mass transportation sectors. Since they will use NFC turnstile in the subway, in the taxi, or on a bus, the payment credentials need to be stored in tamper resistant security enclaves. Karl will explain all the methods currently being used on mobile devices to secure wearable smartwatches that have NFC for mobile payment.

    3:00 pm
    10 Steps to Mastering Cybersecurity for Parents
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 406

    Kids do what their parents do. So, parents need to practice good cyber hygiene and then teach those habits to their kids. They also need to enforce healthy boundaries on Internet usage. We’ll explore specific risks to kids using the Internet along with specific things parents should be doing to minimize those risks. These lessons are drawn from my experience both at work and at home and are based on what we do with our family.

    3:00 pm
    Resiliency: Defense Lessons Learned from WannaCry and Petya
    • session level icon
    speaker photo
    Business Information Security Officer (BISO), T-Mobile USA
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 404

    Ransomware is a growing cyber attack method that has proven to be destructive to your business. Learn how to protect your data and infrastructure in this highly interactive session where you learn from your peers.

Exhibitors
  • NETSCOUT Arbor
    Booth: 340

    For 15 years, the world’s leading network operators across ISP, cloud and enterprise markets have relied on NETSCOUT Arbor for traffic visibility, advanced threat detection and DDoS mitigation. Through a combination of market-leading technology, elite security research, intuitive workflows and powerful data visualizations, NETSCOUT Arbor allows you to efficiently connect the dots to understand attack activity and to take action with confidence. See the threat, understand the risk and protect your business with NETSCOUT Arbor.

  • HPE Aruba Networking
    Booth: 220

    At Aruba, a Hewlett Packard Enterprise company, we believe the most dynamic customer experiences happen at the Edge—an office, a hospital, a school, or at home. It’s anyplace work gets done and data is generated by users, devices, and things across your network. Our mission is to help customers capitalize on these opportunities by providing secure edge-to-cloud networking solutions. We use AI-based machine learning to deliver simpler, faster, and more automated networks that analyze data to help businesses thrive.

  • Avecto
    Booth: 172

    Avecto is a leader in Privilege Elevation and Delegation Management. Since 2008, the company has enabled over 8 million users to successfully work without admin rights, enabling many of the world’s biggest brands to achieve the balance between overlocked and underlocked environments.

    Avecto’s Defendpoint software has been deployed in the most highly regulated industries, enabling organizations to achieve compliance, gain operational efficiency and stop internal and external attacks.

    Defendpoint combines privilege management and application control technology in a single lightweight agent. This scalable solution allows global organizations to eliminate admin rights across the entire business – across Windows and Mac desktops and even in the data center.

    Actionable intelligence is provided by Defendpoint Insights, an enterprise class reporting solution with endpoint analysis, dashboards and trend data for auditing and compliance.

  • Bay Pay Forum
    Booth: n/a

    The BayPay Forum, a Silicon Valley-based international network composed of over 14,000 payment and commerce executives, entrepreneurs and investors from thousands of different companies, serves as a forum to connect members in identifying and understanding the emerging trends and innovations in the industry.

  • Binary Defense
    Booth: 408

    Binary Defense is a managed security services provider and software developer with leading cybersecurity solutions that include SOC-as-a-Service, Managed Detection & Response, Security Information & Event Management, Threat Hunting and Counterintelligence. Binary Defense believes its unique approach resolves infosec’s biggest challenges such as limited in-house security expertise, lack of innovative resources and the significant budgetary and time investment required to ensure protection from today’s threats.

  • BluVector, Inc.
    Booth: 336

    BluVector helps security teams respond to malicious threats up to 80% faster than current approaches. As a leader in Network Security Monitoring & Analytics, BluVector applies supervised machine learning and automation so security teams can detect and respond to advanced security threats at digital speed. For more information visit: www.bluvector.io

  • CA Technologies
    Booth: 148

    CA Technologies helps customers succeed in a future where every business— from apparel to energy— is being rewritten by software. With CA software at the center of their IT strategy, organizations can leverage the technology that changes the way we live— from the data center to the mobile device.

    Our business management software and solutions help our customers thrive in the new application economy by delivering the means to deploy, monitor and secure their applications and infrastructure. Our goal is to help organizations develop applications and experiences that excite and engage and, in turn, open up money-making opportunities for their businesses.

  • Carbon Black
    Booth: 101

    Carbon Black is Transforming Security Through Big Data and Analytics in the Cloud Growing trends in mobility and cloud have made the endpoint the new perimeter. New and emerging attacks are beating traditional defenses, and security teams are too reactive and held back by their technologies. Carbon Black is leveraging the power of big data and analytics to solve the challenges surrounding endpoint security. With the Cb Predictive Security Cloud platform, we are transforming cybersecurity to deliver a new generation of cloud-delivered security solutions designed to protect against the most advanced threats.

     

  • Centrify
    Booth: 338

    Centrify provides unified identity management across data center, cloud and mobile environments. Centrify software and cloud-based Identity-as-a-Service (IDaaS) solutions leverage an organization’s existing identity infrastructure to enable single sign-on, multi-factor authentication, privileged identity management, auditing for compliance and mobile device management.
    Centrify customers can typically reduce their total cost of identity management and compliance by more than 50 percent.

  • Check Point Software Technologies
    Booth: 314

    Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • CIOReview
    Booth: n/a

    CIOReview is a technology magazine that talks about the enterprise solutions that can redefine the business goals of enterprises tomorrow. It is the leading source that shares innovative enterprise solutions developed by established solutions providers, upcoming hot enterprises and is a neutral source for technology decision makers. Published from Fremont, California, CIOReview is an excellent platform for the enterprise to showcase their innovative solutions.

  • Cloud Security Alliance (CSA)
    Booth: TBD

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • CrowdStrike
    Booth: 140

    CrowdStrike sets the standard for cybersecurity in the cloud era. The CrowdStrike Falcon® platform protects and enables the people, processes, and technologies that drive modern enterprise, delivering superior protection, better performance, reduced complexity, and immediate time-to-value. CrowdStrike secures the most critical areas of enterprise risk—endpoints and cloud workloads, identity, and data—to keep organizations ahead of today’s adversaries and stop breaches.

  • CSPi
    Booth: 216

    At CSPi we are committed to helping our customers meet some of computing’s most demanding performance, availability and security challenges.

    Today’s security teams receive a great deal of real-time information and intrusion alerts, generated from their security equipment and tools; yet, the volumes of data make it make it nearly impossible for incident response teams to validate a data breach. With our Myricom nVoy Series solution we offer our customers a new approach to cyber threat identification and investigation – a rapid breach response solution that identifies alerts associated with a specific asset and provides an extraction of the entire set of conversations associated with that breach.This detailed data is crucial in performing timely and accurate analysis needed to comply with data-privacy regulations such as GDPR, PCI DSS, HIPPA, SOX, and 48 different U.S. state laws related to PII.

  • CTIN
    Booth: TBD

    CTIN has been providing high tech crime fighting training since 1996 in the areas of high-tech security, investigation, and prosecution of high-tech crimes for both private and public sector security and investigative personnel and prosecutors. CTIN sponsors training from experts world-wide for the benefit of private organizations and law enforcement agencies.

  • CyberArk Software
    Booth: 320

    CyberArk (NASDAQ: CYBR) is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including 50 percent of the Fortune 500, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.

  • Cybereason
    Booth: 304

    Cybereason was founded in 2012 by a team of ex-military cybersecurity experts with the mission of detecting and responding to complex cyber-attacks in real time. Cybereason is the only Endpoint Detection and Response platform deployed in user space that detects both known and unknown attacks and connects isolated indicators of compromise to form a complete, contextual attack story. Cybereason’s behavioral analytics engine continuously hunts for adversaries and reveals the timeline, root cause, adversarial activity, related communication and affected endpoints and users of every attack. Cybereason provides security teams with actionable data, enabling fast decision making and proper response.

  • Cylance
    Booth: 156

    Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.

  • Darktrace
    Booth: 310

    Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.

    The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.

  • Dasher Technologies
    Booth: 324

    Dasher Technologies, Inc. ® is a premier IT solution provider that delivers expert technical resources along with trusted account executives to architect and deliver complete IT solutions and services to help our clients execute their goals, plans and objectives.

  • Delta Risk
    Booth: 218

    Delta Risk is breaking the mold for managed security, delivering Security Operations Center (SOC)-as-a-Service and security services that bridge the gap to a modern security approach. We enable any size organization to leverage our expert security operations team and respond to endpoint, network, and cloud security threats 24×7. ActiveEye, our proprietary platform, uses Security Orchestration Automation and Response (SOAR) to cut through the noise and address the most critical threats faster. The ActiveEye Portal is the cornerstone of our customer-centric approach, providing clients a transparent view into SOC activities and Key Performance Indicators (KPIs) that demonstrate the value of our co-managed security approach.

  • Digital Guardian
    Booth: 232

    Digital Guardian provides the industry’s only threat aware data protection platform that is purpose built to stop data theft from insiders and outside adversaries. The Digital Guardian platform performs across the corporate network, traditional endpoints, mobile devices and cloud applications and is buttressed by a big data security analytics cloud service, to make it easier to see and block all threats to sensitive information.

  • DirectDefense
    Booth: 306

    Founded in 2011, DirectDefense offers security services that are unmatched within the industry. Our core strength is our deep experience in performing assessments for a wide array of networks, platforms, and applications. Our seasoned consultants are focused on providing world-class security services to our clients.

    Regardless of industry – financial, insurance, retail, hospitality, healthcare, education, gaming, technology, or energy and utilities, our wealth of knowledge and experience can assist you in achieving your security testing and strategy goals.

  • Duo
    Booth: 204

    Duo was founded with the belief that security can only be effective if it is easy to use. Through that vision, Duo has built a world-class security platform that is actually enjoyable to use. Duo supports thousands of customers and millions of users in organizations like Accenture, Boston Medical, Emblem Health, Facebook, Toyota, Twitter, Virginia Tech, Yelp and others, and enjoys the highest NPS score in the industry.

  • EC-Council
    Booth: n/a

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Endace
    Booth: 208

    Customers choose Endace products for one primary reason: they deliver, where competitor products fail. Whether it is capture accuracy, fidelity of time stamps, write-to-disk performance or speed of traffic retrieval, Endace is famous for delivering the very best performing products. Telcos, broadcasters, governments, defence departments, investment banks and many other large enterprises trust our products to help them manage their critical data networks.

  • ExtraHop
    Booth: 222

    ExtraHop is a force multiplier for IT teams struggling with increasing complexity. With the ExtraHop platform, organizations can regain control over the security and performance of their applications and infrastructure, and capitalize on their data analytics opportunity to improve business operations and results. Learn more at www.extrahop.com

  • Fidelis Cybersecurity
    Booth: 346

    Fidelis Cybersecurity is a leading provider of threat detection, hunting and response solutions. Fidelis combats the full spectrum of cyber-crime, data theft and espionage by providing full visibility across hybrid cloud / on-prem environments, automating threat and data theft detection, empowering threat hunting and optimizing incident response with context, speed and accuracy.

    By integrating bi-directional network traffic analysis across your cloud and internal networks with email, web, endpoint detection and response, and automated deception technology, the Fidelis Elevate platform captures rich metadata and content that enables real-time and retrospective analysis, giving security teams the platform to effectively hunt for threats in their environment. Fidelis solutions are delivered as standalone products, an integrated platform, or as a 24×7 Managed Detection and Response service that augments existing security operations and incident response capabilities. Fidelis is trusted by Global 1000s and Governments as their last line of defense. Get in the hunt. For more information go to www.fidelissecurity.com.

  • FireEye
    Booth: 124

    FireEye (https://www.fireeye.com/) is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 7,100 customers across 67 countries, including more than 45 percent of the Forbes Global 2000.

  • Forcepoint
    Booth: 112

    Forcepoint is transforming cybersecurity by focusing on what matters most: people’s behavior as they interact with critical data and systems. Forcepoint behavior-based solutions adapt to risk in real time and are delivered via a converged security platform, protecting the human point for thousands of enterprise and government customers. Our solutions include Cloud Security, Network Security, Data & Insider Threat Security.

  • Gemalto
    Booth: 160

    Today’s enterprises depend on the cloud, data and software to make decisive decisions. That’s why the most respected brands and largest organizations in the world rely on Thales to help them protect their most sensitive information and software wherever it is created, accessed or stored – from the cloud and data centers to devices and across networks. As the global leader in cloud and data protection, our solutions enable organizations to move to the cloud securely, achieve compliance with confidence, and create more value from their software in the devices and services used by millions of consumers every day.

  • Gigamon
    Booth: 116

    Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com. 

  • GuidePoint Security LLC
    Booth: 204

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

  • IBM
    Booth: 162

    Digital is the wires, but digital intelligence, or artificial intelligence as some people call it, is about much more than that. This next decade is about how you combine those and become a cognitive business. It’s the dawn of a new era.

  • IBM Resilient
    Booth: 308

    In an industry focused on building walls, IBM Security is focused on creating an open, connected security ecosystem that leverages AI, cloud, orchestration and collaboration to help clients improve compliance, stop threats and grow their businesses securely. Our strategy reflects our belief that today’s defenses will not suffice tomorrow. It challenges us to approach our work, support our clients and lead the industry, allowing you to be fearless in the face of cyber uncertainty.

  • Infoblox
    Booth: 168

    Infoblox delivers modern, cloud-first networking and security experiences that are simple, automated, scalable and reliable. The company is the market leader with over 12,000 customers worldwide, including over 70 percent of the Fortune 500. The company’s portfolio of SaaS, data center, and hybrid offerings for DHCP, DNS, IPAM and security solutions enable organizations to leverage the advantages of on-premises and cloud-first architectures. The combination of NIOS, BloxOne DDI, BloxOne Threat Defense and threat intelligence services provide a robust foundation for connecting and securing the modern enterprise.

  • InfoSec Institute
    Booth: 202

    InfoSec Institute provides award-winning security awareness and training solutions. We deliver certification-based training courses for security professionals and enterprise-grade security awareness and phishing training for businesses, agencies and institutions of all sizes. Rooted deeply in science-backed education methods that achieve measurable results, our security solutions fortify your organization against harmful and expensive security threats. Our mission is to transform the largest information security risk — your workforce — into your strongest line of defense.

  • Institute of Internal Auditors (IIA)
    Booth: TBD

    Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.

  • Washington State InfraGard
    Booth: TBD

    InfraGard is a partnership of individuals representing businesses, academic institutions, state and local law enforcement agencies, and communities who are dedicated to collaborating and sharing information to prevent hostile acts against the United States.

    The Evergreen InfraGard Members Alliance area of operation is Washington State and over 600 members. As part of the Western Region, we work closely with the IMAs in Los Angeles, San Diego, Oregon, and Idaho. Our chapter’s mission is, “To protect Washington State’s Infrastructure and critical services by providing a secure platform and trusted community to share experiences and information.”

  • ISACA
    Booth: TBD

    As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

  • ISC2
    Booth: TBD

    ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, ISC2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation, The Center for Cyber Safety and Education™.

  • ISSA Puget Sound Chapter
    Booth: TBD

    ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. Join today.

  • Ixia, a Keysight Business
    Booth: 326

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Juniper
    Booth: 412

    Our customers don’t set out to build networks. They build on ideas that reinvent, reimagine, and improve the world around them. It makes sense that we should begin there, too.

    Through our passion for creating high-performing networks, Juniper extends knowledge, collaboration, and human advancement in industries around the world—such as energy, healthcare, education, and many others.

    While our innovative product and services portfolio evolves continuously, we need to reach farther to secure our customers’ long-term success. We’re looking beyond the horizons of today’s business challenges, and the technology future we see is built on real-time service integration. That means everything we develop must align with our vision.

  • Kaspersky
    Booth: 318

    We’re an independent global cybersecurity company that empowers people to make the most of technology and the endless opportunities it brings. Backed by our deep threat intelligence, security and training expertise, we give businesses the power to stay safe—and the confidence to accelerate their own success. With insights gained from our unique international reach, we secure consumers, governments and more than 270,000 organizations. We’re proud to be the world’s most tested and awarded cybersecurity, and we look forward to keeping your business safe. Bring on the future.

  • Lastline
    Booth: 344

    Lastline delivers innovative AI-powered network security that detects and defeats advanced threats entering or operating within a network. We protect network, email, cloud, and web infrastructures, minimizing the risk of damaging and costly data breaches with fewer resources and at lower cost.

  • LogRhythm
    Booth: 144

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • Malwarebytes
    Booth: 348

    Malwarebytes secures endpoints, making workplaces resilient. Our adaptive attack protection predicts and detects attacks with multi-layer detection across the kill chain. We enable active threat response with machine learning that is actionable and automated, allowing for full recovery when a compromise occurs. We empower enterprise endpoint orchestration across siloed IT and Security organizations, simplifying security management and making responses effective. Malwarebytes makes endpoints resilient so workplaces can protect and remediate, and employees can regain control of their digital lives. Visit us at www.malwarebytes.com/business.

  • Mimecast
    Booth: 330

    Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.

  • New Tech Seattle
    Booth: TBD

    Seattle’s largest ongoing monthly event with more than 5,600 members. New Tech Seattle is the place where you’ll always make great connections, enjoy great food and drinks, learn about new companies doing cool things, laugh, smile, and have a fun night out. And most importantly, you’ll discover the people, partners, organizations, and resources to help you to build your dreams.

    It’s your community, we just love it and give everyone a place to play together. New Tech Seattle happens on the 2nd or 3rd Tuesday of every month. You can also join us on the 1st or 2nd Tuesday of every month at New Tech Eastside if you spend more time in Kirkland, Bellevue, Redmond, and the surrounding cities.

  • Northwest Tech Alliance (NWTA)
    Booth: TBD

    The Northwest Tech Alliance (NWTA) is an independent technology association dedicated to bringing together some of the brightest minds from the technology industry.
    NWTA events are focused on helping attendees:
    · Network with other technology industry professionals
    · Provide education and information relative to the latest technologies and industry trends
    · Generate opportunities for personal, professional and business growth
    · Promote the Puget Sound area as a desirable place to start and grow successful technology companies
    · Learn about local food/chefs, wineries, breweries, and distilleries
    · Support local businesses and give back to the community
    · Build lifelong relationships

  • Okta
    Booth: 108

    Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.

  • OneTrust
    Booth: 300

    OneTrust is the leading and fastest growing privacy management software platform used by hundreds of organizations globally to comply with data privacy regulations across sectors and jurisdictions, including the EU GDPR and Privacy Shield.

  • Online Trust Alliance (OTA)
    Booth: 300

    The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust, while promoting innovation and the vitality of the internet. OTA’s goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users’ security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, meaningful self-regulation and data stewardship.

  • Optiv
    Booth: 136

    Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.

  • Palo Alto Networks
    Booth: 217

    Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before.

  • Proofpoint
    Booth: 316

    Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.

    Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.

  • Qualys, Inc.
    Booth: 312

    Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 120 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

  • Radware
    Booth: 206

    Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.

  • Rook
    Booth: 152

    Rook Security provides 24/7 Managed Detection and Response to prevent incidents from impacting business operations. We unite the brightest minds in digital defense with the most advanced, rapid-to-deploy technology to protect your organization. As a managed service, there is no need to worry about configuring, monitoring, or managing technology – our team does the hard part for you.

  • RSA a Dell Technologies Company
    Booth: 132

    RSA Business-Driven Security™ solutions provide organizations with a unified approach to managing digital risk that hinges on integrated visibility, automated insights and coordinated actions.  With solutions for rapid detection and response, user access control, consumer fraud protection, and integrated risk management, RSA customers can thrive and continuously adapt to transformational change.

  • SailPoint
    Booth: 100

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • SecurityScorecard
    Booth: 204

    SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their third-parties through continuous, non-intrusive monitoring. SecurityScorecard’s proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Application Security, Malware, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Information.

  • Skybox Security
    Booth: 226

    Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.

  • Splunk
    Booth: 102

    You see servers and devices, apps and logs, traffic and clouds. We see data—everywhere. Splunk® offers the leading platform for Operational Intelligence. It enables the curious to look closely at what others ignore—machine data—and find what others never see: insights that can help make your company more productive, profitable, competitive and secure. What can you do with Splunk?
    Just ask.

  • Structured
    Booth: 412

    Structured is an award-winning solution provider delivering secure, cloud-connected digital infrastructure. For nearly 30 years, we’ve helped clients through all phases of digital transformation by securely bridging people, business and technology.

  • Sumo Logic
    Booth: 224

    Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world.

  • Symantec
    Booth: 128

    Symantec is the world’s leading cyber security company. Organizations worldwide look to Symantec for strategic, integrated solutions to defend against sophisticated attacks, and more than 50 million people rely on Symantec’s Norton and LifeLock product suites to protect their digital lives at home. For more information, please visit www.symantec.com.

  • tCell
    Booth: 328

    tCell protects web applications and API services from attacks. Using advanced Runtime Application Self-Protection functionality, tCell secures web applications in production using server-side instrumentation, browser-side instrumentation, and cloud-based analytics. tCell is the only solution for companies leveraging DevOps, Agile, or microservices to protect their applications without code or network changes. Whether applications are on-premises or cloud-based, tCell’s unique approach makes application security easy. Funded by Menlo Ventures, A Capital, Allegis Capital, Webb Investment Network, CrunchFund, and SV Angel.

  • TechTarget
    Booth: n/a

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • ThinAir
    Booth: 322

    ThinAir simplifies information visibility and security, and enables insider threat and information leak investigation in 90 seconds. ThinAir has built the world’s first insider detection and investigation platform that answers sophisticated questions about information creation, consumption, and communication, empowering security and IT professionals to have instant data-element level visibility in real time and historically. To learn more visit thinair.com and connect with us on Twitter @thinairlabs and LinkedIn.

  • Trend Micro
    Booth: 210

    Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.

  • Thales
    Booth: 164

    As the global leader in cloud and data protection, we help the most trusted brands and largest organizations in the world protect their most sensitive data and software, secure the cloud and achieve compliance through our industry-leading data encryption, access management, and software licensing solutions.

  • TrustedSec
    Booth: 303

    TrustedSec is a leader in attack intelligence and security advisory services. Our team of highly talented, skilled, senior consultants sets us apart from other commodity-service security companies. We form partnerships with our number one goal to help you holistically improve your security program. You’ll find that working with us amounts to more than “just another engagement”—it’s establishing an understanding with your organization, and working to make you more secure, and better as a whole.

     

  • Venafi
    Booth: 406

    Venafi is the cybersecurity market leader in machine identity management, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, SSH, code signing, mobile and IoT. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise—on premises, mobile, virtual, cloud and IoT—at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.

    With more than 30 patents, Venafi delivers innovative solutions for the world’s most demanding, security-conscious Global 5000 organizations and government agencies, including the top five U.S. health insurers; the top five U.S. airlines; the top four credit card issuers; three out of the top four accounting and consulting firms;  four of the top five U.S. retailers; and the top four banks in each of the following countries: the U.S., the U.K., Australia and South Africa. Venafi is backed by top-tier investors, including TCV, Foundation Capital, Intel Capital, QuestMark Partners, Mercato Partners and NextEquity.

    For more information, visit: www.venafi.com.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Demetrios 'Laz' Lazarikos
    Former CISO of vArmour, Sears, and Silver Trail Systems, Founder and IT Security Strategist, Blue Lava Consulting

    Demetrios Lazarikos (Laz), a recognized visionary for building Information Security, fraud, and big data analytics solutions, is the Founder and IT Security Strategist for Blue Lava Consulting.

    Laz has more than 30 years' experience in building and supporting some of the largest InfoSec programs for financial services, retail, hospitality, and transportation verticals. Some of his past roles include: CISO at vArmour, CISO at Sears, CISO at Silver Tail Systems (acquired by RSA/EMC), VP of Strategic Initiatives at ReddShell Corporation (acquired by TrustWave), and a former PCI QSA.

    Laz is an Adjunct Professor at Pepperdine University's Graziadio School of Business and Management. He holds a Master’s in Computer Information Security from the University of Denver and an MBA from Pepperdine University, and has earned several security and compliance certifications.

  • speaker photo
    John O'Leary
    President, CISSP, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award.

  • speaker photo
    Dan Lohrmann
    CSO, Security Mentor; Former CISO, State of Michigan

    Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker, and author. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington D.C. to Moscow. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. In 2017, Dan was awarded the cybersecurity breakthrough CISO of the year for global security products and services companies.

    He led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO), and Chief Information Security Officer (CISO) roles in Michigan.

    Dan currently serves as the CSO and Chief Strategist for Security Mentor, Inc., where he leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting, and workshops for end-users, managers, and executives in the public and private sectors. He has advised senior leaders at the White House, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses, and non-profit institutions.

    Dan has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

    He is the author of two books: "Virtual Integrity: Faithfully Navigating the Brave New Web" and "BYOD For You: The Guide to Bring Your Own Device to Work." He is the co-author of the upcoming (November 2021) Wiley book, "Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from the Inevitable."

    Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Jake Bernstein, Esq.
    Partner, Data Protection, Privacy & Security Group, K&L Gates LLP

    Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.

  • speaker photo
    Scott David
    Director of Technology, Center for Information Assurance and Cybersecurity, University of Washington

    Scott L. David, J.D., LL.M., is the Director of Policy at the Center for Information Assurance and Cybersecurity (CIAC) at the University of Washington. Scott is a member of the World Economic Forum's Global Futures Council on Digital Economy and Society, and the WEF Initiative on Ethics of AI and Machine Learning. Previously, Scott worked as an attorney for 30 years, counseling commercial and governmental entities worldwide in the structures and transactions of technology and business networks including issues of data security, ecommerce, privacy, standards setting, IP, telco, and tax. Scott was a partner at K&L Gates from 1992 to 2012.

  • speaker photo
    Russ McRee
    Principal Security GPM, Microsoft

    Russ McRee is Group Program Manager of the Blue Team for Microsoft’s Windows & Devices Group (WDG). He writes toolsmith, a monthly column for information security practitioners, and has written for other publications including Information Security, (IN)SECURE, SysAdmin, and Linux Magazine.

    Russ has spoken at events such as DEFCON, Derby Con, BlueHat, Black Hat, SANSFIRE, RSA, and is a SANS Internet Storm Center handler. He serves as a joint forces operator and planner on behalf of Washington Military Department’s cyber and emergency management missions. Russ advocates for a holistic approach to the practice of information assurance as represented by holisticinfosec.org.

  • speaker photo
    Eric Kapfhammer
    Founder and Executive Director, Metycus

    Eric Kapfhammer is a data scientist at Microsoft, where he focuses on applying statistical and machine learning approaches to computer and network security. Prior to joining Microsoft, Eric spent the previous decade in the quantitative trading space as a Managing Director and Portfolio Manager, leading teams of data scientists and software engineers. He has also worked in software engineering and program management roles at companies such as Starbucks, Expedia, and Boeing. Eric obtained a BA in Business and International Relations from the University of Puget Sound, a MSc in Finance from Seattle University, and is currently pursuing a MSc in Computer Science with a machine learning specialization at the Georgia Institute of Technology.

  • speaker photo
    Annie Searle
    Associate Teaching Professor, The Information School, University of Washington

    Annie teaches courses on risk management, cybersecurity, and information management at the University of Washington. She is founder and principal of ASA Risk Consultants, a Seattle-based advisory firm. She spent 10 years at Washington Mutual Bank, where for most of those years she chaired the crisis management team.

    Annie is a member of the DHS Cybersecurity and Infrastructure Security Agency (CISA) Region 10 Regional Infrastructure Security Group. She was inducted in 2011 into the Hall of Fame for the International Network of Women in Homeland Security and Emergency Management. She writes a column monthly for ASA News & Notes and is the author of several books or book chapters, most recently "Risk Reconsidered, " a collection of articles and columns published in July 2018. She was a pro bono risk advisor to the Seattle Police Department from 2015-2019, and is a member of the emeritus board of directors for the Seattle Public Library Foundation.

  • speaker photo
    Demetrios 'Laz' Lazarikos
    Former CISO of vArmour, Sears, and Silver Trail Systems, Founder and IT Security Strategist, Blue Lava Consulting

    Demetrios Lazarikos (Laz), a recognized visionary for building Information Security, fraud, and big data analytics solutions, is the Founder and IT Security Strategist for Blue Lava Consulting.

    Laz has more than 30 years' experience in building and supporting some of the largest InfoSec programs for financial services, retail, hospitality, and transportation verticals. Some of his past roles include: CISO at vArmour, CISO at Sears, CISO at Silver Tail Systems (acquired by RSA/EMC), VP of Strategic Initiatives at ReddShell Corporation (acquired by TrustWave), and a former PCI QSA.

    Laz is an Adjunct Professor at Pepperdine University's Graziadio School of Business and Management. He holds a Master’s in Computer Information Security from the University of Denver and an MBA from Pepperdine University, and has earned several security and compliance certifications.

  • speaker photo
    Vanessa Pegueros
    Board Member, Cybersecurity Leader, Angel Investor

    Vanessa is a cybersecurity leader with over 16 years of security experience. She is currently serving on the Board of Carbon Black (CBLK) and BECU. She also is a venture partner with Flying Fish Partners in Seattle. Vanessa formally worked as the CISO at DocuSign and successfully managed through hyper growth and an IPO in 2018. She also was the SVP of Enterprise Security at US Bank, CISO at Expedia, and has held senior level security roles with Washington Mutual, Cingular, and AT&T Wireless. She has held numerous other roles specifically within the wireless arena, including Network Planning, Architecture & Engineering, Technical Sales, and Product Development.

    She has an MBA from Stanford University, an MS in Telecommunication from the University of Colorado, and a BS in Engineering from UC Berkeley. She holds GSEC, CRISC, CISM, and CISSP security certifications, as well as the Certified Information Privacy Professional Europe (CIPP/E) privacy certification.

  • speaker photo
    Craig Schippers
    Principal Engineer, Trend Micro, Inc.

    Craig Schippers is a CISSP Certified Principal Sales Engineer at Trend Micro. He has worked in the Security Industry for approximately 17 years assisting customers with their Infrastructure Security needs. He lives in the Kettle Falls, WA.

  • speaker photo
    Kip Boyle, Instructor
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Bruce Lobree
    Security & Privacy Information Systems Leader, Philips

    Bruce Lobree has participated in and managed technical security, technical architecture, audit and consulting, teams as a first level manager up to having Global responsibilities at an executive level managing multi-million programs. He has working experience in government, retail, financial, software and utility industries generating cost effective, client focused security solutions, operational models and programs to meet corporate and regulatory requirements. This has included architecting, designing, individually implementing or managing the implementation of physical and logical security systems and controls for reliability and availability. These programs have dealt with implementing various industry standards and regulatory requirements including HIPAA, SOX, PCI, GLBA and ISO 270001 and other National and International control standards. He has also authored books and taught at the University level.

  • speaker photo
    Allison Goodman
    Certified Computer Examiner, CTIN

    Allison Goodman is a Certified Computer Examiner at eDiscovery Inc. in Bellevue, Washington. Allison is the President of CTIN, a local non-profit organization that provides training to other digital examiners. She is also a dialogue leader for the Sedona Conference WG1 on transparency and cooperation in the discovery process. Most of her work is for civil litigators on either the plaintiff or defense side with testifying experience.

  • speaker photo
    Jeff Whitney
    Certified Computer Examiner, CTIN

    Jeff Whitney is a Certified Computer Examiner at eDiscovery Inc. in Bellevue, Washington. Most of his work is for civil litigators on either the plaintiff or defense side and he has testifying experience.

  • speaker photo
    Ron Winward
    Security Evangelist, North America, Radware

    As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America.
    Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
    Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
    Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
    Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation.

  • speaker photo
    James Christiansen
    VP, CSO - Cloud Security Transformation, Netskope

    James Christiansen is Netskope’s vice president of cloud security transformation and leader of the Global Chief Strategy Office. He is focused on enhancing Netskope’s global clients understand the challenges and solutions of cloud deployments by helping drive thought leadership in cloud security transformation.

    James brings extensive expertise as a global leader in information security. Prior to joining Netskope, he was vice president CISO at Teradata where he led the global security, physical, and information security teams. Previously, James was vice president of information risk management at Optiv, chief information risk officer for Evantix, and CISO at Experian Americas, General Motors, and Visa International.

    As a sought-after expert speaker on security, James has been featured at numerous prestigious events, including the Business Roundtable, Research Board, American Bar Association, American Banker, the RSA Conference, BankInfoSecurity, ISSA, ISACA, HIMSS, and MIS Training Institute. He has also been featured in The New York Times and quoted as an expert in USA Today, The Wall Street Journal, Reuters, United States Cybersecurity Magazine, Bloomberg, and Healthcare IT News.

    James is a patent inventor and has received three innovation awards in cyber security, GRC, and cloud computing. He is the author of the Internet Survival Series and contributing author of CISO Essentials, as well as numerous industry papers.

  • speaker photo
    Ben Feldman
    GDPR Solutions, OneTrust

    Ben Feldman serves on the GDPR Solutions team at OneTrust. In his role, Feldman manages relationships with leading enterprise organization's and provides resources to operationalize data privacy compliance. Prior to OneTrust, Feldman spent 3 years at a leading global provider of telecommunications services where he gained valuable experience in the Managed Network, Global WAN, Cybersecurity, HostedPBX and SaaS space. Feldman holds a B.S. from the University of Georgia.

  • speaker photo
    Moderator: Michael T. Metzler
    Sr. Compliance Officer, CenturyLink Business

    Michael (CISSP, CGEIT, CISM) has over 35 years of industry experience delivering security consulting service internationally in security policy, security risk management, network design, and troubleshooting. He has designed global networks and provided security consultation for many corporations, as well as for U.S. Defense contractors and foreign government agencies. He currently provides Information Assurance Advisory and Consulting Services for CenturyLink Technology Solutions.

  • speaker photo
    Brandon Swafford
    CTO, Insider Threat, Engineering, Forcepoint

    Brandon has 12 years of experience in legal, counterintelligence, and financial security across worldwide organizations. He has worked with hedge funds, the US Intelligence community, and the International Monetary Fund.

  • speaker photo
    Jean Pawluk
    Executive Consultant, ISSA Distinguished Fellow

    Jean is an Executive Consultant, ISSA Distinguished Fellow, and honored as a 2015 SC Magazine “Woman of Influence”. With a global focus on strategy, architecture, and technology in the high tech and financial industries, she alternates between technical and executive leadership roles. Once focused on security and cryptography for the financial industry, her current focus is on the use and abuse of blockchains, augmented reality, and the Internet of Things (IoT).

  • speaker photo
    Ravila White
    Deputy Director Strategic Programs, UHG

    Ravila Helen White is the Deputy Director of Strategic Programs – Enterprise Security Architecture for UHG. Prior to that, she headed up the information security programs for Providence Health & Services, The Bill & Melinda Gates Foundation and drugstore.com. Ravila has more than 15 years of professional IT experience, with experience as a strategist, architect, auditor and a front line information security practitioner. Ravila is a strong advocate in influencing organizations to choose to do the right things, through her philosophy of "making it better without making it complex."

    Ravila carries CISSP, CISM, CISA, CIPP, GCIH and ITIL v3 certifications, with an MSc Information Security from the University of Royal Holloway. She regularly presents at local events on information assurance issues and has been published on a national and global level. She is also a member of the PacCISO and Agora.

  • speaker photo
    Zach Forsyth
    Security Architect, Juniper Networks

    Zach Forsyth thrives on understanding advanced threats and designing solutions to combat them. His 20-year career has focused on malware delivery and weaponization, advanced malware prevention, next generation firewalls, automation, threat hunting, deception networks, adversarial response systems, intrusions, exploits, social engineering and related fields. Zach has appeared on the AT&T ThreatTraq show, and as a speaker and panelist at leading security conferences such as RSA, Interop, Blackhat, and Secureworld. In addition, he has been published by CNN, DarkReading, Defend Magazine, SC Magazine, CSO Online, TechNewsWorld and Infosecurity Magazine.

  • speaker photo
    Sean Murphy
    Vice President and Chief Information Security Officer, Premera Blue Cross

    Sean Murphy is the Vice President and Chief Information Security Officer for Premera Blue Cross (Seattle, WA).

    He is responsible for providing and optimizing an enterprise-wide security program and architecture that minimizes risk, enables business imperatives, and further strengthens the health plan company’s security posture. He works closely with Premera’s leadership team to establish and maintain a comprehensive program to protect employees, information assets and technologies and mature the corporate culture from security awareness to accountability.

    He’s a healthcare information security expert, with more than 20 years of experience in the field. Sean retired from the U.S. Air Force (Medical Service Corps) after achieving the rank of lieutenant colonel. He has served as CIO and CISO in the military service and private sector at all levels of healthcare organizations. He has served at the forefront of building robust security programs while responding and recovering healthcare organizations from major security events. But his proudest professional accomplishment was his service as a senior mentor to the Afghan National Police Surgeon General’s Office in 2008–2009 in support of Operation Enduring Freedom.

    Sean has a master’s degree in business administration (advanced IT concentration) from the University of South Florida, a master’s degree in health services administration from Central Michigan University, and a bachelor’s degree in human resource management from the University of Maryland. He is a board member of the Association for Executives in Healthcare Information Security (AEHIS). Sean is a past chairman of the HIMSS Privacy and Security Committee. He is also a noted speaker at a national level and the author of numerous industry whitepapers, articles, and educational materials, including his recent book, “Healthcare Information Security and Privacy,” published in 2015.

  • speaker photo
    John O'Leary
    President, CISSP, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award.

  • speaker photo
    Dan Lohrmann
    CSO, Security Mentor; Former CISO, State of Michigan

    Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker, and author. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington D.C. to Moscow. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. In 2017, Dan was awarded the cybersecurity breakthrough CISO of the year for global security products and services companies.

    He led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO), and Chief Information Security Officer (CISO) roles in Michigan.

    Dan currently serves as the CSO and Chief Strategist for Security Mentor, Inc., where he leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting, and workshops for end-users, managers, and executives in the public and private sectors. He has advised senior leaders at the White House, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses, and non-profit institutions.

    Dan has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

    He is the author of two books: "Virtual Integrity: Faithfully Navigating the Brave New Web" and "BYOD For You: The Guide to Bring Your Own Device to Work." He is the co-author of the upcoming (November 2021) Wiley book, "Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from the Inevitable."

    Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    John O'Leary
    President, CISSP, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award.

  • speaker photo
    Dan Lohrmann
    CSO, Security Mentor; Former CISO, State of Michigan

    Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker, and author. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington D.C. to Moscow. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. In 2017, Dan was awarded the cybersecurity breakthrough CISO of the year for global security products and services companies.

    He led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO), and Chief Information Security Officer (CISO) roles in Michigan.

    Dan currently serves as the CSO and Chief Strategist for Security Mentor, Inc., where he leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting, and workshops for end-users, managers, and executives in the public and private sectors. He has advised senior leaders at the White House, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses, and non-profit institutions.

    Dan has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

    He is the author of two books: "Virtual Integrity: Faithfully Navigating the Brave New Web" and "BYOD For You: The Guide to Bring Your Own Device to Work." He is the co-author of the upcoming (November 2021) Wiley book, "Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from the Inevitable."

    Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Ronald Watters
    Regional Cybersecurity Advisor, Region 10, DHS CISA

    Ron Watters currently serves as the Region X (WA, OR, AK, ID) Cybersecurity Advisor for the Stakeholder Engagement and Cyber Infrastructure Resilience Division of the Office of Cybersecurity and Communications (CS&C) National Protection and Programs Directorate (NPPD). Based in Seattle, WA, he supports the Department of Homeland Security (DHS) mission of strengthening the security and resilience of the nation's critical infrastructure. His program coordinates cyber preparedness, risk mitigation and incident response, and provides cyber security resources, including assessments, to the nation's sixteen critical infrastructure sectors and state, local, tribal, and territorial government entities. Prior to joining DHS, Watters served 27 years with the U.S. Navy and Naval Reserve as a Submarine Sonar Technician and Diver, retiring from the US Navy in 2007. Recalled to Active duty following 9/11, he was offered a position as the Deputy, Information Systems Management Officer with the 4th Marine Corps recruiting District in New Cumberland, PA. He rose to the position of S-6 before leaving in 2009 to take a position as the Chief, Information Assurance Division, Network Enterprise Center Ft Irwin, CA. Watters remained in that position until leaving to become the Branch Manager of the Cybersecurity Branch of the Puget Sound Naval Shipyard in March of 2016 and, soon after, as the Region X Cybersecurity advisor in June of 2017, which he currently holds.

  • speaker photo
    Frank Simorjay
    Distinguished Fellow, ISSA

    Frank Simorjay (CISSP, ISSA Distinguished Fellow) is a cloud security and compliance subject matter expert. Frank works for Microsoft Azure global ecosystem organization as the Lead PM of the Azure automation Blueprint program, that includes the PCI automation blueprint. Frank has written an extensive library of papers, and blogs (http://cloudntech.blogspot.com/)

  • speaker photo
    Vanessa Pegueros
    Board Member, Cybersecurity Leader, Angel Investor

    Vanessa is a cybersecurity leader with over 16 years of security experience. She is currently serving on the Board of Carbon Black (CBLK) and BECU. She also is a venture partner with Flying Fish Partners in Seattle. Vanessa formally worked as the CISO at DocuSign and successfully managed through hyper growth and an IPO in 2018. She also was the SVP of Enterprise Security at US Bank, CISO at Expedia, and has held senior level security roles with Washington Mutual, Cingular, and AT&T Wireless. She has held numerous other roles specifically within the wireless arena, including Network Planning, Architecture & Engineering, Technical Sales, and Product Development.

    She has an MBA from Stanford University, an MS in Telecommunication from the University of Colorado, and a BS in Engineering from UC Berkeley. She holds GSEC, CRISC, CISM, and CISSP security certifications, as well as the Certified Information Privacy Professional Europe (CIPP/E) privacy certification.

  • speaker photo
    Michael Hamilton
    Founder and President, Critical Informatics

    Mr. Hamilton is a former cybersecurity policy adviser to Washington State, CISO, City of Seattle, and VeriSign Managing Consultant.

  • speaker photo
    James Beeson
    CISO, Cigna

    James has over 28 years of experience in cyber security and technology. He has 17 years of direct experience as an information security leader and is currently the Chief Information Security Officer at Cigna, a global health insurance company. James previously worked 20 years for General Electric in various security and technology leadership positions.

    James was an Evanta 2016 Breakaway Leadership Award finalist and a T.E.N. ISE North America Executive Award finalist in 2011.

    He has Co-Chaired the CISO Executive Summit in Dallas for the past eight years, and participates as a keynote speaker at various events across the globe.

    James also works closely with the SINET, the Security Innovation Network, to promote public and private sector collaboration and increase the awareness of innovative emerging companies.

    James is actively involved in FS-ISAC (Financial Services – Information Sharing and Analysis Center), ISSA (Information Systems Security Association), and ISACA (Information Systems Audit and Control Association), which work to drive standards, improvements, and networking in security and risk management globally.

    He has an MBA from Southern Methodist University and a BBA in Management and Leadership.

    He is a Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), and Six Sigma Quality certified.

  • speaker photo
    Chris Vaughn
    CISO, Unify Square

    Chris Vaughn is an information security and risk management leader with two decades of experience developing information security strategies and programs for international organizations. He is the Chief Information Security Officer (CISO) at Unify Square, the leading provider of software and managed cloud services for Microsoft Skype for Business, where he owns global responsibility for information security and privacy. Prior to Unify Square, he held key leadership positions at Nestlé and the Bill & Melinda Gates Foundation. In addition to strategy development, governance, and risk management, he has also led teams specializing in security engineering, service continuity, identity management, and ISO 27001 implementation.

  • speaker photo
    Deanna Locke
    Sr. Enterprise IT Compliance & Risk Trainer, Bellevue College

    Deanna Locke, CIPP, CISSP, CISA, ITILv3, is a privacy/security professional with 25+ years combined IT, security, international privacy, Big 4 audit and cybersecurity advisory, and corporate risk and governance experience. Ms. Locke works with senior leadership to shift static, compliance-adverse, and vulnerable enterprise cultural behaviors towards becoming agile, dynamic, and innovative results-producing organizations. “There’s a control for that….” Currently, Ms. Locke is developing Enterprise IT training for traditional software development environments towards transformation to DevOps.

  • speaker photo
    Simon Gibson
    Fellow Security Architect & CISO, Gigamon

    Simon Gibson is a Fellow Security Architect at Gigamon. He provides security strategy and technology roadmap direction for Gigamon products that secure physical and virtual network traffic. Simon has been working on Internet infrastructure for nearly 20 years. From small ISP’s , to developing streaming media technology at AOL/Time Warner and working on hardware accelerated appliances with Extreme Networks for WinAmp/Shoutcast. Simon was a Systems Architect at Verisign. Prior to Gigamon, Simon led the Information Security Group at Bloomberg LP in New York and was their CISO from 2008 to 2013.

  • speaker photo
    Ryan Peters
    Chief Data Scientist & Development Director, BluVector

    As BluVector’s Chief Data Scientist, Ryan Peters leads the company’s efforts in data science and analytics-related efforts for updating and improving the product’s malware detection engines. Peters’ contributions have included rewriting most of the company’s supervised machine learning engine, developing “In-Situ Learning” to allow customers to use their data to retrain their BluVector appliance classifiers, as well as expanding the product’s detection capability to include fileless memory-based malware.

    Peters holds a bachelor’s degree in biomedical engineering from Case Western Reserve University and a master’s degree in biomedical engineering from Duke University. He has co-authored publications in the Journal of Neurophysiology and PLOS ONE and holds multiple U.S. patents.

  • speaker photo
    Craig Spiezle
    Founder & President, AgeLight Advisory & Research Group

    Craig Spiezle is the founder and managing partner of AgeLight Advisory Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.

  • speaker photo
    Aravind Swaminathan
    Partner, Cybersecurity & Data Privacy, White Collar, Investigations, Securities Litigation & Compliance, Orrick LLP

    Aravind Swaminathan is global co-chair of the firm's Cybersecurity & Data Privacy team, which was named Privacy Practice Group of the Year in 2016 by Law360, and is nationally ranked by The Legal 500 in two categories. Aravind earned "particular praise" from Legal 500, as part of a team known for being "extremely responsive and client focused, succeeding at meeting the needs of both in-house counsel and tech-savvy business clients." Aravind is a former federal cybercrime prosecutor, an accomplished trial lawyer, and class action litigator, with extensive experience in handling cybersecurity incidents and data breaches, government and internal investigations, and privacy-related matters.

    Aravind advises clients in cybersecurity risk assessment and management, breach incident response planning, and corporate governance responsibilities related to cybersecurity. Aravind has directed over 100 data breach investigations and cybersecurity incident response efforts, including ones with national security implications. He also represents companies and organizations facing cybersecurity and privacy-oriented FTC, SEC, and State Attorney General investigations and class action litigation. Aravind is a sought-after speaker on cybersecurity issues, including threat landscapes, mitigation strategies, incident response plans, and threat management in mobile device ecosystems. Aravind previously served on the City of Seattle’s Privacy Advisory Committee, as general counsel to Washington State Governor Jay Inslee's task force on drone legislation, and is currently serving as counsel to PISCES, a first-of-its-kind organization whose purpose is to facilitate information sharing between state and local agencies and municipalities to improve threat intelligence availability to support critical government services.

    Until 2013, Aravind served as an Assistant United States Attorney for the Western District of Washington, where he served as one of the district's Computer Hacking and Intellectual Property Section attorneys. As a prosecutor, Aravind investigated and prosecuted a broad array of cybercrime cases, including ones involving hacking, phishing, theft of trade secrets, click fraud, cyber threats, and identity theft. Aravind also led the United States Attorney's Office cybercrime outreach program for the Western District of Washington, where he worked with members of the Department of Justice, state and federal regulators, law enforcement and other organizations on cybersecurity and related privacy issues.

  • speaker photo
    Eva Benn
    Program Manager 2, Microsoft

    Eva Benn is a Program Manager at Microsoft, responsible for coordinating some of the enterprise’s most critical governance, risk and compliance (GRC) efforts. With over 4 years of consulting experience, Eva brings a strong background GRC and Cyber program development, 3rd party risk management and RSA Archer technology solution enablement. Her expertise in various security domains has earned her multiple well-recognized certifications such as CISSP, CEH and CCSP. Eva is also a Board member of the ISACA Puget Sound Chapter and a repeated speaker at multiple information security and GRC industry events.

  • speaker photo
    Swarnika Mehta
    Manager, KPMG LLP

    Swarnika- Swarnika is a Manager in KPMG’s Cyber practice a frequent speaker at global information security and governance, risk and compliance industry events. She leads Cyber Security and Governance, Risk and Compliance (GRC) related business transformation initiatives for technology and telecommunication industries in the PNW. She has over 6 years of risk consulting experience and has a strong background GRC and Cyber program development and implementation, cloud security and compliance, information security & risk management, and certification and accreditation (C&A).She was recognized by the US Consulting Magazine as the Top 35 under 35 Rising Stars of the Profession, for long-term commitment to excellence.

  • speaker photo
    LTC John Sutherland, PhD
    Sr. Client Technology Architect, CenturyLink

    John is a Senior Technology Architect at CenturyLink, a retired US Army intelligence officer, a former Defense Attaché, and SE Asian Foreign Area Officer fluent in Vietnamese with over 26 years of experience in information security and political-military operations. CISM, CISSP.

  • speaker photo
    John O'Leary
    President, CISSP, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award.

  • speaker photo
    Gary Southwell
    GM & VP Security Products Division , CSPi
  • speaker photo
    Christopher Williams
    Advisory Solutions Architect, RSA

    Christopher is a leading voice in the convergence of operational IT practices and Identity, Audit, and Compliance programs. His career features 15 years as a practicing manager of data centers, operations & technical services and consulting teams for fortune 500 companies and DOD contractors; plus another 20 years of technical services, product, and product marketing management. Christopher now serves as the Advisory Solutions Architect for RSA, the industry’s leading Security, Identity & Access Governance solutions provider. In this role Christopher continues to help organizations around the world define and achieve their goals through process workshops, mentoring seminars, and numerous publications.
     

  • speaker photo
    Karl Weaver
    Business Development Director, Newport Technologies

    Mandarin Chinese-speaking, Mobile Device ecosystem specialist for the Smart Card sector of the Wireless industry. Newport Technologies is Karl’s public speaking vehicle to evangelize cutting edge mobile technologies within Greater China and Asia. Karl’s career in the Smart Card/Semiconductor ecosystem and embedded software World spans 13 years. Additionally, Karl spent 5 years working in China for Gemalto (and Trustonic) as Rainmaker for design in of embedded Mobile NFC Payments & TEE security technologies to the OEM Smartphone/Tablet PC ecosystem. He possesses a B.S degree in Business Management from Salve Regina University, Certification in Mandarin Chinese Language, Customs and Culture from National Taiwan Normal University – Mandarin Training Center and Certification in Broadband wireless communications from University of Washington (Seattle). Karl has many streaming videos on YouTube and Youku discussing mobile payment and security technologies. In 2014, Karl stablished an NFC, Payments & TEE Security Meetup Group in the Seattle tech corridor. Karl is a top public speaker on Wearable Payment Smartwatches for subway transit ticketing in China.

  • speaker photo
    Kip Boyle, Instructor
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Kevin Murphy
    Business Information Security Officer (BISO), T-Mobile USA

    Kevin has more than 25 years of experience in threat intelligence and information security. He was the VP of cybersecurity operations and governance at IOActive.com, a retired NSA intelligence officer, the former director of Windows security architecture at Microsoft, and shipped Windows 10 (not by myself). He holds the CISM, CISSP, CGEIT security certifications.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes