googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, November 7, 2018
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Topic: A Legal Post-Mortem: What Did the Lawyers Learn From a Ransomware Attack?
    speaker photo
    CEO, The Privacy Professor; CEO, Privacy & Security Brainiacs
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: 408

    This session is for Advisory Council members only.

    8:00 am
    [SecureWorld PLUS] Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 401

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 1 - How to Build the Future: A Deep Dive into Artificial Intelligence, Blockchain, and Preparing Your Organization for 5-10 Years Ahead
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    The Bald Futurist, Former Chief Evangelist and Futurist, Intel
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 407

    In this workshop, you will learn about two of the most important technologies shaping our future, Artificial Intelligence and Blockchain technology. You will then learn how to use the Futurecasting process to model, plan, and build future experiences, including some that are a built around AI and Blockchain. While it does discuss some technical topics at a high level, this workshop is open and accessible to anyone and everyone. Sign up today to boost your knowledge on both AI and Blockchain, and to learn new techniques that will enable you to imagine, plan and build the future.

    Hear from Steve as he gives a preview of what he will cover in this PLUS course: https://youtu.be/eN-wYrdPyjs

    AGENDA

    Introductions

    Artificial Intelligence: How AI will reshape every business, including yours
    Artificial intelligence (AI) is a profoundly important set of technologies that are already shaping the way we live our lives, and the ways that businesses operate. As the second era of computing, AI will have as profound of an effect on business and society as did electrification and traditional digital computers. Over the next decade, AI will transform all our lives and will reshape every industry. AI will power autonomous vehicles, smart robots, drones, virtual assistants, and chatbots. It will manage our smart cities, power sentient factories, and oversee our smart energy grids. AI will turbo-charge medical diagnosis, revolutionize customer service, and aid in the discovery of new materials and new pharmaceuticals. AI will reshape every business process, and could reshape the structure of every team. The HR Director and CIO of every company will need to become best friends as IT and HR co-own a blended human-machine labor force. Every IT person needs to understand the capabilities, limitations, and implications of artificial intelligence, no matter their level of technical acumen. This session explains what Artificial Intelligence is and how it can be used. Attendees will then review the main concepts of AI: artificial neural networks, deep learning, supervised learning, unsupervised learning, reinforcement learning, and generative adversarial networks. Finally, the session will explore how AI may develop in the future, and how it will require a rethinking of every workflow, and every workplace.

    Blockchain beyond crypto-currencies: Your foundation to create new business value
    Crypto-currencies like Bitcoin are just one of the many applications that can be built on top of Blockchain technology. Blockchain has rapidly become a valuable platform for new value creation across a wide range of industries. Heavyweights like IBM, Walmart, Accenture, Intel, and Bank of America are all placing big bets in this area. Over the last thirty years, we have moved from the client-server era, through the cloud computing era, and now with Blockchain to the era of distributed applications. Blockchain technology removes the need for central authorities, creates trust in a trestles world, reduces transaction costs, and dramatically improves traceability. In this session, you’ll cover Blockchain basics, understand why Blockchain technology is so disruptive, and learn how distributed applications (dApps) enable a new innovation paradigm that brings with it new funding and collaboration models. You’ll then look at examples of how Blockchain is already being used to solve problems in a wide range of industries, from real-estate to supply chain, and healthcare to energy.  Be sure that you are prepared to take full advantage of the increased levels of trust, privacy, traceability, and data security made possible by Blockchain technology. Every IT person needs to understand the implications of this technology to their business.

    Futurecasting Workshop
    In this workshop, you’ll learn all the main steps of the Futurecasting process, a proven foresights process developed by futurist, Brian David Johnson. You will then practice each of these major steps—trend synthesis, personas, rapid futurecasting, science fiction prototyping, and backcasting—and start to develop some plans for the future. Some of these plans will build upon what you learned during the two morning sessions focused on AI and Blockchain. In addition to using Rapid Futurecasting to design simple experiences that you may wish to create, you will also consider the investments, partnerships, R&D effort, and talent plans you might need to succeed. “The best way to predict the future is to design it”. So said engineer, inventor, and futurist Buckminster Fuller. Similar statements have been credited to Alan Kay, Peter Drucker, and even Abraham Lincoln. The bottom line is that in order to seize a leadership position in any market, a company needs to take an active role in defining the future that they want to build, and then develop a comprehensive plan to build that imagined future. Attend this workshop to learn how to deploy the Futurecasting process at your company, or perhaps in your own life, as a way to help you model, plan, and then build the future that you want.

    8:00 am
    SecureWorld PLUS Part 1 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CSO, Security Mentor; Former CISO, State of Michigan
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 303

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    8:30 am
    Introduction to Industrial Controls Security
    • session level icon
    speaker photo
    Founder & Principal, 443 Consulting LLC
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 403
    Industrial controls and their security is becoming more newsworthy; however, many people don’t quite understand what these are and their security vulnerabilities. This presentation is intended to help the listener better understand what industrial controls are, what the security risks are, and how to learn more about the issues.
    8:30 am
    Cybersecurity Update: Phishing to Ransomware - Looking Ahead to 2019
    • session level icon
    speaker photo
    Business Information Security Officer (BISO), T-Mobile USA
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 406
    Ransomware: Will your company become the next Atlanta? Learn and discuss the latest best practices for how to protect your data and infrastructure in this highly interactive session where you learn from your peers.
    8:30 am
    Spirion: Celebrity Regulation Smackdown: GDPR vs. CCPA
    • session level icon
    speaker photo
    VP, Corporate Privacy, and General Counsel, Spirion
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 404

    The General Data Protection Regulation (GDPR) represents the most sweeping data protection regulation to be brought into force in the last 20 years.  It addresses not only data traditionally considered “sensitive,” but so-called “online identifiers,” such as MAC/IP addresses, geolocation data, and browser fingerprints.  Barely a month after the Regulation’s May 25, 2018 commencement date, the California Consumer Privacy Act of 2018 (CCPA) was passed into law, the result of a frenetic 6-day drafting process.  Many consider the two laws to effectively be the same, but a close inspection reveals some striking differences.  In this presentation, a privacy industry veteran will offer some perspective on both laws.  Key takeaways include:

    • An understanding of the primary differences between the two laws;
    • Information security requirements under both laws; and
    • Leveraging GDPR compliance efforts to meet the requirements of the CCPA
    8:30 am
    IoT Hazardization: How Can an Enterprise Manage the Risk?
    • session level icon
    speaker photo
    Founder & President, AgeLight Advisory & Research Group
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 405

    As the plethora of connected devices appear in the workplace, enterprises are faced with the daunting task of completing risk assessments and managing the security and safety risks, including their impact to infrastructure and the resulting life / safety risks. This session will review the risk and provide frameworks to help identify the risks and develop security strategies.

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    OPENING KEYNOTE — Going Digital: Building Your Strategic Roadmap for the Next Wave of Digital Transformation
    • session level icon
    speaker photo
    The Bald Futurist, Former Chief Evangelist and Futurist, Intel
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:30 am
    Location / Room: Keynote Theater

    The next major wave of digital transformation will integrate the physical parts of your business even more intimately with the digital world, using sensors, analytics, artificial intelligence, robotics, augmented reality, 5G networking, and blockchain technology. In this talk, former Intel futurist Steve Brown presents a fast-paced, fun exploration of what it will mean to “go digital” in the next decade, and reviews the business and security strategies we will need to navigate the road ahead.

    Hear from Steve as he gives a preview of what he will cover in his keynote: https://youtu.be/Er1spVCyzS8

    10:30 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:30 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: Securing the Cloud
    speaker photo
    Founder & President, AgeLight Advisory & Research Group
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 408

    This session is for Advisory Council members only.

    11:00 am
    Panel — Blockchain: Living in the Future
    • session level icon
    speaker photo
    Engineering Team Lead and Product Owner, GE Digital
    Registration Level:
    • session level iconConference Pass
    11:00 am - 12:00 pm
    Location / Room: 404

    Sometime in late 2017, Gartner pegged Blockchain as a technology going through the “peak of inflated expectations” phase in its hype cycle for emerging trends. A year later, the hype has not come down at all. Today, most major enterprise companies have a story to tell in the Blockchain realm. This includes Microsoft, Amazon, SAP, among many others.

    In this panel, we will talk to members of this group to understand what lies beyond the hype. What do they see as the future roadmap of their Blockchain offerings? Are they focusing more on partnerships and integrations to carry the buzz forward? Are they counting on integrating with their own native cloud-platform services to make it more sticky? What about the security considerations? And then the elephant in the room, what about enterprise-ready Blockchains? Is that a real thing? What is the security story of Blockchains? Do real world customers truly care?

    Panelists:
    Kieren James-Lubin, Co-Founder, President & CEO, BlockApps
    Joe Roets, Founder & CEO, Dragonchain
    Deep Ghumman, Partner/Principal, EY
    Rohit Amberker, Finance Director, Microsoft

    11:15 am
    Comodo: Malware, Legitimate Code Doing Illegitimate Things
    • session level icon
    speaker photo
    Security Engineer, West, Comodo
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 403

    You will never prevent 100% of malware from entering your network.

    11:15 am
    [Trend Micro] EDR Is the Latest 'Rage' but What About XDR?
    speaker photo
    Principal Engineer, Trend Micro, Inc.
    Registration Level:
    11:15 am - 12:00 pm
    Location / Room: 406

    Is Endpoint Detection and Response the wave of the future, or simply another piece of the security architecture? In this session, we will discuss the uses of EDR and how one source of truth may be too narrow a focus to truly evolve security controls. Enter XDR: Drawing from all layers of an infrastructure to bring into view all elements of an attack. Much like the past when SIEM was all the “buzz,” the more things change the more they stay the same. Join us for an interactive session.

    11:15 am
    Professionalization of Cybersecurity
    • session level icon
    speaker photo
    Executive Director, Center for Information Assurance and Cybersecurity, University of Washington
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 405
    Since Snowden, there have been government initiatives to professionalize cybersecurity that impact the training/education and qualifications of those choosing this field. In recent years, these efforts have accelerated and intensified. This session will bring practitioners up to speed on the national and international efforts to standardize the profession to be on par with others such as medicine and law with regard to providing a bar to entrance. The speaker will be happy to share her work at the national level in bringing this about.
    11:15 am
    [Radware] Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Security Evangelist, North America, Radware
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 402

    Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Topic: Approaches to Staffing a Security Operations Center – Focus on Outsourcing One or More Aspects of the Function.
    speaker photo
    Board Member, Cybersecurity Leader, Angel Investor
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 408

    This session is for Advisory Council members only.

    12:15 pm
    LUNCH KEYNOTE: Do Our Security Solutions Align with Cybersecurity’s Future? A View from the Trenches
    • session level icon
    speaker photo
    Client Solutions Advisor, Optiv
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    How do we adapt to the perpetual change of security while accepting its dim realities? Before we can fully answer this, we need to understand where we are going, or at least know where we aren’t going, and learn from the past few years. We also need to understand that new threats don’t always require new tools, and efficiency is as important as efficacy.

    1:15 pm
    Panel: What Will They Think of Next? (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    It would seem the more we “build a better mousetrap” the better the threats become. Will machine learning and AI be used against us in the future? Will these and other innovations be hacked and used for gain? Will the Crime-as-a-Business platform take off where business competitors are utilizing these attacks for the upper hand? Perhaps the cars that are being hacked will evolve into driverless vehicles that are hacking companies from inside their own parking lots. What about drones?
    Panelists:
    Tam Huynh, SentinelOne
    Steve Shalita, Pluribus Networks
    Ron Winward, Radware
    Nelson Cottier, IXIA
    Dave Caldwell, Optiv
    Moderator: Larry Wilson

    1:15 pm
    Panel: Phishing and Social Engineering Scams 2.0
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 404

    Phishing continues to be the #1 attack vector for the bad guys. Why? Simply put: it works. These attacks keep getting more realistic and sophisticated. In the future we should expect nothing less. Criminals will do more homework on their potential victims and possibly pose as business leads or clients to gain our trust. What sales person doesn’t want email from a potential client who wants a new solution? Or they may just lay in wait until they’ve collected enough information to strike. Will they actually come to your business and drop thumb drives like pen testers do? Use drones to do their dirty work?
    Panelists:
    Jon Clay, Trend Micro
    Zoe Lindsay, Duo Security
    Wayne Tynes, Mimecast
    Kellen Christensen, Dasher Technologies
    Moderator:
    Dan Lohrmann

    1:15 pm
    Palo Alto: Signs That the Security Market is Ready for Disruption are Here
    • session level icon
    speaker photo
    Sr. Systems Engineer, Palo Alto Networks
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 405

    Safeguarding your organization’s digital landscape requires the rapid adoption of new technologies with the same scale, leverage and agility employed by the adversary. However, current approaches that address this paradigm offer diminishing value, as the increased burden is put on network defenders who continue to struggle with evaluation, deployment and implementation among siloed capabilities from multiple providers.

    Break out of the cybersecurity status quo.  Join us to learn about the evolution of cybersecurity and a model for the of future of security innovation, reinventing how security practitioners rapidly access, evaluate and adopt the most compelling new security technologies.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Panel: Identity and Access Management
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 404

    Access control, tokens, firewalls, and biometrics will play a role in how we manage who is on the network or in our offices. VR may be the way of the future for remote employees. Will we be able to determine who is actually logging in? Did someone spoof the VR hardware and become a secret insider threat? Is someone piggybacking on the signal and learning more than they should? Can AI be used against us so that perpetrators can infiltrate the network? Sounds like science fiction, but is it?

    Panelists:
    Tapan Shah, Sila
    Heather Howland, Preempt
    Rod Soto, Jask
    Sean Ventura, Atmosera

    3:00 pm
    Less Talk and More Action: How the Global Cyber Alliance Is Making a Difference and You Can Too
    • session level icon
    speaker photo
    Global Communications Officer, Global Cyber Alliance
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 403

    The Global Cyber Alliance (GCA) is an international nonprofit focused on developing and deploying practical solutions, made freely available, that measurably improve our collective cybersecurity.

    In this session, you’ll learn about GCA’s more than 200 global partnerships and how their resources—such as the email authentication (DMARC) Setup Guide and the Quad 9 web security service (which blocks 2 million threats a day)—can help your organization. Looking forward, we’ll discuss GCA’s plans to make smart cities more secure cities by tackling security challenges associated with IoT devices and technologies.

    3:00 pm
    Mimecast— The Human Firewall Is on Fire: What Do You Do When the Smoke Clears?
    • session level icon
    speaker photo
    Sr. Sales Engineer, Mimecast
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 405

    Many enterprises are focused on prevention and are too busy with day-to-day firefights to look beyond the flames and think about how to recover. Beyond preventing attacks, organizations need to focus on detection and response. It’s no longer a matter of if you’re going to be attacked, but when. Join this session to:
    • Learn the cutting edge tactics of these digital thieves
    • Identify and combat these attacks
    • Learn how to recover, should an attack break through your defenses

    3:00 pm
    Automating Firewall Certification with Robot Framework
    • session level icon
    speaker photo
    Security Engineer III, Charter Communications
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 406
    With constant new version updates for Firewall devices combined with new vulnerabilities in the various versions, production devices need to be routinely upgraded to the newest version to ensure not just security compliance, but also availability to use new features. Any new versions need to undergo several tests before being deployed in production. Robot Framework allows to automate configuration, audits, verification and all test cases, using keyword driven approach with Python, as the underlying platform.
    3:00 pm
    [SecureWorld PLUS] Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 401

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:00 pm
    SecureWorld PLUS Part 2 - How to Build the Future: A Deep Dive into Artificial Intelligence, Blockchain, and Preparing Your Organization for 5-10 Years Ahead
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    The Bald Futurist, Former Chief Evangelist and Futurist, Intel
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 407

    In this workshop, you will learn about two of the most important technologies shaping our future, Artificial Intelligence and Blockchain technology. You will then learn how to use the Futurecasting process to model, plan, and build future experiences, including some that are a built around AI and Blockchain. While it does discuss some technical topics at a high level, this workshop is open and accessible to anyone and everyone. Sign up today to boost your knowledge on both AI and Blockchain, and to learn new techniques that will enable you to imagine, plan and build the future.

    Hear from Steve as he gives a preview of what he will cover in this PLUS course: https://youtu.be/eN-wYrdPyjs

    AGENDA

    Introductions

    Artificial Intelligence: How AI will reshape every business, including yours
    Artificial intelligence (AI) is a profoundly important set of technologies that are already shaping the way we live our lives, and the ways that businesses operate. As the second era of computing, AI will have as profound of an effect on business and society as did electrification and traditional digital computers. Over the next decade, AI will transform all our lives and will reshape every industry. AI will power autonomous vehicles, smart robots, drones, virtual assistants, and chatbots. It will manage our smart cities, power sentient factories, and oversee our smart energy grids. AI will turbo-charge medical diagnosis, revolutionize customer service, and aid in the discovery of new materials and new pharmaceuticals. AI will reshape every business process, and could reshape the structure of every team. The HR Director and CIO of every company will need to become best friends as IT and HR co-own a blended human-machine labor force. Every IT person needs to understand the capabilities, limitations, and implications of artificial intelligence, no matter their level of technical acumen. This session explains what Artificial Intelligence is and how it can be used. Attendees will then review the main concepts of AI: artificial neural networks, deep learning, supervised learning, unsupervised learning, reinforcement learning, and generative adversarial networks. Finally, the session will explore how AI may develop in the future, and how it will require a rethinking of every workflow, and every workplace.

    Blockchain beyond crypto-currencies: Your foundation to create new business value

    Crypto-currencies like Bitcoin are just one of the many applications that can be built on top of Blockchain technology. Blockchain has rapidly become a valuable platform for new value creation across a wide range of industries. Heavyweights like IBM, Walmart, Accenture, Intel, and Bank of America are all placing big bets in this area. Over the last thirty years, we have moved from the client-server era, through the cloud computing era, and now with Blockchain to the era of distributed applications. Blockchain technology removes the need for central authorities, creates trust in a trestles world, reduces transaction costs, and dramatically improves traceability. In this session, you’ll cover Blockchain basics, understand why Blockchain technology is so disruptive, and learn how distributed applications (dApps) enable a new innovation paradigm that brings with it new funding and collaboration models. You’ll then look at examples of how Blockchain is already being used to solve problems in a wide range of industries, from real-estate to supply chain, and healthcare to energy.  Be sure that you are prepared to take full advantage of the increased levels of trust, privacy, traceability, and data security made possible by Blockchain technology. Every IT person needs to understand the implications of this technology to their business.

    Futurecasting Workshop

    In this workshop, you’ll learn all the main steps of the Futurecasting process, a proven foresights process developed by futurist, Brian David Johnson. You will then practice each of these major steps—trend synthesis, personas, rapid futurecasting, science fiction prototyping, and backcasting—and start to develop some plans for the future. Some of these plans will build upon what you learned during the two morning sessions focused on AI and Blockchain. In addition to using Rapid Futurecasting to design simple experiences that you may wish to create, you will also consider the investments, partnerships, R&D effort, and talent plans you might need to succeed. “The best way to predict the future is to design it”. So said engineer, inventor, and futurist Buckminster Fuller. Similar statements have been credited to Alan Kay, Peter Drucker, and even Abraham Lincoln. The bottom line is that in order to seize a leadership position in any market, a company needs to take an active role in defining the future that they want to build, and then develop a comprehensive plan to build that imagined future. Attend this workshop to learn how to deploy the Futurecasting process at your company, or perhaps in your own life, as a way to help you model, plan, and then build the future that you want.

    3:00 pm
    SecureWorld PLUS Part 2 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CSO, Security Mentor; Former CISO, State of Michigan
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 303

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    4:30 pm
    Optiv Reception
    • session level icon
    Join Optiv and partners for Happy Hour on the 4th floor!
    Registration Level:
    • session level iconOpen Sessions
    4:30 pm - 8:30 pm
    Location / Room: Cast Iron Studios

    Join your peers for complimentary hors d’oeuvres, beverages, and conversation following the first day of SecureWorld. This is a great opportunity to network with other security professionals from the area, and to discuss the hot topics from the day. NOTE: This event is for SecureWorld attendees and Optiv partners only, thank you.

  • Thursday, November 8, 2018
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    [SecureWorld PLUS] Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 401

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 3 - How to Build the Future: A Deep Dive into Artificial Intelligence, Blockchain, and Preparing Your Organization for 5-10 Years Ahead
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    The Bald Futurist, Former Chief Evangelist and Futurist, Intel
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 407

    In this workshop, you will learn about two of the most important technologies shaping our future, Artificial Intelligence and Blockchain technology. You will then learn how to use the Futurecasting process to model, plan, and build future experiences, including some that are a built around AI and Blockchain. While it does discuss some technical topics at a high level, this workshop is open and accessible to anyone and everyone. Sign up today to boost your knowledge on both AI and Blockchain, and to learn new techniques that will enable you to imagine, plan and build the future.

    Hear from Steve as he gives a preview of what he will cover in this PLUS course: https://youtu.be/eN-wYrdPyjs

    AGENDA

    Introductions

    Artificial Intelligence: How AI will reshape every business, including yours
    Artificial intelligence (AI) is a profoundly important set of technologies that are already shaping the way we live our lives, and the ways that businesses operate. As the second era of computing, AI will have as profound of an effect on business and society as did electrification and traditional digital computers. Over the next decade, AI will transform all our lives and will reshape every industry. AI will power autonomous vehicles, smart robots, drones, virtual assistants, and chatbots. It will manage our smart cities, power sentient factories, and oversee our smart energy grids. AI will turbo-charge medical diagnosis, revolutionize customer service, and aid in the discovery of new materials and new pharmaceuticals. AI will reshape every business process, and could reshape the structure of every team. The HR Director and CIO of every company will need to become best friends as IT and HR co-own a blended human-machine labor force. Every IT person needs to understand the capabilities, limitations, and implications of artificial intelligence, no matter their level of technical acumen. This session explains what Artificial Intelligence is and how it can be used. Attendees will then review the main concepts of AI: artificial neural networks, deep learning, supervised learning, unsupervised learning, reinforcement learning, and generative adversarial networks. Finally, the session will explore how AI may develop in the future, and how it will require a rethinking of every workflow, and every workplace.

    Blockchain beyond crypto-currencies: Your foundation to create new business value

    Crypto-currencies like Bitcoin are just one of the many applications that can be built on top of Blockchain technology. Blockchain has rapidly become a valuable platform for new value creation across a wide range of industries. Heavyweights like IBM, Walmart, Accenture, Intel, and Bank of America are all placing big bets in this area. Over the last thirty years, we have moved from the client-server era, through the cloud computing era, and now with Blockchain to the era of distributed applications. Blockchain technology removes the need for central authorities, creates trust in a trestles world, reduces transaction costs, and dramatically improves traceability. In this session, you’ll cover Blockchain basics, understand why Blockchain technology is so disruptive, and learn how distributed applications (dApps) enable a new innovation paradigm that brings with it new funding and collaboration models. You’ll then look at examples of how Blockchain is already being used to solve problems in a wide range of industries, from real-estate to supply chain, and healthcare to energy.  Be sure that you are prepared to take full advantage of the increased levels of trust, privacy, traceability, and data security made possible by Blockchain technology. Every IT person needs to understand the implications of this technology to their business.

    Futurecasting Workshop

    In this workshop, you’ll learn all the main steps of the Futurecasting process, a proven foresights process developed by futurist, Brian David Johnson. You will then practice each of these major steps—trend synthesis, personas, rapid futurecasting, science fiction prototyping, and backcasting—and start to develop some plans for the future. Some of these plans will build upon what you learned during the two morning sessions focused on AI and Blockchain. In addition to using Rapid Futurecasting to design simple experiences that you may wish to create, you will also consider the investments, partnerships, R&D effort, and talent plans you might need to succeed. “The best way to predict the future is to design it”. So said engineer, inventor, and futurist Buckminster Fuller. Similar statements have been credited to Alan Kay, Peter Drucker, and even Abraham Lincoln. The bottom line is that in order to seize a leadership position in any market, a company needs to take an active role in defining the future that they want to build, and then develop a comprehensive plan to build that imagined future. Attend this workshop to learn how to deploy the Futurecasting process at your company, or perhaps in your own life, as a way to help you model, plan, and then build the future that you want.

    8:00 am
    SecureWorld PLUS Part 3 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CSO, Security Mentor; Former CISO, State of Michigan
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 303

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    8:00 am
    InfraGard Chapter Meeting - Open to all Attendees
    • session level icon
    Presentation: Being Smart About Intelligence
    speaker photo
    Director of Digital Design, Thornton Tomasetti
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 9:15 am
    Location / Room: Keynote Theater

    Join InfraGard for their chapter meeting and guest presentation. This session is for InfraGard members and all attendees interested in the local association. This is also a great networking opportunity.
    8:00 – 8:30 – Networking
    8:30 – 9:15am – Janet’s presentation
    Presentation:
    Adversaries are sophisticated, clever, motivated and highly focused. Attacks are well planned, coordinated and use a variety tactics combining cyber, physical, human and technical to accomplish their goals. Learn more about adversarial focus, strategies and tactics and how effective threat intelligence can proactively mitigate attacks, enhance enterprise risk management and get you ahead of the game. No matter how big or small your organization is…you are a target! Knowing your adversaries gives you the strategic advantage when protecting your organization.

    8:30 am
    Security: Are We Getting It Wrong?
    • session level icon
    speaker photo
    Security & Privacy Information Systems Leader, Philips
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 405

    After more than 20 years of being in security and seeing the same problems occurring in the industry, is it me, or are we crazy? We still have cross-site scripting problems, incomplete installations of security software, poor implementations of access control, or access control that is so complicated users are trying to bypass it. What are we doing wrong? The time has come for us to look at security differently. We worry about user behavior, but how about looking at data behavior? We want to secure users, but what we really want to do is secure data. Is change in the wind?

    8:30 am
    Threat Hunting with Notebook Technologies
    • session level icon
    speaker photo
    Founder and Executive Director, Metycus
    speaker photo
    Sr. Security Analyst , Microsoft
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 406
    What happens when you transform your threat hunt playbooks from static step-by-step guides to something more dynamic? What if instead of copying and pasting code and queries from a document you could execute blocks of code from within the same framework as your text and notes? Notebook technologies have emerged largely from the data science community and have a direct application to the security domain. We will show several data science examples applied to threat hunting that involve interfacing with data from across the data landscape … one notebook, multiple data sources.
    8:30 am
    Sila: Preventing the “Paper Vault”: Imperatives for Securing Your PAM Tool
    • session level icon
    speaker photo
    Sr. Manager and IAM Practice Lead, Sila
    speaker photo
    Sr. Manager and Cybersecurity Architect, Sila Solutions Group
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: 404

    Without thoughtful planning, a PAM implementation can both increase the attack surface and reduce overall security—effectively introducing more security problems than it solves. Who wants a bank vault made of paper? Privileged Access Management tooling is an essential part of the enterprise Cybersecurity and Identity and Access Management landscape. Enterprises count on these tools to improve their security posture, decrease risk and meet demanding compliance requirements. In this informative session learn how you can secure your vault and make your PAM system an effective pillar of your security infrastructure.

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    OPENING KEYNOTE: Leveraging SDN Technology to Improve Enterprise Security
    • session level icon
    speaker photo
    Vice President, Marketing and Business Development, Pluribus Networks
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    With increasing numbers of high profile breaches, focusing on securing the perimeter is no longer sufficient. New traffic types and the proliferation of diverse end-points along with increased mobility and wireless access fuels a dramatic increase in untrusted traffic entering the network. In addition, the growth of multi-cloud environments and cloud services requiring access to Enterprise resources pose additional challenges. As mixed-use networks continue to grow and Internet of Things (IoT) traffic is introduced to the network, security organizations need a more dynamic approach to secure the increases of unsecure and untrusted traffic.

    Imagine being able to build a simple, automated and secure network overlay that empowers the enterprise with cloud-scale, elasticity and adaptability and enables independence from network operations. This session will discuss the evolution of Software-Defined Networking (SDN) technologies and explore how to leverage a dynamic SDN architecture to enable dynamic traffic segmentation, distributed policy enforcement, shared security services and increased operational intelligence to reduce risk, contain infiltrations and prevent attack proliferation.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: The Scope of Pen Testing
    speaker photo
    Partner, Data Protection, Privacy & Security Group, K&L Gates LLP
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 408

    This session is for Advisory Council members only.

    11:15 am
    Duo — Past the Perimeter: Earned Access Through a Zero-Trust Model
    • session level icon
    speaker photo
    Customer Advocacy, Duo Security
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 405

    Users whose digital lives are increasingly mobile don’t want to be tied to their desks, and an effective security strategy must be flexible enough to protect access from boardrooms and bars, cubicles and coffee shops alike. To do this, companies must ensure that users and their devices meet the same security controls, whether they’re outside or inside the network perimeter.

    Duo adopted the “zero-trust network” model to solve this challenge. All networks and devices are treated as untrusted until proven otherwise, and their health is checked each time a user connects to a protected resource. This approach depends on visibility into whether basic device and network security standards are met. It also requires the ability to enforce granular policy controls based on the results of that health check.

    The perimeter is disappearing, and it’s not coming back… find out how you can get a head start on what’s next.

    11:15 am
    Future Threats
    • session level icon
    What You Can do Today
    speaker photo
    Principal Enterprise Security Architect, Providence St. Joseph Health
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 403
    An overview of threats and other security topics which will be affecting IT Security over the next several years, and how to start preparing for them now. Subjects covered range from artificial intelligence to quantum resistant encryption.
    11:15 am
    Speaking the Language of the Board of Directors and the C-Suite
    • session level icon
    speaker photo
    CISO, Axiom Law
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 402
    As a group, technology professionals tend to be data-driven to seek binary answers. We can easily spend hours following clues to find that “Holy Grail” of technology answers. That deep subject matter expertise that is so beneficial to us in our day-to-day roles can also become our weakness when we’re talking to the Board of Directors and the C-Suite. Join Anne-Marie as she shares her experiences in reporting and presenting to the Board of Directors and C-Suite.
    11:15 am
    Establishing Academic Programs and Career Pathways for the Cyber Workforce
    • session level icon
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 406
    As the former CISO for the University of Massachusetts, I have had many opportunities to interact with IT professionals, IT managers, business leaders and other management / operations personnel who would benefit with a baseline knowledge, skills and abilities in the Cybersecurity field. As we continue to move to a more digital / cloud based world, the need for advanced skills in cybersecurity will only increase. This presentation will focus on developing academic curriculum that meets the changing workforce needs as well as establishing career pathways for individuals who are interested in a career in cybersecurity.
    11:15 am
    Panel: Public/Private Partnerships – Developing Them in the Seattle Cybersecurity Community
    • session level icon
    speaker photo
    Information Security & Compliance Engineer, Costco Wholesale
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 404

    A collective panel including public agencies, Federal Bureau of Investigation (FBI), U.S. Secret Service (USSS), Department of Homeland Security (DHS), Washington State Fusion Center (WSFC) and Seattle Police Department (SPD). We will review the importance of public/private relationships, regular communication and share an example of a private sector information security individual’s experience.  An Introduction will be made to the local Seattle agencies as they discuss their missions and their outreach resources.  These include Area of Responsibility (AOR), Organizations’ mission, Agency collaboration and best method of contact

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Topic: Addressing the Talent Gap
    speaker photo
    Sr. Compliance Officer, CenturyLink Business
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 408

    This session is for Advisory Council members only.

    12:15 pm
    LUNCH KEYNOTE: Prevent Nightmares in the IoT
    • session level icon
    speaker photo
    CEO, The Privacy Professor; CEO, Privacy & Security Brainiacs
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    1:15 pm
    Panel: Extortion-as-a-Service? (Ransomware and Beyond)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 404

    Remember when ransomware just seized up your computer and forced you to send Bitcoin to unlock it? With the advances in cybercrime, the thieves are not only locking and encrypting your files, but they are also finding your dirty little secrets. You may not pay for the run of the mill files you have backed up, but you might be more inclined to pay even more to make sure no one finds out some of your more compromising personal information. Or what about all the credit card numbers you aren’t storing correctly? It would be a shame if your boss knew you were sending out resumes…. Will these attacks also be available for purchase on the dark web?
    Panelists:
    Scott Giordano, Spirion
    Eric Wong, Comodo
    Collin Miller, Structured
    Allan Vogel, Fidelis
    Doug Clifford, Tenable
    Matt Tycksen, Thales
    Grant Asplund, Check Point Security
    Moderator: Bruce Sussman, SecureWorld

    1:15 pm
    Panel: Stopping the Attacks (Incident Response)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Security teams are struggling to keep up with the myriad of attack vectors that exist. Future InfoSec professionals will take a more adversarial approach to incident response. Will we have Artificial Intelligence helping threat hunters squash attacks before they can do any significant damage on the network, while alerting the authorities in real time? Can a true partnership form between organizations and law enforcement to share information?
    Panelists:
    Ben Derr, CyberArk
    Cameron Naghdi, Malwarebytes
    TJ Biehle, Gigamon
    Steve Jordan, Fortinet
    Dan Katz, Anomali
    Corey Smith, Qualys
    Moderator: Michael Ray

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Governance, Risk, and Compliance (GRC): Hit Refresh, Do It Again
    • session level icon
    speaker photo
    Program Manager 2, Microsoft
    speaker photo
    Sr. Engineering Program Manager, Security/GRC, Microsoft
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 403
    With the complexity and sheer volume of business groups, each with different level of maturity, enabling an overarching governance, risk and compliance (GRC) program at a global organization such as Microsoft, is no easy task. Join us to learn how Microsoft leveraged technology and a few key best practices to transform their governance, risk, and compliance efforts into something far more meaningful, strategic, and most importantly effective. By enabling cognitive decision-making through telemetry and innovating our GRC processes powered by a unified compliance framework and common risk methodology, we just might be on the way to revolutionizing the GRC realm.
    3:00 pm
    Monkey See, Monkey Do: Security, Privacy, and Conduct Risk
    • session level icon
    speaker photo
    Associate Teaching Professor, The Information School, University of Washington
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 405
    While Congress and large technology companies spar over creating a corporate privacy policy, the largest single risk most companies face is from all that is included in conduct risk, which frequently leads to financial or reputational loss. Included in conduct risk examples are former CEOs, but also more frequent examples like the theft and sale of corporate information by insiders or third parties. Though boards of directors are now more aware of the challenges of conduct risk, the “monkey see/monkey do” pattern affects security firms as often as it does Wall Street. This session looks at the root causes of conduct risk: tone at the top, culture, and conflicts of interest and makes recommendations to prepare for our cyber future.

     

    3:00 pm
    DevOps: Security’s Big Opportunity
    • session level icon
    speaker photo
    CISO of North America, Checkmarx
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 406
    DevOps culture creates an opportunity for us to improve application security. Since developers are the ones producing code, integrating components and creating the innovations that fuel our digital economy, they are also the ones who will determine whether or not security is part of development or not. Security professionals must therefore learn to how to talk to developers about how to create a security program that will accelerate development and not slow it down.
    3:00 pm
    Teaching the Human: Security Awareness Program Design and Discussion
    • session level icon
    speaker photo
    Americas Lead for Human Cyber Risk and Education, EY
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 404

    At any given moment in their work day, a person will make a security decision that will impact your organization.  Have you enabled your workforce with the knowledge to make the right one?  Generational and cultural differences, as well as learning styles, will all impact the design of a security awareness program.  Learn about these factors and how social engineering is the greatest threat your workforce faces in this session.

Exhibitors
  • AellaData
    Booth: 344

    Aella is the industry’s first Pervasive Detection & Response (PDR) platform, powered by big data & advanced AI. Under the covers, Aella collapses your detection tools (breach detection, IDS, Sandbox, SIEM, etc.) into one detection platform and provides you with IR & threat hunting work benches, empowering organizations to proactively detect and thwart attacks on their critical data systems before damage is done. Instead of overwhelming security teams with countless false alarms, Aella intelligently uses multiple Machine Learning techniques to cut through the noise and deliver high-fidelity alerts that enable fast, effective responses, reducing detection and response time from months to minutes. With Aella it’s like having a relentless virtual security assistant on your team.

  • Anomali
    Booth: 308

    Anomali delivers earlier detection and identification of adversaries in your organizations network by making it possible to correlate tens of millions of threat indicators against your real time network activity logs and up to a year or more of forensic log data. Anomali’s approach enables detection at every point along the kill chain, making it possible to mitigate threats before material damage to your organization has occurred.

  • Apricorn
    Booth: 318

    Founded in 1983, Apricorn designs, manufactures, and supports storage innovations with your data’s security as our top priority. Our unique, patented approach is centered on being 100% hardware-encrypted, software-free, and cross-platform compatible. Trusted by numerous state, national, and international governments, as well as small and large corporations alike, Apricorn delivers advanced data security innovations designed to address today’s threats, as well as tomorrow’s.

  • ARMA NW Region
    Booth: 500

    THIS IS YOUR ARMA!  The Association of Records Managers and Administrators (ARMA) is the leading international not-for-profit association for Records Management and Information Governance, comprised of approximately 27,000 professionals in this field with chapters across the US, Canada, and internationally.  Do you need guidance on records policy, compliance, and operations?  We are here to help connect you with local professionals for networking, educational session, vendor contacts, meet-ups, and collaboration.

    Bellevue Eastside Chapter
    The Bellevue Chapter serves the greater eastside members providing opportunities for RIM professionals to connect and collaborate.  RIM and IG areas include Utilities, Legal, Medical, Banking, Software, Engineering, Government, Energy, and Telecommunications.

  • HPE Aruba Networking
    Booth: 404

    At Aruba, a Hewlett Packard Enterprise company, we believe the most dynamic customer experiences happen at the Edge—an office, a hospital, a school, or at home. It’s anyplace work gets done and data is generated by users, devices, and things across your network. Our mission is to help customers capitalize on these opportunities by providing secure edge-to-cloud networking solutions. We use AI-based machine learning to deliver simpler, faster, and more automated networks that analyze data to help businesses thrive.

  • BitSight
    Booth: 436

    BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog, or follow @BitSight on X.

  • Bradford Networks
    Booth: 300

    Bradford Networks, a Fortinet Company, is leading the transformation of network security through visibility, control and response. The company continues to provide proven expertise in achieving tangible security improvements to enterprises worldwide.

    Trusted by more than 1,000 customers, Bradford Network’s Network Sentry addresses a wide variety of use cases providing end-to-end network visibility, dynamic network access control and automated threat response, the three critical aspects of network security.

  • NETSCOUT Arbor
    Booth: 304

    For 15 years, the world’s leading network operators across ISP, cloud and enterprise markets have relied on NETSCOUT Arbor for traffic visibility, advanced threat detection and DDoS mitigation. Through a combination of market-leading technology, elite security research, intuitive workflows and powerful data visualizations, NETSCOUT Arbor allows you to efficiently connect the dots to understand attack activity and to take action with confidence. See the threat, understand the risk and protect your business with NETSCOUT Arbor.

  • Carbon Black
    Booth: 420

    Carbon Black is Transforming Security Through Big Data and Analytics in the Cloud Growing trends in mobility and cloud have made the endpoint the new perimeter. New and emerging attacks are beating traditional defenses, and security teams are too reactive and held back by their technologies. Carbon Black is leveraging the power of big data and analytics to solve the challenges surrounding endpoint security. With the Cb Predictive Security Cloud platform, we are transforming cybersecurity to deliver a new generation of cloud-delivered security solutions designed to protect against the most advanced threats.

     

  • Check Point Software Technologies
    Booth: 225 / OP: 422

    Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • CI Security
    Booth: 512

    CI Security provides Managed Detection & Response services, combining purpose—built technology with expert security analysts to perform full-cycle threat detection, investigation, response, and recovery. With clients across healthcare, public sector, and financial services, CI Security’s technology platform, Security Operations Center, and Information Security consulting services minimize the impact of security breaches, and add significant value to existing internal IT teams.

  • Cloud Security Alliance (CSA)
    Booth: 502

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Comodo Cybersecurity
    Booth: 210

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • CrowdStrike
    Booth: 414

    CrowdStrike sets the standard for cybersecurity in the cloud era. The CrowdStrike Falcon® platform protects and enables the people, processes, and technologies that drive modern enterprise, delivering superior protection, better performance, reduced complexity, and immediate time-to-value. CrowdStrike secures the most critical areas of enterprise risk—endpoints and cloud workloads, identity, and data—to keep organizations ahead of today’s adversaries and stop breaches.

  • CTIN
    Booth:

    CTIN has been providing high tech crime fighting training since 1996 in the areas of high-tech security, investigation, and prosecution of high-tech crimes for both private and public sector security and investigative personnel and prosecutors. CTIN sponsors training from experts world-wide for the benefit of private organizations and law enforcement agencies.

  • CyberArk Software
    Booth: 216

    CyberArk (NASDAQ: CYBR) is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including 50 percent of the Fortune 500, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.

  • Cylance
    Booth: 434

    Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.

  • Darktrace
    Booth: 310

    Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.

    The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.

  • Dasher Technologies
    Booth: 212

    Dasher Technologies, Inc. ® is a premier IT solution provider that delivers expert technical resources along with trusted account executives to architect and deliver complete IT solutions and services to help our clients execute their goals, plans and objectives.

  • Datec
    Booth: 326

    Datec is a locally owned, leading provider for network and data solutions in the Pacific Northwest. Since 1975 Datec has assisted its enterprise partners with dynamic technology solutions for application availability, power, storage, backup and recovery, mobile, and networking solutions across the IT landscape. Providing data center solutions, LAN, WAN and VPN, application optimization, global availability, IT Cost Visibility, security, compliance and wireless applications as part of our forte.

    Datec is a privately owned value added reseller. Our business is our customers and our strength is our diversely talented staff that serves to be the best in the business.  We stake our reputation on the solutions we bring to you, as well as the leading names behind them to be your partner throughout.

  • DirectDefense
    Booth: 346

    Founded in 2011, DirectDefense offers security services that are unmatched within the industry. Our core strength is our deep experience in performing assessments for a wide array of networks, platforms, and applications. Our seasoned consultants are focused on providing world-class security services to our clients.

    Regardless of industry – financial, insurance, retail, hospitality, healthcare, education, gaming, technology, or energy and utilities, our wealth of knowledge and experience can assist you in achieving your security testing and strategy goals.

  • Duo
    Booth: 320

    Duo was founded with the belief that security can only be effective if it is easy to use. Through that vision, Duo has built a world-class security platform that is actually enjoyable to use. Duo supports thousands of customers and millions of users in organizations like Accenture, Boston Medical, Emblem Health, Facebook, Toyota, Twitter, Virginia Tech, Yelp and others, and enjoys the highest NPS score in the industry.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Endace
    Booth: 220

    Customers choose Endace products for one primary reason: they deliver, where competitor products fail. Whether it is capture accuracy, fidelity of time stamps, write-to-disk performance or speed of traffic retrieval, Endace is famous for delivering the very best performing products. Telcos, broadcasters, governments, defence departments, investment banks and many other large enterprises trust our products to help them manage their critical data networks.

  • ExtraHop
    Booth: 508

    ExtraHop is a force multiplier for IT teams struggling with increasing complexity. With the ExtraHop platform, organizations can regain control over the security and performance of their applications and infrastructure, and capitalize on their data analytics opportunity to improve business operations and results. Learn more at www.extrahop.com

  • Fidelis Cybersecurity
    Booth: 312 / OP: 406

    Fidelis Cybersecurity is a leading provider of threat detection, hunting and response solutions. Fidelis combats the full spectrum of cyber-crime, data theft and espionage by providing full visibility across hybrid cloud / on-prem environments, automating threat and data theft detection, empowering threat hunting and optimizing incident response with context, speed and accuracy.

    By integrating bi-directional network traffic analysis across your cloud and internal networks with email, web, endpoint detection and response, and automated deception technology, the Fidelis Elevate platform captures rich metadata and content that enables real-time and retrospective analysis, giving security teams the platform to effectively hunt for threats in their environment. Fidelis solutions are delivered as standalone products, an integrated platform, or as a 24×7 Managed Detection and Response service that augments existing security operations and incident response capabilities. Fidelis is trusted by Global 1000s and Governments as their last line of defense. Get in the hunt. For more information go to www.fidelissecurity.com.

  • FireMon
    Booth: 402

    FireMon is the only agile network security policy platform for hybrid cloud enterprises. FireMon delivers persistent network security for multi-cloud environments through a powerful fusion of real-time asset visibility, compliance and automation. Since creating the first-ever network security policy management solution, FireMon has delivered command and control over complex network security infrastructures for more than 1,700 customers located in nearly 70 countries around the world. For more information, visit www.firemon.com.

  • FireEye
    Booth: 424

    FireEye (https://www.fireeye.com/) is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 7,100 customers across 67 countries, including more than 45 percent of the Forbes Global 2000.

  • Fortinet
    Booth: 232

    Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.

  • Gemalto
    Booth: 418

    Today’s enterprises depend on the cloud, data and software to make decisive decisions. That’s why the most respected brands and largest organizations in the world rely on Thales to help them protect their most sensitive information and software wherever it is created, accessed or stored – from the cloud and data centers to devices and across networks. As the global leader in cloud and data protection, our solutions enable organizations to move to the cloud securely, achieve compliance with confidence, and create more value from their software in the devices and services used by millions of consumers every day.

  • Gigamon
    Booth: 226

    Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com. 

  • Illusive Networks
    Booth: 340

    Illusive Networks is a pioneer of deception technology, empowering security teams to take informed action against advanced, targeted cyberattacks by detecting and disrupting lateral movement toward critical business assets early in the attack life cycle. Agentless and driven by intelligent automation, Illusive technology enables organizations to significantly increase proactive defense ability while adding almost no operational overhead. Illusive’s Deceptions Everywhere® approach was conceived by cybersecurity experts with over 50 years of combined experience in cyber warfare and cyber intelligence. With the ability to proactively intervene in the attack process, technology-dependent organizations can preempt significant operational disruption and business losses, and function with greater confidence in today’s complex, hyper-connected world.

  • Imperva
    Booth: 408

    Imperva is a leading provider of data and application security solutions that protect business-critical information in the cloud and on-premises. Cybercriminals constantly change their tactics. But what they are after, and how they ultimately make money, doesn’t change. They are after data. They make their money through extortion, via DDoS and ransomware, and through theft via data breaches. Today, data and applications are the fundamental assets of any enterprise. Data are the intellectual property and apps are what run the business. Imperva has a singular purpose: protect these critical assets from the ever-changing attacks of the cybercrime industry.

  • Infoblox
    Booth: 352

    Infoblox delivers modern, cloud-first networking and security experiences that are simple, automated, scalable and reliable. The company is the market leader with over 12,000 customers worldwide, including over 70 percent of the Fortune 500. The company’s portfolio of SaaS, data center, and hybrid offerings for DHCP, DNS, IPAM and security solutions enable organizations to leverage the advantages of on-premises and cloud-first architectures. The combination of NIOS, BloxOne DDI, BloxOne Threat Defense and threat intelligence services provide a robust foundation for connecting and securing the modern enterprise.

  • IntSights
    Booth: 426

    IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the open, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world.

  • Institute of Internal Auditors (IIA)
    Booth:

    Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.

  • Washington State InfraGard
    Booth: 338

    InfraGard is a partnership of individuals representing businesses, academic institutions, state and local law enforcement agencies, and communities who are dedicated to collaborating and sharing information to prevent hostile acts against the United States.

    The Evergreen InfraGard Members Alliance area of operation is Washington State and over 600 members. As part of the Western Region, we work closely with the IMAs in Los Angeles, San Diego, Oregon, and Idaho. Our chapter’s mission is, “To protect Washington State’s Infrastructure and critical services by providing a secure platform and trusted community to share experiences and information.”

  • ISACA
    Booth: 506

    As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

  • ISC2
    Booth:

    ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, ISC2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation, The Center for Cyber Safety and Education™.

  • ISSA Puget Sound Chapter
    Booth: 510

    ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. Join today.

  • Ixia, a Keysight Business
    Booth: 334

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Janrain
    Booth: 341

    Founded in 2002 in Portland, Oregon, Janrain is the creator of the first customer identity and access management (CIAM) solution. Janrain is also the inventor of social login and a founding member of the OpenID Foundation—establishing many of the digital authentication protocols used globally today. Janrain continues to lead the CIAM market today, with over half of the world’s connected users within its Identity Cloud network.

  • Jask
    Booth: 330

    JASK was founded in 2016 and is headed by industry leaders with decades of experience solving real-world SOC issues.

    With a mission to address the security gaps that restrict security modernization efforts, JASK’s world-class engineering and data science teams apply decades of hands-on experience to drive advancements in autonomous SOC technology.

    Backed by Battery Ventures, Dell Technology Ventures, TenEleven and Vertical Venture Partners, JASK is modernizing SOC operations for companies across the financial services, telecommunications, healthcare and government industries.

  • Juniper
    Booth: 326 / OP: 228

    Our customers don’t set out to build networks. They build on ideas that reinvent, reimagine, and improve the world around them. It makes sense that we should begin there, too.

    Through our passion for creating high-performing networks, Juniper extends knowledge, collaboration, and human advancement in industries around the world—such as energy, healthcare, education, and many others.

    While our innovative product and services portfolio evolves continuously, we need to reach farther to secure our customers’ long-term success. We’re looking beyond the horizons of today’s business challenges, and the technology future we see is built on real-time service integration. That means everything we develop must align with our vision.

  • Lastline
    Booth: 354

    Lastline delivers innovative AI-powered network security that detects and defeats advanced threats entering or operating within a network. We protect network, email, cloud, and web infrastructures, minimizing the risk of damaging and costly data breaches with fewer resources and at lower cost.

  • LogRhythm
    Booth: 428

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • Malwarebytes
    Booth: 302

    Malwarebytes secures endpoints, making workplaces resilient. Our adaptive attack protection predicts and detects attacks with multi-layer detection across the kill chain. We enable active threat response with machine learning that is actionable and automated, allowing for full recovery when a compromise occurs. We empower enterprise endpoint orchestration across siloed IT and Security organizations, simplifying security management and making responses effective. Malwarebytes makes endpoints resilient so workplaces can protect and remediate, and employees can regain control of their digital lives. Visit us at www.malwarebytes.com/business.

  • Mimecast
    Booth: 324

    Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.

  • New Tech Seattle
    Booth:

    Seattle’s largest ongoing monthly event with more than 5,600 members. New Tech Seattle is the place where you’ll always make great connections, enjoy great food and drinks, learn about new companies doing cool things, laugh, smile, and have a fun night out. And most importantly, you’ll discover the people, partners, organizations, and resources to help you to build your dreams.

    It’s your community, we just love it and give everyone a place to play together. New Tech Seattle happens on the 2nd or 3rd Tuesday of every month. You can also join us on the 1st or 2nd Tuesday of every month at New Tech Eastside if you spend more time in Kirkland, Bellevue, Redmond, and the surrounding cities.

  • Northwest Tech Alliance (NWTA)
    Booth:

    The Northwest Tech Alliance (NWTA) is an independent technology association dedicated to bringing together some of the brightest minds from the technology industry.
    NWTA events are focused on helping attendees:
    · Network with other technology industry professionals
    · Provide education and information relative to the latest technologies and industry trends
    · Generate opportunities for personal, professional and business growth
    · Promote the Puget Sound area as a desirable place to start and grow successful technology companies
    · Learn about local food/chefs, wineries, breweries, and distilleries
    · Support local businesses and give back to the community
    · Build lifelong relationships

  • Okta
    Booth: 216

    Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.

  • Online Trust Alliance (OTA)
    Booth:

    The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust, while promoting innovation and the vitality of the internet. OTA’s goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users’ security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, meaningful self-regulation and data stewardship.

  • Optiv
    Booth: 400-436, 231-2

    Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.

  • Palo Alto Networks
    Booth: 306

    Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before.

  • Ping Identity
    Booth: 356

    Ping Identity delivers intelligent identity solutions for the enterprise. We enable companies to achieve Zero Trust identity-defined security and more personalized, streamlined user experiences.

  • Pluribus Networks
    Booth: 202

    Pluribus Networks delivers a programmable software-defined security fabric with a distributed architecture to integrate and orchestrate multiple security functionalities for internal security protections. The Fabric enables establishing a transparent and secure control layer to segment and control all traffic across the enterprise independent of the underlying physical network infrastructure. The Fabric enables network virtualization and segmentation with adaptive security policies, enables security service insertion and provides real-time visibility to identify emerging threats and speed cyber incident response.

  • Preempt Security
    Booth: 322

    Preempt delivers a modern approach to authentication and securing identity in the Enterprise. Using patented technology for Conditional Access, Preempt helps Enterprises optimize Identity hygiene and stop attackers and insider threats in real-time before they impact business. Preempt continuously detects and preempts threats based on identity, behavior and risk across all cloud and on-premises authentication & access platforms. This low friction and more prescriptive approach empowers security teams more visibility & control over accounts and privileged access, achieve compliance and auto-resolve incidents. Learn more:  www.preempt.com.

  • Qualys, Inc.
    Booth: 206

    Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 120 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

  • Radware
    Booth: 218

    Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.

  • SailPoint
    Booth: 416

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • SecureAuth
    Booth: 432

    SecureAuth enables the most secure and passwordless, continuous authentication experience for everyone, everywhere. The patented AI/ML technology allows frictionless access to any file and any application across your heterogenous environment. The platform extends the security of your IdP or it can be used as an end-to-end solution.

  • SentinelOne
    Booth: 332

    SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.

  • Sila Solutions Group
    Booth: 222

    Sila (SEE-la) is a North American technology and management consulting firm that provides lasting and substantial business solutions to the world’s leading corporations and U.S. government agencies. At Sila, we view our clients as partners and actively collaborate with them to shape opportunities to achieve long-term success and make a significant contribution to the world. Our team brings broad and deep experience, global perspective, and entrepreneurial spirit to all client engagements. We share knowledge with our clients and partners, and come together to devise and execute creative, impactful strategies that are one step ahead of the forces shaping the technology landscape. We apply our values to everything we do and focus on building sustainable, trusted relationships.

  • Skybox Security
    Booth: 204

    Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.

  • Splunk
    Booth: 410

    You see servers and devices, apps and logs, traffic and clouds. We see data—everywhere. Splunk® offers the leading platform for Operational Intelligence. It enables the curious to look closely at what others ignore—machine data—and find what others never see: insights that can help make your company more productive, profitable, competitive and secure. What can you do with Splunk?
    Just ask.

  • SSH Communications Security
    Booth: 230

    As the inventor of the SSH protocol, we have a twenty-year history of leading the market in developing advanced security solutions that enable, monitor, and manage encrypted networks. Over 3,000 customers across the globe trust the company’s encryption, access control and encrypted channel monitoring solutions to meet complex compliance requirements, improve their security posture and save on operational costs. SSH Communications Security is headquartered in Helsinki and has offices in the Americas, Europe and Asia. The company’s shares (SSH1V) are quoted on the NASDAQ OMX Helsinki. For more information, visit www.ssh.com

  • Spirion
    Booth: 272

    Spirion is a leading enterprise data management software solution that provides high-precision searches and automated classification of unstructured and structured data with unparalleled accuracy.  Spirion helps businesses reduce their sensitive data footprint and proactively minimize risks, costs and reputational damage of cyberattacks by discovering, classifying, monitoring and protecting sensitive data.

  • Symantec
    Booth: 430

    Symantec is the world’s leading cyber security company. Organizations worldwide look to Symantec for strategic, integrated solutions to defend against sophisticated attacks, and more than 50 million people rely on Symantec’s Norton and LifeLock product suites to protect their digital lives at home. For more information, please visit www.symantec.com.

  • Structured
    Booth: 306

    Structured is an award-winning solution provider delivering secure, cloud-connected digital infrastructure. For nearly 30 years, we’ve helped clients through all phases of digital transformation by securely bridging people, business and technology.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tenable
    Booth: 331

    Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

  • Thales
    Booth: 328

    As the global leader in cloud and data protection, we help the most trusted brands and largest organizations in the world protect their most sensitive data and software, secure the cloud and achieve compliance through our industry-leading data encryption, access management, and software licensing solutions.

  • Tools4ever
    Booth: 234

    Tools4ever is one of the largest vendors in Identity Governance & Administration (also known as Identity & Access Management) with more than 5 million managed user accounts.

    Since 1999 Tools4ever has developed and delivered several software solutions and consultancy services such as User Provisioning, Downstream Provisioning, Workflow Management, Employee Self-Service and Access Governance (RBAC). In the area of Password Management, Tools4ever offers Single Sign-On and Self-Service Password Reset among others.

    Tools4ever’s Identity Governance & Administration (IGA) solutions are installed in organizations from various sectors ranging in size from 300 to over 200,000 user accounts.

  • Trend Micro
    Booth: 316

    Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.

  • Trustwave
    Booth: 336

    Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries.

  • Tufin
    Booth: 238

    As the market leader of award-winning Security Policy Orchestration solutions, Tufin provides enterprises with the ability to streamline the management of security policies across complex, heterogeneous environments. With more than 2,000 customers, Tufin automatically designs, provisions, analyzes and audits network security configuration changes – from the application layer down to the network layer – accurately and securely. It assures business continuity with a tight security posture, rapid service delivery and regulatory compliance across physical, private, public and hybrid cloud environments.

  • University of Washington
    Booth: 240

    The Office of the Chief Information Security Officer (CISO) promotes a culture of shared responsibility to safeguard personal and institutional data. Services are designed to assist the UW community by monitoring, analyzing, and forecasting threats to information assets, advising on risk management and on contracts related to data security, providing in-person and online education, consulting on incident management, and developing and managing University policies related to information security.

  • Vectra
    Booth: 314

    Vectra® is the leader in hybrid cloud threat detection and response. Vectra’s patented Attack Signal Intelligence detects and prioritizes threats across public cloud, SaaS, identity, and networks in a single platform. Vectra’s Attack Signal Intelligence goes beyond simple anomaly detection to analyze and understand attacker behavior. The resulting high-fidelity signal and deep context enables security operations teams to prioritize, investigate and respond to cyber-attacks in progress sooner and faster. Organizations worldwide rely on the Vectra platform and MDR services to stay ahead of modern cyber-attacks. Visit www.vectra.ai.

  • WhiteHat Security
    Booth: 514 / OP: 231

    Digital life consists of digital experiences, and applications drive these digital experiences. The only way enterprises can truly provide safe digital experiences to their customers, partners, employees and entire ecosystem, is by securing the applications at the heart of their business.

    WhiteHat exists to make this possible. The WhiteHat Application Security Platform enables enterprises to secure their digital businesses. From application creation through production, and from the desktop to mobile devices, we secure the apps that people rely on in their personal and professional lives.

  • WhiteSource
    Booth: 516

    WhiteSource is the pioneer of open source security and license compliance management. Founded in 2011, its vision is to empower businesses to develop better software by harnessing the power of open source. WhiteSource is used by more than 800 customers worldwide, from all verticals and sizes, including 23% of Fortune 100 companies, as well as industry leaders such as Microsoft, IBM, Comcast, and many more. For more information, please visit www.WhiteSourceSoftware.com.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Rebecca Herold
    CEO, The Privacy Professor; CEO, Privacy & Security Brainiacs

    Rebecca Herold has more than 30 years of security, privacy, and compliance experience. She is founder of The Privacy Professor Consultancy (2004) and of Privacy & Security Brainiacs SaaS services (2021) and has helped hundreds of clients throughout the years. Rebecca has been a subject matter expert (SME) for the National Institute of Standards and Technology (NIST) on a wide range of projects since 2009, including: seven and a half years leading the smart grid privacy standards creation initiative, and co-authoring those informative references and standards; two years being a co-author of and a SME member of the team that created the Privacy Framework (PF) and associated documents; and three years as a SME team member, and co-author of the Internet of Things (IoT) technical and non-technical standards and associated informative references; and performing throughout the years proof of concept (PoC) tests for a variety of technologies, such as field electricity solar inverters, PMU reclosers, and associated sensors. Rebecca has served as an expert witness for cases covering HIPAA, privacy compliance, criminals using IoT devices to track their victims, stolen personal data of retirement housing residents, tracking apps and website users via Meta Pixels and other tracking tech, and social engineering using AI. Rebecca has authored 22 books, and was adjunct professor for nine and a half years for the Norwich University MSISA program. Since early 2018, Rebecca has hosted the Voice America podcast/radio show, Data Security & Privacy with the Privacy Professor. Rebecca is based in Des Moines, Iowa, USA. www.privacysecuritybrainiacs.com

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Steve Brown
    The Bald Futurist, Former Chief Evangelist and Futurist, Intel

    Steve Brown is an energetic speaker, author, strategist, and advisor with over 30 years of experience in high tech. Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.

    Steve is passionate about helping people to imagine and build a better future. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better.

    Steve speaks and writes in plain language on how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges. His new book, Hacking Reality, will be published later this year. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets.

  • speaker photo
    Dan Lohrmann
    CSO, Security Mentor; Former CISO, State of Michigan

    Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker, and author. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington D.C. to Moscow. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. In 2017, Dan was awarded the cybersecurity breakthrough CISO of the year for global security products and services companies.

    He led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO), and Chief Information Security Officer (CISO) roles in Michigan.

    Dan currently serves as the CSO and Chief Strategist for Security Mentor, Inc., where he leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting, and workshops for end-users, managers, and executives in the public and private sectors. He has advised senior leaders at the White House, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses, and non-profit institutions.

    Dan has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

    He is the author of two books: "Virtual Integrity: Faithfully Navigating the Brave New Web" and "BYOD For You: The Guide to Bring Your Own Device to Work." He is the co-author of the upcoming (November 2021) Wiley book, "Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from the Inevitable."

    Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

  • speaker photo
    Ernie Hayden
    Founder & Principal, 443 Consulting LLC

    Ernie Hayden is the Founder and Principal of 443 Consulting LLC. He holds a CISSP, CEH, GICSP (Gold), and PSP. Ernie's consulting experience includes work on every continent except Antarctica.

  • speaker photo
    Kevin Murphy
    Business Information Security Officer (BISO), T-Mobile USA

    Kevin has more than 25 years of experience in threat intelligence and information security. He was the VP of cybersecurity operations and governance at IOActive.com, a retired NSA intelligence officer, the former director of Windows security architecture at Microsoft, and shipped Windows 10 (not by myself). He holds the CISM, CISSP, CGEIT security certifications.

  • speaker photo
    Scott M. Giordano
    VP, Corporate Privacy, and General Counsel, Spirion

    Scott M. Giordano is an attorney with more than 25 years of legal, technology, and risk management consulting experience. IAPP Fellow, CISSP, CCSP, Scott is also former General Counsel at Spirion LLC, where he specialized in global data protection, tech, compliance, investigations, governance, and risk. Scott is a member of the bar in Washington state, California, and the District of Columbia.

  • speaker photo
    Craig Spiezle
    Founder & President, AgeLight Advisory & Research Group

    Craig Spiezle is the founder and managing partner of AgeLight Advisory Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.

  • speaker photo
    Steve Brown
    The Bald Futurist, Former Chief Evangelist and Futurist, Intel

    Steve Brown is an energetic speaker, author, strategist, and advisor with over 30 years of experience in high tech. Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.

    Steve is passionate about helping people to imagine and build a better future. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better.

    Steve speaks and writes in plain language on how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges. His new book, Hacking Reality, will be published later this year. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets.

  • speaker photo
    Craig Spiezle
    Founder & President, AgeLight Advisory & Research Group

    Craig Spiezle is the founder and managing partner of AgeLight Advisory Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.

  • speaker photo
    Bhuvaneswari Ramkumar
    Engineering Team Lead and Product Owner, GE Digital

    Bhuvana is a product leader in the field of IoT security. She has a decade of experience both in enterprise companies and startups, wearing engineering as well as product hats. In her current leadership avatar, she leads a team that has built and shipped a variety of IIoT security applications.

  • speaker photo
    Eric Wong
    Security Engineer, West, Comodo

    Eric Wong is an experienced security engineer with 15 years in the security industry. He has worked with many different security technologies and F-500 clients over the years, focusing on architecting and deploying secure environments. Eric brings the unique expertise of working on both sides of the isle, from the client-side practitioner role to representing and implementing security technologies. He has a deep understanding and focus on endpoint security and last but not lease, a love for all things with a motor!

  • speaker photo
    Craig Schippers
    Principal Engineer, Trend Micro, Inc.

    Craig Schippers is a CISSP Certified Principal Sales Engineer at Trend Micro. He has worked in the Security Industry for approximately 17 years assisting customers with their Infrastructure Security needs. He lives in the Kettle Falls, WA.

  • speaker photo
    Barbara Endicott-Popovsky
    Executive Director, Center for Information Assurance and Cybersecurity, University of Washington

    Barbara Endicott-Popovsky, Ph.D., is Executive Director of the Center for Information Assurance and Cybersecurity at the University of Washington, recently re-designated by NSA/DHS as a Center of Academic Excellence in Cyber Defense Education, headquartered at UW Bothell, and a Center of Academic Excellence in Research, headquartered at the APL (Applied Physics Lab). She is a Principal Research Scientist at APL; an Affiliate Professor at UW Bothell’s Department of Computer Science and Systems and UW Seattle’s Department of Urban Planning and Management for the Master of Infrastructure Planning and Management, and adjunct faculty at University of Hawaii Manoa’s Department of Information and Computer Science. She was named Department Fellow at Aberyswyth University Wales (2012). Her academic career follows a 20-year career in industry marked by executive and consulting positions in IT architecture and project management.

  • speaker photo
    Ron Winward
    Security Evangelist, North America, Radware

    As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America.
    Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
    Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
    Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
    Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation.

  • speaker photo
    Vanessa Pegueros
    Board Member, Cybersecurity Leader, Angel Investor

    Vanessa is a cybersecurity leader with over 16 years of security experience. She is currently serving on the Board of Carbon Black (CBLK) and BECU. She also is a venture partner with Flying Fish Partners in Seattle. Vanessa formally worked as the CISO at DocuSign and successfully managed through hyper growth and an IPO in 2018. She also was the SVP of Enterprise Security at US Bank, CISO at Expedia, and has held senior level security roles with Washington Mutual, Cingular, and AT&T Wireless. She has held numerous other roles specifically within the wireless arena, including Network Planning, Architecture & Engineering, Technical Sales, and Product Development.

    She has an MBA from Stanford University, an MS in Telecommunication from the University of Colorado, and a BS in Engineering from UC Berkeley. She holds GSEC, CRISC, CISM, and CISSP security certifications, as well as the Certified Information Privacy Professional Europe (CIPP/E) privacy certification.

  • speaker photo
    David Cardwell
    Client Solutions Advisor, Optiv

    David Cardwell is a client solutions advisor in Optiv’s major accounts team. In this role he specializes in aligning information security solutions that enable an organization to meet their current and future goals. David has more than 13 years of experience in information security, ranging from frontline support, consulting, and security architecture. Combining his background in consulting and participation in several subject matter expert groups, he has experience in several environments and solutions deployed for all verticals and needs. David gives clients an unbiased opinion fueled by his honest approach and drive for providing the best solution to a problem.

    David earned an Associates of Applied Science in computer networking from Linn State Technical College, and a Bachelor’s of Science in Information Technology from Central Missouri State University. He has held numerous industry certifications including CISSP, CCNP, and CCDA.

  • speaker photo
    Tyler Tate
    Sr. Systems Engineer, Palo Alto Networks
  • speaker photo
    Aimee Larsen Kirkpatrick
    Global Communications Officer, Global Cyber Alliance

    Aimée Larsen Kirkpatrick is the Global Communications Officer for the Global Cyber Alliance (GCA), where she is responsible for strategic communications for the international nonprofit. Prior to GCA she was President of ALK Strategies, a communication and public affairs consulting practice. Aimée was formerly with the National Cyber Security Alliance (NCSA), where among other programs, she led the development of the successful STOP. THINK. CONNECT public cybersecurity awareness campaign and the San Diego Securing Our eCity Model City project. Aimée was a 2012 Executive Women’s Forum Women of Influence Award recipient. She has a BA from Washington State University.

  • speaker photo
    Wayne Tynes
    Sr. Sales Engineer, Mimecast

    Wayne Tynes is a Sr. Sales Engineer at Mimecast and has been designing solutions on Microsoft’s enterprise software stack for over 20 years, including working for Microsoft as a field sales engineer and SharePoint product manager. Wayne spent 5 years as a Solutions Architect at Avanade and was responsible for their Managed Services business in the Southwestern US. Wayne specializes in providing the type of strategic guidance that clients need when navigating a security landscape that now includes IaaS, PaaS, SaaS and UCaaS options. He has an MIS degree from Florida State University, is a Microsoft Certified Trainer, Microsoft Certified Professional and author of Wiley’s SharePoint Bible as well as other technical publications.

  • speaker photo
    Pratik Lotia
    Security Engineer III, Charter Communications

    Pratik Lotia is a Security Engineer at Charter Communications, responsible for developing new architectures related to firewalls, IDS/IPS, and botnet detection.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Steve Brown
    The Bald Futurist, Former Chief Evangelist and Futurist, Intel

    Steve Brown is an energetic speaker, author, strategist, and advisor with over 30 years of experience in high tech. Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.

    Steve is passionate about helping people to imagine and build a better future. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better.

    Steve speaks and writes in plain language on how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges. His new book, Hacking Reality, will be published later this year. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets.

  • speaker photo
    Dan Lohrmann
    CSO, Security Mentor; Former CISO, State of Michigan

    Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker, and author. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington D.C. to Moscow. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. In 2017, Dan was awarded the cybersecurity breakthrough CISO of the year for global security products and services companies.

    He led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO), and Chief Information Security Officer (CISO) roles in Michigan.

    Dan currently serves as the CSO and Chief Strategist for Security Mentor, Inc., where he leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting, and workshops for end-users, managers, and executives in the public and private sectors. He has advised senior leaders at the White House, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses, and non-profit institutions.

    Dan has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

    He is the author of two books: "Virtual Integrity: Faithfully Navigating the Brave New Web" and "BYOD For You: The Guide to Bring Your Own Device to Work." He is the co-author of the upcoming (November 2021) Wiley book, "Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from the Inevitable."

    Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

  • speaker photo
    Happy Hour
  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Steve Brown
    The Bald Futurist, Former Chief Evangelist and Futurist, Intel

    Steve Brown is an energetic speaker, author, strategist, and advisor with over 30 years of experience in high tech. Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.

    Steve is passionate about helping people to imagine and build a better future. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better.

    Steve speaks and writes in plain language on how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges. His new book, Hacking Reality, will be published later this year. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets.

  • speaker photo
    Dan Lohrmann
    CSO, Security Mentor; Former CISO, State of Michigan

    Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker, and author. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington D.C. to Moscow. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. In 2017, Dan was awarded the cybersecurity breakthrough CISO of the year for global security products and services companies.

    He led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO), and Chief Information Security Officer (CISO) roles in Michigan.

    Dan currently serves as the CSO and Chief Strategist for Security Mentor, Inc., where he leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting, and workshops for end-users, managers, and executives in the public and private sectors. He has advised senior leaders at the White House, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses, and non-profit institutions.

    Dan has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

    He is the author of two books: "Virtual Integrity: Faithfully Navigating the Brave New Web" and "BYOD For You: The Guide to Bring Your Own Device to Work." He is the co-author of the upcoming (November 2021) Wiley book, "Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from the Inevitable."

    Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

  • speaker photo
    Kristopher Dane
    Director of Digital Design, Thornton Tomasetti

    Kristopher is the Director of Digital Design based out of the Seattle office of Thornton Tomasetti, an international structural engineering firm. Kris has 11 years of experience managing teams, administering technology, and developing custom tools to support the design of over 5 million square feet of structures around the world. In collaboration with the CIO, CTO, and business practice leaders, Kris oversees a group of staff guiding the implementation of BIM tools to improve structural workflows and strategic investment in future technology. Kris has also supported the sustainability practice through the development of Passive House Modeling Simulation tools. In his doctoral work at the George Washington University, Kris studied the influence of building geometry on active shooter events and is currently working to incorporate such simulations into the building design process.

    Dr. Dane will present his doctoral research, for which the abstract is as follows:
    Current building standards for protective design focus on a “fortress” approach that does not effectively protect against contemporary attack vectors such as active shooters. Furthermore, these standards provide little guidance to private building owners whose facilities are increasingly targeted by “active shooters.” This study combines the NetLogo agent-based modeling platform with the Autodesk Revit building design software to test key building geometry configurations for their impact on active shooter event casualties. The findings show that overall building geometry has an effect on active shooter casualties and that modifications to interior door alignment and the addition of direct exit doors can reduce the casualties in active shooter events. This research provides guidance to building designers who want to mitigate the risk of active shooter events with their building designs.

  • speaker photo
    Bruce Lobree
    Security & Privacy Information Systems Leader, Philips

    Bruce Lobree has participated in and managed technical security, technical architecture, audit and consulting, teams as a first level manager up to having Global responsibilities at an executive level managing multi-million programs. He has working experience in government, retail, financial, software and utility industries generating cost effective, client focused security solutions, operational models and programs to meet corporate and regulatory requirements. This has included architecting, designing, individually implementing or managing the implementation of physical and logical security systems and controls for reliability and availability. These programs have dealt with implementing various industry standards and regulatory requirements including HIPAA, SOX, PCI, GLBA and ISO 270001 and other National and International control standards. He has also authored books and taught at the University level.

  • speaker photo
    Eric Kapfhammer
    Founder and Executive Director, Metycus

    Eric Kapfhammer is a data scientist at Microsoft, where he focuses on applying statistical and machine learning approaches to computer and network security. Prior to joining Microsoft, Eric spent the previous decade in the quantitative trading space as a Managing Director and Portfolio Manager, leading teams of data scientists and software engineers. He has also worked in software engineering and program management roles at companies such as Starbucks, Expedia, and Boeing. Eric obtained a BA in Business and International Relations from the University of Puget Sound, a MSc in Finance from Seattle University, and is currently pursuing a MSc in Computer Science with a machine learning specialization at the Georgia Institute of Technology.

  • speaker photo
    Ashwin Patil
    Sr. Security Analyst , Microsoft

    Ashwin Patil currently works with Microsoft as Senior Security Analyst in Redmond, WA, with over nine years of Blue Team experience in security monitoring and Incident Response. His core work areas are security analytics, threat hunting using Big Data and SIEM technologies with strong interest in Data Science and Machine Learning to analyze security event data at large scale. He holds various certification such as SANS GCFE, GCIA, and GCIH.

  • speaker photo
    Zubaid Kazmi
    Sr. Manager and IAM Practice Lead, Sila

    Zubaid is a Sr. Manager and Identity and Access Management Practice Lead at Sila. With close to two decades of consulting experience, he has helped Fortune 500 organizations develop Identity and Access Management strategies and solutions. Zubaid has worked with clients across multiple industries, including financial services, telecommunications, transportation, and U.S. federal. He has a strong track record of successful IAM implementations and is a trusted advisor to numerous information security executives.

  • speaker photo
    Cathy Hall
    Sr. Manager and Cybersecurity Architect, Sila Solutions Group

    Cathy is a cybersecurity leader with 18 years of experience providing specialized IT Services to Fortune 500 companies and government agencies, specializing in Identity and Access Management, Information Security, Enterprise Applications and Business Process Management. Cathy brings a unique mix of Federal and Commercial cybersecurity experience, and uses her deep knowledge of NIST and other industry frameworks to drive security architectures.

  • speaker photo
    Steven Shalita
    Vice President, Marketing and Business Development, Pluribus Networks

    Steven Shalita has 20+ years of technology experience across the Enterprise, Cloud and Service Provider technology segments. He has market and technology expertise spanning across Cybersecurity, network security, forensics, SDN/NFV, and IT infrastructure. He has spent a considerable amount of time in the performance monitoring marker and was a key evangelist for adapting network monitoring technology for security use cases to identify zero-attacks. Steven is currently Vice President at Pluribus Networks and is a frequent featured speaker at leading industry events. He has held senior technology marketing leadership positions at NetScout, Check Point Software Technologies, Alcatel-Lucent, Cisco, and HP Networking.

  • speaker photo
    Jake Bernstein, Esq.
    Partner, Data Protection, Privacy & Security Group, K&L Gates LLP

    Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.

  • speaker photo
    Zoe Lindsey
    Customer Advocacy, Duo Security

    Zoe Lindsey is Duo Security’s Advocate Manager, where she educates and advises organizations with unique compliance challenges including the healthcare, government, and financial industries on strong security policy and best practices. She has been hooked on tech since getting her first Commodore 64 at age 10, and joined Duo with a background in cellular and medical technology.

  • speaker photo
    Brian Cady
    Principal Enterprise Security Architect, Providence St. Joseph Health

    Brian Cady has been working in the information technology industry for more than 20 years with an exceptionally broad background focusing on security, architecture and future technologies. Brian has held leadership positions for IBM and Microsoft along with banking, airline and gaming companies. He is currently leading the Security Strategy & Architect teams for one of the largest healthcare providers in the country and is pursuing a Master of Science degree in Information Systems Management through the University of Salford in Manchester England.

  • speaker photo
    Anne-Marie Scollay
    CISO, Axiom Law

    As CISO for Axiom Law, Anne-Marie leads the information security strategy for Axiom's products/services, corporation, and governance, risk and compliance (GRC). Prior to joining Axiom, she built out and oversaw the infrastructure and security for a Seattle-based SaaS startup and global multi-nationals. Anne-Marie has a passion for operational excellence and a knack for thinking strategically.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Jenifer Clark, Moderator
    Information Security & Compliance Engineer, Costco Wholesale

    Experienced Information Security Professional with a demonstrated history of working in the retail industry. Skilled in Operations Management, Sales, Management, Point of Sale (POS) / Fuel Systems, and Inventory Control. Strive to find ways information security can enable and support business and operations teams with solutions. Actively support public/private partnerships with local and federal agencies with emphases on infrastructure, cyber security and community outreach.

  • speaker photo
    Moderator: Michael T. Metzler
    Sr. Compliance Officer, CenturyLink Business

    Michael (CISSP, CGEIT, CISM) has over 35 years of industry experience delivering security consulting service internationally in security policy, security risk management, network design, and troubleshooting. He has designed global networks and provided security consultation for many corporations, as well as for U.S. Defense contractors and foreign government agencies. He currently provides Information Assurance Advisory and Consulting Services for CenturyLink Technology Solutions.

  • speaker photo
    Rebecca Herold
    CEO, The Privacy Professor; CEO, Privacy & Security Brainiacs

    Rebecca Herold has more than 30 years of security, privacy, and compliance experience. She is founder of The Privacy Professor Consultancy (2004) and of Privacy & Security Brainiacs SaaS services (2021) and has helped hundreds of clients throughout the years. Rebecca has been a subject matter expert (SME) for the National Institute of Standards and Technology (NIST) on a wide range of projects since 2009, including: seven and a half years leading the smart grid privacy standards creation initiative, and co-authoring those informative references and standards; two years being a co-author of and a SME member of the team that created the Privacy Framework (PF) and associated documents; and three years as a SME team member, and co-author of the Internet of Things (IoT) technical and non-technical standards and associated informative references; and performing throughout the years proof of concept (PoC) tests for a variety of technologies, such as field electricity solar inverters, PMU reclosers, and associated sensors. Rebecca has served as an expert witness for cases covering HIPAA, privacy compliance, criminals using IoT devices to track their victims, stolen personal data of retirement housing residents, tracking apps and website users via Meta Pixels and other tracking tech, and social engineering using AI. Rebecca has authored 22 books, and was adjunct professor for nine and a half years for the Norwich University MSISA program. Since early 2018, Rebecca has hosted the Voice America podcast/radio show, Data Security & Privacy with the Privacy Professor. Rebecca is based in Des Moines, Iowa, USA. www.privacysecuritybrainiacs.com

  • speaker photo
    Eva Benn
    Program Manager 2, Microsoft

    Eva Benn is a Program Manager at Microsoft, responsible for coordinating some of the enterprise’s most critical governance, risk and compliance (GRC) efforts. With over 4 years of consulting experience, Eva brings a strong background GRC and Cyber program development, 3rd party risk management and RSA Archer technology solution enablement. Her expertise in various security domains has earned her multiple well-recognized certifications such as CISSP, CEH and CCSP. Eva is also a Board member of the ISACA Puget Sound Chapter and a repeated speaker at multiple information security and GRC industry events.

  • speaker photo
    Nick Butcher
    Sr. Engineering Program Manager, Security/GRC, Microsoft

    Nick is a senior program manager within the Digital Security and Risk Engineering group at Microsoft, where he is responsible for designing, developing, and deploying GRC (Governance, Risk, and Compliance) automation to support every division at the company. Focused on modernizing existing work efforts and building entirely new processes from the ground up, Nick specializes in breaking down industry silos within Microsoft to derive richer data insights for executive leadership. Nick has been an early member of the Open Compliance & Ethics Group (OCEG) and is a certified Governance, Risk, and Compliance Auditor (GRCA) through the same organization. In addition, Nick was a 2018 RSA Archer Excellence Award recipient and has a BA in Computer Engineering.

  • speaker photo
    Annie Searle
    Associate Teaching Professor, The Information School, University of Washington

    Annie teaches courses on risk management, cybersecurity, and information management at the University of Washington. She is founder and principal of ASA Risk Consultants, a Seattle-based advisory firm. She spent 10 years at Washington Mutual Bank, where for most of those years she chaired the crisis management team.

    Annie is a member of the DHS Cybersecurity and Infrastructure Security Agency (CISA) Region 10 Regional Infrastructure Security Group. She was inducted in 2011 into the Hall of Fame for the International Network of Women in Homeland Security and Emergency Management. She writes a column monthly for ASA News & Notes and is the author of several books or book chapters, most recently "Risk Reconsidered, " a collection of articles and columns published in July 2018. She was a pro bono risk advisor to the Seattle Police Department from 2015-2019, and is a member of the emeritus board of directors for the Seattle Public Library Foundation.

  • speaker photo
    Peter Chestna
    CISO of North America, Checkmarx

    Pete Chestna serves as the CISO of North America at Checkmarx, where he provides customers and prospects with practical advice for building successful application security programs. Bringing more than 15 years of direct AppSec practitioner experience, Pete has held roles ranging from developer and development leader to his most recent position as the Global Head of AppSec for the Bank of Montreal.

    Over the years, Pete has led organizational transformations from Waterfall to Agile to DevOps and from monolith to microservice architectures. He is certified as both a scrum master and product owner. Stemming from his experience as both an avid practitioner and consultant, Pete has spoken internationally at numerous prominent security and developer conferences including DevOpsDays, All Day DevOps, OWASP AppSec, and DevSecCon.

    Pete has been granted three patents. He enjoys whiskey tourism, astronomy model rocketry, and listening to Rush in his spare time.

  • speaker photo
    Alexandra Panaretos
    Americas Lead for Human Cyber Risk and Education, EY

    With a background in broadcasting and operational security, Alex specializes in secure communications and education, awareness program development, the psychology of social engineering, human-based risk mitigation, and behavior analytics. She has over 12 years of experience developing and implementing security awareness, communication, and education strategies in Fortune 50/100 companies and other global enterprises. Alex is OPSEC Manager II Certified by the U.S. Army and the Joint Information Operations Warfare Center (JIOWC). She volunteers with local law enforcement agencies educating parents, community groups, and youth organizations on information security and social media safety in her free time.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes