Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, November 13, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am

    This session is for Advisory Council members only.

    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 1 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Director of Security Operations, Massachusetts Advanced Secure Technologies
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    8:00 am
    SecureWorld PLUS Part 1 - Exercises: The Key to Writing an Effective Response Playbook
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Director of Cyber Operations, Norwich University Applied Research Institutes
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    Developed with funding from the Department of Homeland Security, the DECIDE® platform has been a trusted cybersecurity live exercise solution for more than a decade. The platform’s unmatched combination of needs-based threat scenarios, strategic analytics, and communications mapping has been proven time and again in distributed sector-wide live exercises, organizational trainings, and in smaller board room settings.
    In these 3 training blocks, the facilitator/instructor will guide students to an understanding of basic exercise structure and how to apply it to their own organization, top to bottom, using a distributed, synchronous environment like Decide®.

    8:30 am
    What You Know, We Know: How Your PII Isn't Secure Enough to Be Called Personal Anymore
    • session level icon
    speaker photo
    PhD Cybersecurity Researcher, Secure Societies Institute - University of Huddersfield
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    PII authentication has been used everywhere to authenticate your identity with various service providers, but after a number of data breaches and personal data loss, is it a safe way forward for our next generation? We now have more PII information available online than ever, with social media encouraging the sharing of personal data on a regular basis. Is PII a secure way to authenticate users in the future?
    Check your answers, much like the second-guessing of answers at the end of an exam. Users should be second guessing why providers need their personal information in the first place. If possible, they should change their answers. Providers should consider this PII authentication a void exercise with the amount of information posted online.Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    8:30 am
    The Two Faces of Artificial Intelligence
    • session level icon
    speaker photo
    Senior Lecturer, University of Washington, The Information School
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Artificial intelligence (AI) has been with us since 1965, when a computer figured out how to beat humans at checkers. AI is now embedded in many commonly used applications. But AI has two faces. We’ll examine a range of AI applications as well as proposed codes of ethics, and government research investments by the U.S. and China.
    8:30 am
    Approaches to Justifying Cybersecurity Spending
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Practical tips and examples for getting your security initiatives approved and funded, whether you’re talking to your manager or the CFO.

     

    8:30 am
    Data Laundering, Exploitation, and Extortion: Time for Ethical AI
    • session level icon
    speaker photo
    Founder & Managing Director, AgeLight Digital Trust Advisory Group
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    We are facing seismic change with the convergence of big data and AI. The oceans of information and computing power is providing endless opportunities while challenging the concept of digital dignity. Rather than look at regulatory frameworks, industry needs to be proactive and look at the ethical issues and their long-term impact to society. This session will review ethical frameworks including the need to respect human autonomy, prevent asymmetries of power and ability to undo unintended harm and address unintended biases. These technologies show great promise, but only if they are applied and used within societal values and norms and developed with an “ethical purpose.” They need to be grounded in and reflective of the ethical principles of beneficence (do good) and non-maleficence (do no harm).

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    [OPENING KEYNOTE] Business Email Compromise: Real World Stories and Practical Defense
    • session level icon
    speaker photo
    Cyber-Enabled Financial Fraud Investigator, U.S. Secret Service / Firebird AST
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:30 am
    Location / Room: Keynote Theater

    The average loss from a bank robbery is about $3,000. The average loss from a successful Business Email Compromise (BEC) attack is nearly $130,000. That kind of math explains why BEC is rampant, and every type of organization is at risk. During this presentation, hear from the point person on BEC cases investigated by the U.S. Secret Service. He’ll share true crime examples of and practical steps for defense against BEC losses, which now stand at $13.5 billion in the last six years.

    10:30 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:30 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm

    This session is for Advisory Council members only.

    11:15 am
    CISO Ventures Panel: Are Cybersecurity Startups Meeting Expectations of Buyers Taking a Risk on Them?
    • session level icon
    speaker photo
    Founder & Managing Director, Whiteboard Venture Partners
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    The number of cyber startups is growing exponentially, with 4300+ cybersecurity companies worldwide including several private “unicorns”. With so many startups engaged in helping organizations achieve cybersecurity outcomes, how do organizational decisionmakers think about the risks involved in working with them? A panel of CISOs will share their expectations of and experiences with cybersecurity startups, including how they use solutions from startups to meet existing and emerging cybersecurity challenges.

     

    11:15 am
    [Trend Micro] XDR and Closing the Gap on Disparate EDR Approaches
    • session level icon
    speaker photo
    Principal Engineer, Trend Micro, Inc.
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Endpoint Detection and Response (EDR) alone has failed to provide a complete painting of the attack surface. Although EDR has provided a partial understanding of the “ones that got away,” using it as the single source of truth has limited the scope of investigation and left some pieces still in the dark. By drawing from all layers of an infrastructure, not just the security tools, a richer set of data can be gathered and the canvas can be closer to the truth. Join us for this interactive discussion.

    Much like an enhanced SIEM tools drawing from all elements on a network, we can think of XDR as helping us get one step closer to an accurate view.
    Presentation Level: TECHNICAL (deeper dive including TTPs)

     

    11:15 am
    [Panel] Women in Security: Looking to the Future
    • session level icon
    speaker photo
    Senior Lecturer, University of Washington, The Information School
    speaker photo
    CISO, f5
    speaker photo
    Venture Investor, Former CISO at: DocuSign, US Bank & Expedia
    speaker photo
    Institutional Privacy Officer and former UW Associate CISO, University of Washington
    speaker photo
    Cybersecurity & Data Privacy Attorney, Newman Du Wors LLP
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Moderated by risk and security expert Annie Searle, the session features three panelists who each have long careers in cybersecurity, and who will discuss such questions as:
    Ø When hiring a security practitioner or leader on your team, what characteristics or traits do you look for?
    Ø What should women who are thinking of getting into a cybersecurity role know about working in a male dominated field?
    Ø What misconceptions do you think that people have about being in the information security field?
    Ø What are you reading?
    11:15 am
    [Radware] Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Security Evangelist, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    11:15 am
    A Survey of U.S. Domestic Security and Privacy Laws: The Evolving Landscape
    • session level icon
    speaker photo
    Managing Partner, XPAN Law Group, LLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    The U.S. legal framework for cybersecurity and data privacy continues to evolve, trying to stay abreast of the ever-evolving and changing technologies. In the past year, state and federal regulatory changes have altered the legal and compliance obligations of many companies across a variety of industries. Additionally, the courts are starting to adopt opinions that are placing more liability on companies for the protection of sensitive personal data. This presentation will provide an overview of key regulatory and legal changes both at the state and federal level, and discuss how companies should prepare to meet these evolving obligations.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm

    This session is for Advisory Council members only.

    12:15 pm
    [LUNCH KEYNOTE] 7 Ways To Boost InfoSec’s Influence (and Yours) by Communicating Differently
    • session level icon
    speaker photo
    Emmy-Winning Journalist, SecureWorld
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Grow your personal influence, your leadership possibilities and move your InfoSec objectives forward (faster) by thinking differently about how you communicate. Whether your audience is the board, your team, or any part of the business, this session will help you and your communication stand out. Lead by a long-time TV reporter turned cybersecurity journalist who shares a framework for powerful communication you can implement immediately.

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.

    1:15 pm
    Panel: You Got Burned, Now What? (Incident Response)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    We’ve all heard the adage that it’s not if it happens but when you are inevitably breached… Do you have a plan? Even a framework to go off of? What do you include? Who do you include? How often should you be practicing this plan? Join our experts as they discuss incident response plans, who should be involved, best practices, and pitfalls.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    [Panel] Securing Your Supply Chain & Infrastructure: A Huawei Case Study and Lessons Learned
    • session level icon
    speaker photo
    Founder & Managing Director, AgeLight Digital Trust Advisory Group
    speaker photo
    Chief Security Officer, Huawei Technologies
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm

    Increased reliance on new technologies introduces new threats into an ecosystem and supply chains. Key tenets include embracing security by design, use of risk-based decision models and sharing threat intelligence data. Every solution introduces risks, which can only be mitigated by applying stringent criteria to all devices and services. The core question is not if a single device, application or service develops a vulnerability, but how transparent each vendor is and how quickly they patch vulnerabilities. The panel will discuss the recent review of Huawei technologies and lessons learned can be applied to every enterprise including best practices advocated by NIST, NTIA, and others.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    3:00 pm
    Communicating Technology Risk to Non-Tech People: Helping Organizations Understand Bad Outcomes
    • session level icon
    speaker photo
    Director, Risk Science, FAIR Institute
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Communicating risk to nontechnical people is difficult. As security professionals, we can recite the threats and vulnerabilities that are impacting our organizations and we often call those risks. This can influence executives sometimes, but often fails to resonate and connect with the decision makers in the way we want . This session will discuss how to translate threats and vulnerabilities into business risks that executives care about. A review of the weaknesses of traditional technology risk assessment methodologies is offered and an introduction to Cyber Risk Quantification (CRQ) is covered. Example risk reporting to the board is also included.

    3:00 pm
    Bias in AI: The Risk and the Reality
    • session level icon
    speaker photo
    Principal Enterprise Security Architect, Providence St. Joseph Health
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Bias generates risk in all AI systems, but how serious is the problem? This session will help answer the following questions:
    •  What is AI bias, and how prevalent is it in current systems?
    •  Do we need to reduce the impact of bias?
    •  If we want to reduce AI bias, how do we even start?

     

    3:00 pm
    The New "Colder" War: Cybersecurity Threats Against Consumer Privacy and Our Democratic Institutions
    • session level icon
    speaker photo
    Lieutenant Colonel, US Air Force (Ret)
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Modern cybersecurity threats have evolved into very effective disinformation campaigns based on what they know about you. What can we collectively do to protect our consumers  and our democratic institutions that we rely upon? Hint: the solution is more than just technology.

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:00 pm
    SecureWorld PLUS Part 2 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director of Security Operations, Massachusetts Advanced Secure Technologies
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    3:00 pm
    SecureWorld PLUS Part 2 - Exercises: The Key to Writing an Effective Response Playbook
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director of Cyber Operations, Norwich University Applied Research Institutes
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Developed with funding from the Department of Homeland Security, the DECIDE® platform has been a trusted cybersecurity live exercise solution for more than a decade. The platform’s unmatched combination of needs-based threat scenarios, strategic analytics, and communications mapping has been proven time and again in distributed sector-wide live exercises, organizational trainings, and in smaller board room settings.
    In these 3 training blocks, the facilitator/instructor will guide students to an understanding of basic exercise structure and how to apply it to their own organization, top to bottom, using a distributed, synchronous environment like Decide®.
  • Thursday, November 14, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 3 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director of Security Operations, Massachusetts Advanced Secure Technologies
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    8:00 am
    SecureWorld PLUS Part 3 - Exercises: The Key to Writing an Effective Response Playbook
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director of Cyber Operations, Norwich University Applied Research Institutes
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    Developed with funding from the Department of Homeland Security, the DECIDE® platform has been a trusted cybersecurity live exercise solution for more than a decade. The platform’s unmatched combination of needs-based threat scenarios, strategic analytics, and communications mapping has been proven time and again in distributed sector-wide live exercises, organizational trainings, and in smaller board room settings.
    In these 3 training blocks, the facilitator/instructor will guide students to an understanding of basic exercise structure and how to apply it to their own organization, top to bottom, using a distributed, synchronous environment like Decide®.

    8:30 am
    Human Resilience in Our Cybersecurity Culture
    • session level icon
    speaker photo
    President , DuHart Consulting
    speaker photo
    Principle Cybersecurity Architect, DuHart Consulting
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    As employers struggle attracting and retaining cybersecurity personnel, it is important to note that employees need to feel appreciated. Employees also need to understand how to work through the stress associated with this environment. Utilizing this presentation as a springboard to greater understanding from both sides of management, one will walk away with an understanding of:
    •  What is stress?
    •  What are IT soft skills?
    •  How managing stress and practicing soft skills impact organizational culture
    •  How stress, soft skills, and culture have a direct impact on the talent gap
    •  Avoiding burnout
    Presentation Level: GENERAL
    (InfoSec best practices, trends, solutions, etc.)

    8:30 am
    PCI’s Evolving Approach to Address NextGen Threats
    • session level icon
    speaker photo
    Chief Technology Officer, PCI Security Standards Council
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Don’t miss this session for a look into the evolution of payments and security standards. Hear about some opportunities and challenges that have been created by the innovations in technology. This session will also cover how PCI SSC is addressing these changes and how you can help.
    Note: Tools include people (e.g. ISA/QIR), process (DSE, DSS), and technology (P2PE, SPOC, Contactless).
    8:30 am
    Zero Trust: The Elements of Strategy
    • session level icon
    speaker photo
    Strategist, MiSec Community
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Philosophies for securing technology has crashed over our industry in waves. Capability-based security locked down IT (except when it didn’t.) Risk-based security prioritized efforts and focused us on securing the business (when people listen.) Threat-centric security cleared everything up by explaining what the bad guys were doing (with file hashes and IP addresses.) Following these less than successful philosophies, trust-centric security has entered the scene. This session will cover zero-trust strategies and highlight case studies of organizations leveraging zero-trust to align and coordinate tactics. Trust is neither binary nor permanent, and neither is real-world security.

    8:30 am
    How to Leverage Leadership Style to Improve Your Security Posture
    • session level icon
    speaker photo
    Sr. Manager, Information Security and Compliance, AAA Washington
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Noncompliance to information security policies and standards remains the primary root cause of breaches for organizations in the United States. There are many considerations and challenges to improving employee behavior in the use of IT resources, data, and technology. The style of leadership demonstrated by an organization may be one of the more important facets. This presentation demonstrates the solid connection between leadership style and employee compliance to information security policies in organizations.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    [OPENING KEYNOTE] How to Manage Your Own Career to Get to the Top
    • session level icon
    speaker photo
    Former CIO, The White House
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Do you have a plan for your future? Why not? You are the leader of your own destiny! You need to look at where you are, where you want to go, and have a plan to get there. We will talk about how to develop a plan, what to think about, and how to put one foot in front of the other to get to your end goal. We will also talk about how to manage up to your boss to get what you need to help you in your own career. Col. Mark Gelhardt made it to The White House managing his own career, and stood next to the President of the United States. He will tell you how he did it; if he can do it, so can you!

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm

    This session is for Advisory Council members only.

    11:00 am
    Cloud Security Alliance Meeting and Presentation - Open to all Attendees
    • session level icon
    Presentation: Threat Modeling 2019
    speaker photo
    Leading Expert on Threat Modeling, Shostack & Associates
    Registration Level:
    • session level iconOpen Sessions
    11:00 am - 12:00 pm

    Interested in your local associations? Join Cloud Security Alliance (CSA) for a chapter meeting and guest presentation.
    Presenting: Attacks always get better, so your threat modeling needs to evolve. Learn what’s new and important in threat modeling in 2019. Computers that are things are subject to different threats, and systems face new threats from voice cloning and computational propaganda and the growing importance of threats  at the human layer.  Take home actionable ways to ensure your security engineering is up to date.

    11:15 am
    Applying the Scientific Method to Cybersecurity Event Analysis
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    What is one of the biggest frustrations when analyzing a cybersecurity event? To me, it is a simple frustration of not knowing where to go next with my investigation. I find that it is easy to trail down what we like to call “rabbit holes.” These rabbit holes may not lead anywhere, which is fine. However, it is frustrating when you are deep in a rabbit hole and end up at a cross tunnel not knowing which way to go next or where you just came from.
    By applying the scientific method to our analysis we are able to better organize our thought process, focus on where we should go next, and where we have already been in the investigation that took us to a dead-end. The scientific method can be used for even the simplest adverse cybersecurity events, as well as complex cybersecurity incidents.
    11:15 am
    Reporting to the Board: the NACD Cyber-Risk Oversight Handbook
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    The National Association of Corporate Directors (NACD) has published guidance to its members on what to ask company CISOs to get an understanding of the security of the organization they have oversight responsibilities for. NACD trains board members, but who trains the CISOs? This presentation is a primer on the NACD Cyber-Risk Oversight Handbook and it has some help to for the CISO who gets on the Board of Directors Hot Seat.
    11:15 am
    7 Ways to Boost InfoSec’s Influence (and Yours) by Communicating Differently
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Grow your personal influence, your leadership possibilities and move your InfoSec objectives forward (faster) by thinking differently about how you communicate. Whether your audience is the board, your team, or any part of the business, this session will help you and your communication stand out. Lead by a long-time TV reporter turned cybersecurity journalist who shares a framework for powerful communication you can implement immediately.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm

    This session is for Advisory Council members only.

    12:15 pm
    [LUNCH KEYNOTE] Radware: Game of Threats
    • session level icon
    speaker photo
    Security Evangelist, Radware
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Do you really know who are the real cyberattackers in today’s landscape? Every day we hear about names, techniques, hacktivists, and new tools which are ransacking businesses and organizations worldwide. However, do you understand how these relate to each other and which of these vectors are the most heinous? This presentation reveals a fascinating topic of how everything from hacking tools and patriotic hackers, to cyber cartels and DDoS vectors relate to one another, placing everything into context. In fact, this presentation will allow for a detailed understanding of 52 different attack types and categories to be aware of and comprehend. You will take away the notion of how varied each attack vector is and how many categories exist in the world of cyberattacks.

    1:15 pm
    Panel: Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.

    1:15 pm
    Panel: The Battle for the Endpoint Continues (Endpoint Security)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    What are you doing to keep the network safe for your employees? You’ve got your fancy next-gen firewall and some A/V. Maybe even some biometrics or 2FA thrown in for safekeeping. We also keep hearing the IAM acronym thrown around. And what is Zero Trust? What are you missing? Oh, yeah… remote workers and IoT. Wouldn’t it be cool if you had someone to ask? Now you do. This panel will go through these questions and more. Join the group discussion as we address the challenges in endpoint and network security.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Beyond the Security Awareness Check Box
    • session level icon
    speaker photo
    Director of Learning, Kalles Group
    speaker photo
    Sr. Training Consultant, Kalles Group
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    It’s time to move beyond the “Awareness” messaging campaigns and the annual compliance training check box. Employees need to take the next step and act on the knowledge that is constantly pushed out to them. A solid Security Awareness program needs to include opportunities for learners to build their skills as well as practice those skills in realistic scenarios. This session will provide an overview of ways to think beyond doing an annual compliance eLearning and focus on providing on-going learning opportunities that are timely and relevant.
    3:00 pm
    Role of Information Risk and Compliance in Digital Healthcare
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Information technology is becoming a core part of healthcare with the new technology innovation. The risk and compliance strategy and guidance is challenging.
    This presentation focuses on some of the key attributes to take into consideration for creating an IT GRC model to ensure the safety, privacy, and security of the patients.Some of the attributes include:
    – Data as the centerpoint/ focus point of building the GRC model
    – Data classification based on its risk and impact
    – Thinking through Data Lifecycle Approach to attain a detailed      understanding of data and its impact
    3:00 pm
    Addressing the Talent Gap in Secure Systems Engineering
    • session level icon
    speaker photo
    Director of Cybersecurity, GE Healthcare
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    To get out of perpetual reaction mode, we need more professionals with systems engineering experience to provide proactive, preventative security expertise. Those are rarest of the rare in a field of talent often described as having negative unemployment. The panel will discuss the skills gap, how to find the talent that’s already there, and ways to develop more.
    Presentation Level: MANAGERIAL (security and business leaders)

    3:00 pm
    The Other Insider Threat
    • session level icon
    speaker photo
    CISO, Axiom Law
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    There’s a lot of talk about the malicious insider, but not as much about the unintentional insider. Whether its employees using personal software to simply get the job done or teams selecting and expensing unauthorized software, company information assets are increasingly difficult to manage. The cloud has brought many great things with it, but it has also created a new form of shadow IT that has the potential for much more devastating consequences than ever before.
    Attend this session to learn:
    • what unintentional insider threat looks like
    • hear first-hand examples of unintentional insider behavior
    • strategies for identifying and managing the other insider threat
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

Exhibitors
  • Alert Logic
    Booth:

    Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.

  • ARMA NW Region
    Booth:

    THIS IS YOUR ARMA!  The Association of Records Managers and Administrators (ARMA) is the leading international not-for-profit association for Records Management and Information Governance, comprised of approximately 27,000 professionals in this field with chapters across the US, Canada, and internationally.  Do you need guidance on records policy, compliance, and operations?  We are here to help connect you with local professionals for networking, educational session, vendor contacts, meet-ups, and collaboration.

    Bellevue Eastside Chapter
    The Bellevue Chapter serves the greater eastside members providing opportunities for RIM professionals to connect and collaborate.  RIM and IG areas include Utilities, Legal, Medical, Banking, Software, Engineering, Government, Energy, and Telecommunications.

  • Bitglass
    Booth:

    Your company’s move to the cloud delivers flexibility and cost savings, but that doesn’t mean you should lose control of your data. Bitglass’ Cloud Access Security Broker (CASB) solution enables your enterprise to adopt cloud apps while ensuring data security and regulatory compliance. Bitglass secures your data in the cloud, at access, on any device.

    Bitglass was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.

  • Bugcrowd Inc.
    Booth:

    By combining the world’s most experienced team of bounty experts and the market’s only enterprise-grade bug bounty platform, Bugcrowd connects organizations to a global crowd of trusted security researchers to identify vulnerabilities—before the  adversaries do.

  • CISO Ventures
    Booth:

    Whiteboard Venture Partners is building this exclusive community to help cybersecurity startups engage/collaborate with security innovation stakeholders.

  • Cisco
    Booth:

    Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.

  • Cloud Security Alliance Seattle
    Booth:

    The Greater Seattle Chapter of the Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing in the Pacific Northwest, and provide education on the uses of Cloud Computing to help service providers and customers be secure in the Cloud.

    The Greater Seattle Chapter began in late 2010, led by Vivek Bhatnagar and Marc Pinotti, with our first Chapter Meeting held March 24th 2011.  Our membership since then has grown to include corporate sponsors and over 1100 executive and senior level security, compliance, and IT professionals from throughout the entire Pacific Northwest, Western Canada, and Alaska.

    The Chapter provides a venue for our Members to network, share ideas and research, as well as educational opportunities through quarterly seminars and monthly Chapter meetings that feature presentations by industry experts about Cloud issues, security, and technology.

  • Cobalt.io
    Booth:

    At Cobalt, we use a combination of data, technology and talent to meet the security challenges of the modern web or mobile application, and ensure we provide the smartest, most efficient services possible. From Cobalt Central, our powerful vulnerability dashboard, to Cobalt Insights, which gives you an intelligent overview of your application security program, we are driven by great technology.

  • CTIN
    Booth:

    CTIN has been providing high tech crime fighting training since 1996 in the areas of high-tech security, investigation, and prosecution of high-tech crimes for both private and public sector security and investigative personnel and prosecutors. CTIN sponsors training from experts world-wide for the benefit of private organizations and law enforcement agencies.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Fidelis Cybersecurity
    Booth:

    Fidelis Cybersecurity is a leading provider of threat detection, hunting and response solutions. Fidelis combats the full spectrum of cyber-crime, data theft and espionage by providing full visibility across hybrid cloud / on-prem environments, automating threat and data theft detection, empowering threat hunting and optimizing incident response with context, speed and accuracy. For more information, go to www.fidelissecurity.com.

  • Institute of Internal Auditors (IIA)
    Booth:

    Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.

  • InfraGard – Evergreen / WA chapter
    Booth:

    InfraGard is a partnership of individuals representing businesses, academic institutions, state and local law enforcement agencies, and communities who are dedicated to collaborating and sharing information to prevent hostile acts against the United States.

    The Evergreen InfraGard Members Alliance area of operation is Washington State and over 600 members. As part of the Western Region, we work closely with the IMAs in Los Angeles, San Diego, Oregon, and Idaho. Our chapter’s mission is, “To protect Washington State’s Infrastructure and critical services by providing a secure platform and trusted community to share experiences and information.”

  • ISACA
    Booth:

    As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

  • (ISC)2
    Booth:

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • ISSA Puget Sound Chapter
    Booth:

    ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. Join today.

  • Ixia, a Keysight Business
    Booth:

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Jazz Networks
    Booth:

    Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.

  • Lockpath
    Booth:

    Lockpath is a software company bringing order to the chaos of managing risk. From SMB to enterprise, our risk management platforms flex and scale to existing processes enabling customers a straightforward approach to identify, understand, manage and report on risk.

  • Malwarebytes
    Booth:

    Malwarebytes provides anti-malware and anti-exploit software designed to protect users against zero-day threats that consistently escape detection by traditional endpoint security solutions. Malwarebytes Anti-Malware earned an “Outstanding” rating by CNET editors, is a PCMag.com Editor’s Choice, and was the only security software to earn a perfect malware remediation score from AV-TEST.org. That’s why large Enterprise businesses worldwide, including Disney, Dole, and Samsung, trust Malwarebytes to protect their mission-critical data. For more information visit www.malwarebytes.com/business

  • Mimecast
    Booth:

    Mimecast Is Making Email Safer For Business.

    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service. Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • nCipher
    Booth:

    nCipher Security, a leader in the hardware security module (HSM) market, empowers world-leading organizations by delivering trust, integrity and control to their business critical information and applications, IoT, blockchain and digital payments

  • New Tech Seattle
    Booth:

    Seattle’s largest ongoing monthly event with more than 5,600 members. New Tech Seattle is the place where you’ll always make great connections, enjoy great food and drinks, learn about new companies doing cool things, laugh, smile, and have a fun night out. And most importantly, you’ll discover the people, partners, organizations, and resources to help you to build your dreams.

    It’s your community, we just love it and give everyone a place to play together. New Tech Seattle happens on the 2nd or 3rd Tuesday of every month. You can also join us on the 1st or 2nd Tuesday of every month at New Tech Eastside if you spend more time in Kirkland, Bellevue, Redmond, and the surrounding cities.

  • Northwest Tech Alliance (NWTA)
    Booth:

    The Northwest Tech Alliance (NWTA) is an independent technology association dedicated to bringing together some of the brightest minds from the technology industry.
    NWTA events are focused on helping attendees:
    · Network with other technology industry professionals
    · Provide education and information relative to the latest technologies and industry trends
    · Generate opportunities for personal, professional and business growth
    · Promote the Puget Sound area as a desirable place to start and grow successful technology companies
    · Learn about local food/chefs, wineries, breweries, and distilleries
    · Support local businesses and give back to the community
    · Build lifelong relationships

  • OneTrust
    Booth:

    OneTrust is the leading and fastest growing privacy management software platform used by hundreds of organizations globally to comply with data privacy regulations across sectors and jurisdictions, including the EU GDPR and Privacy Shield.

  • Online Trust Alliance (OTA)
    Booth:

    The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust, while promoting innovation and the vitality of the internet. OTA’s goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users’ security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, meaningful self-regulation and data stewardship.

  • ProcessUnity
    Booth:

    ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources.

  • Qualys, Inc.
    Booth:

    Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 120 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

  • Radware
    Booth:

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • RedSeal
    Booth:

    At RedSeal, our vision is to become the essential analytics and decision-making platform for building digitally resilient organizations people can trust. We do this by becoming the measure by which every organization can quantify its digital resilience. As thought leaders on resilience, we envision every organization starting the security discussion with the question “What’s our Digital Resilience Score?” Founded in 2004, RedSeal is headquartered in Sunnyvale, California.

  • Spirion
    Booth:

    Spirion is a leading enterprise data management software solution that provides high-precision searches and automated classification of unstructured and structured data with unparalleled accuracy.  Spirion helps businesses reduce their sensitive data footprint and proactively minimize risks, costs and reputational damage of cyberattacks by discovering, classifying, monitoring and protecting sensitive data.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tevora
    Booth:

    Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats. For more information visit https://www.tevora.com.com/.

  • Thales e-Security
    Booth:

    Today’s enterprises depend on the cloud, data and software to make decisive decisions. That’s why the most respected brands and largest organizations in the world rely on Thales to help them protect their most sensitive information and software wherever it is created, accessed or stored – from the cloud and data centers to devices and across networks. As the global leader in cloud and data protection, our solutions enable organizations to move to the cloud securely, achieve compliance with confidence, and create more value from their software in the devices and services used by millions of consumers every day.

  • Trend Micro
    Booth:

    Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.

  • Trustwave
    Booth:

    Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries.

  • University of Washington
    Booth:

    The Office of the Chief Information Security Officer (CISO) promotes a culture of shared responsibility to safeguard personal and institutional data. Services are designed to assist the UW community by monitoring, analyzing, and forecasting threats to information assets, advising on risk management and on contracts related to data security, providing in-person and online education, consulting on incident management, and developing and managing University policies related to information security.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Gene Kingsley
    Director of Security Operations, Massachusetts Advanced Secure Technologies

    Gene Kingsley, Director of Security Operations Center where he leads his team to help protect the clients of Massachusetts Advanced Security Technologies.

  • speaker photo
    Tom Muehleisen
    Director of Cyber Operations, Norwich University Applied Research Institutes

    Tom Muehleisen, CISSP and Retired Army Lieutenant Colonel, is a proven leader in cybersecurity. He is currently the Director of Cyber Operations for NUARI, a non-profit focused on improving our nation’s cybersecurity. He has a rich emergency management background as a National Guardsman, ranging from fighting fires to writing Washington State’s cyber response plan. After retiring from the military, he continued his efforts to secure Critical Functions and Community Lifelines though education, outreach and exercises. His experiences as a senior leader in Army Information Operations give him a particularly deep view of adversary motivations, which he brings to the classroom.

  • speaker photo
    Abigail McAlpine
    PhD Cybersecurity Researcher, Secure Societies Institute - University of Huddersfield

    Abigail McAlpine is a CyberSecurity Researcher at the Secure Societies Institute at the University of Huddersfield. Her research is specialised in PII data published on digital systems that leads users to become vulnerable to a number of threats to their identity and safety long-term.

  • speaker photo
    Annie Searle
    Senior Lecturer, University of Washington, The Information School

    Annie Searle is a senior lecturer at the University of Washington’s School of Information, where she teaches courses on risk management, cybersecurity, and information management, She is a lifetime member of The Institute of American Entrepreneurs; and was inducted in 2011 into the Hall of Fame for the International Network of Women in Homeland Security and Emergency Management. She writes a column monthly for ASA News & Notes; and is the author of several books or book chapters, most recently "Risk Reconsidered, " a collection of articles and columns published in July 2018. She is also principal of ASA Risk Consultants, a Seattle-based firm. Searle is a pro bono advisor to the Seattle Police Department, and a member of the board of directors of the Seattle Public Library Foundation. Searle spent ten years at Washington Mutual Bank where for most of those years she chaired the crisis management team.

  • speaker photo
    Craig Spiezle
    Founder & Managing Director, AgeLight Digital Trust Advisory Group

    Craig Spiezle is the founder and managing partner of AgeLight Advisory Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.

  • speaker photo
    Stephen Dougherty
    Cyber-Enabled Financial Fraud Investigator, U.S. Secret Service / Firebird AST

    Stephen Dougherty has over a decade of investigative experience. His career as a Financial Fraud Investigator in support of the federal government has played a pivotal role in criminal investigations, surrounding cyber-enabled financial crime, money laundering, human trafficking, identity theft, healthcare fraud, embezzlement, tax/government program fraud, dark web crimes, among others. Stephen’s main area of expertise is combatting money laundering in all its forms. Aside from this, Stephen has been proactive in identifying new and future trends in the world of financial crime. Such trends include the cyber security nexus of financial crimes and its ever-growing relationship in major financial crimes such as Business Email Compromise and the rise of the dark web and the use of virtual currency as a vehicle for facilitation of financial crimes. Stephen has been a leader and a mentor to other investigators teaching them how to uncover fraud internally and externally. Stephen is currently an investigator contracted to the U.S. Secret Service’s Global Investigative Operations Center (GIOC) in Washington D.C.

  • speaker photo
    Moderator: Abhijit Solanki
    Founder & Managing Director, Whiteboard Venture Partners

    Abhijit Solanki is the founder of Whiteboard Venture Partners, an early stage venture capital firm helping entrepreneurs achieve their whiteboard dreams.

  • speaker photo
    Craig Schippers
    Principal Engineer, Trend Micro, Inc.

    Craig Schippers is a CISSP Certified Principal Sales Engineer at Trend Micro. He has worked in the Security Industry for approximately 17 years assisting customers with their Infrastructure Security needs. He lives in the Kettle Falls, WA.

  • speaker photo
    Annie Searle
    Senior Lecturer, University of Washington, The Information School

    Annie Searle is a senior lecturer at the University of Washington’s School of Information, where she teaches courses on risk management, cybersecurity, and information management, She is a lifetime member of The Institute of American Entrepreneurs; and was inducted in 2011 into the Hall of Fame for the International Network of Women in Homeland Security and Emergency Management. She writes a column monthly for ASA News & Notes; and is the author of several books or book chapters, most recently "Risk Reconsidered, " a collection of articles and columns published in July 2018. She is also principal of ASA Risk Consultants, a Seattle-based firm. Searle is a pro bono advisor to the Seattle Police Department, and a member of the board of directors of the Seattle Public Library Foundation. Searle spent ten years at Washington Mutual Bank where for most of those years she chaired the crisis management team.

  • speaker photo
    Mary Gardner
    CISO, f5

    Mary Gardner’s background provides a wealth of security, compliance, and risk management expertise from a variety of industries, including healthcare, finance, and transportation/logistics. She joined F5 as chief information security officer (CIS)) from Seattle Children’s, where she served as CISO. She has also held security leadership positions at Fred Hutchinson Cancer Research Center, Port of Seattle, JPMorgan Chase, and Washington Mutual.
    Gardner holds a B.S. from Trinity University. She is also a Certified Information Systems Security Professional (CISSP) and member of the Executive Women’s Forum. Gardner is based in Seattle at F5’s corporate headquarters.

  • speaker photo
    Vanessa Pegueros
    Venture Investor, Former CISO at: DocuSign, US Bank & Expedia

    Vanessa is a CyberSecurity leader with over 16 years of security experience. She is currently serving on the Board of Carbon Black (CBLK) and BECU. She also is a venture partner with Flying Fish Partners in Seattle. Vanessa formally worked as the CISO at DocuSign and successfully managed through hyper growth and an IPO in 2018. She also was the SVP of Enterprise Security at US Bank, CISO at Expedia and has held senior level security roles with Washington Mutual, Cingular and AT&T Wireless. She has held numerous other roles specifically within the wireless arena including Network Planning, Architecture & Engineering, Technical Sales, and Product Development. She has an MBA from Stanford University, a MS in Telecommunication from the University of Colorado, and a BS in Engineering from UC Berkeley. She holds GSEC, CRISC, CISM, and CISSP security certifications as well as the Certified Information Privacy Professional Europe (CIPP/E) privacy certification.

  • speaker photo
    Ann Nagel
    Institutional Privacy Officer and former UW Associate CISO, University of Washington

    Ann Nagel is the Associate Vice Provost for Privacy, University Privacy Officer, and European Union General Data Protection Officer for the University of Washington (UW). She is responsible for developing a cohesive strategy for the humanitarian and legal aspects of privacy across the UW. To help ensure privacy is included in the design of the UW’s systems and services she collaborates closely with other individuals at the UW who have responsibility for managing and/or protecting personal data. Prior to her privacy role she was the Associate Chief Information Security Officer at the UW with responsibilities for policy, advising, education, incident management, and security-focused software development. She has also held consulting, auditing, and project management related positions.

  • speaker photo
    Melissa Van Buhler
    Cybersecurity & Data Privacy Attorney, Newman Du Wors LLP

    Melissa’s legal practice focuses on cybersecurity, privacy, and regulatory compliance. Her key strength is helping organizations achieve cyber resiliency through legal and regulatory compliance.

    Before joining Newman Du Wors in 2018, she served more than 15 years as a Judge Advocate General officer in the United States Army where she supported top-secret operations at the National Security Agency (NSA), United States Cyber Command, and United States Army Special Operations Command. During her tenure, Melissa gained unique insights into worldwide vulnerabilities to cyberattacks and helped develop best practices to combat them. She advised on the complex lifecycle of intelligence data collection from origination, use and sharing within and among intelligence agencies. Her data privacy expertise grew from advising on federal rules and regulations surrounding the robust oversight of intelligence activities, particularly in the complex world of signals intelligence.

    Melissa earned a master of laws in Information Technology & Intellectual Property from University of Colorado, Boulder in between assignments with intelligence organizations. She is also a combat veteran of Operation Iraqi Freedom having served one year with the 4th Infantry Division in Taji, Iraq, from 2005-2006.

  • speaker photo
    Ron Winward
    Security Evangelist, Radware

    Ron Winward is a Security Evangelist for Radware, where he helps execute the company’s thought leadership on today’s security threat landscape. Ron brings nearly 20 years of experience in the Internet service provider space, most recently as Director of Network Engineering for a global infrastructure and colocation provider. With an expertise in network architectures and DDoS mitigation, Ron has helped design solutions for carriers, enterprises, and cybersecurity service providers around the world.

  • speaker photo
    Jordan Fischer
    Managing Partner, XPAN Law Group, LLC

    Jordan L. Fischer is co-founder and managing partner of XPAN Law Group, LLC, a Women-Owned boutique law firm. She focuses her practice on international data privacy and cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations and the General Data Protection Regulation (GDPR). Jordan has extensive experience in the intersection of law and technology. She is also an Assistant Professor of Law at the Thomas R. Kline School of Law at Drexel University.

  • speaker photo
    Bruce Sussman
    Emmy-Winning Journalist, SecureWorld

    Bruce Sussman is a life-long storyteller who spent 20 years on TV screens in Portland, Oregon, as a journalist and meteorologist, winning two regional Emmy awards for “Best Weather Anchor.” He still pops up on KATU News occasionally, but he’s more likely to be spotted now on a security podcast, moderating a panel discussion at a SecureWorld InfoSec conference, or leading a session on more powerful communication in a corporate environment. After a brief stint at Gartner working with CISOs, Sussman now leads cybersecurity writing and content for SecureWorld’s media division.

  • speaker photo
    Craig Spiezle
    Founder & Managing Director, AgeLight Digital Trust Advisory Group

    Craig Spiezle is the founder and managing partner of AgeLight Advisory Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.

  • speaker photo
    Andy Purdy
    Chief Security Officer, Huawei Technologies

    Andy is Chief Security Officer for Huawei Technologies USA, overseeing Huawei USA's cybersecurity assurance program and supporting Huawei’s global assurance program. Andy is the Huawei global lead for the East-West Institute Global Cooperation in Cyberspace Initiative and serves on the Steering Committee of The Open Group Trusted Technology Forum, which developed the Open Trusted Technology Provider Standard (O-TTPS), recognized as ISO/IEC 20243.

    Andy was the senior cybersecurity official of the U.S. Government from 2004-2006. Prior to joining the Department of Homeland Security, Andy was a member of the White House staff where he helped to draft the U.S. National Strategy to Secure Cyberspace (2003), after which he went to the Department of Homeland Security (DHS) where he helped to form and then led the National Cyber Security Division (NCSD) and the U.S. Computer Emergency Readiness Team (US-CERT).

  • speaker photo
    Jack Freund, PhD
    Director, Risk Science, FAIR Institute

    Dr. Jack Freund is a leading voice in cyber risk measurement and management. He is an expert at building relationships to collaborate, persuade, and sell information risk and security programs. Jack is currently serving as Director, Risk Science at RiskLens and previously worked for TIAA as Director, Cyber Risk. Jack holds a PhD in Information Systems and has been named an IAPP Fellow of Information Privacy. Jack’s book on quantifying risk (Measuring and Managing Information Risk: A FAIR Approach) was inducted into the Cybersecurity Canon in 2016. Jack’s writings have appeared in the ISSA Journal and he currently writes a column for the @ISACA newsletter.

  • speaker photo
    Brian Cady
    Principal Enterprise Security Architect, Providence St. Joseph Health

    Brian Cady has been working in the information technology industry for more than 20 years with an exceptionally broad background focusing on security, architecture and future technologies. Brian has held leadership positions for IBM and Microsoft along with banking, airline and gaming companies. He is currently leading the Security Strategy & Architect teams for one of the largest healthcare providers in the country and is pursuing a Master of Science degree in Information Systems Management through the University of Salford in Manchester England.

  • speaker photo
    Kevin J. Murphy
    Lieutenant Colonel, US Air Force (Ret)

    Kevin was the VP of Cybersecurity Operations and Governance at IOActive.com, a retired US Air Force intelligence officer, and the former Director of Windows Security Architecture at Microsoft with over 25 years of experience in threat intelligence and information security. Kevin holds the following security certifications. CISM, CISSP, CGEIT.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Gene Kingsley
    Director of Security Operations, Massachusetts Advanced Secure Technologies

    Gene Kingsley, Director of Security Operations Center where he leads his team to help protect the clients of Massachusetts Advanced Security Technologies.

  • speaker photo
    Tom Muehleisen
    Director of Cyber Operations, Norwich University Applied Research Institutes

    Tom Muehleisen, CISSP and Retired Army Lieutenant Colonel, is a proven leader in cybersecurity. He is currently the Director of Cyber Operations for NUARI, a non-profit focused on improving our nation’s cybersecurity. He has a rich emergency management background as a National Guardsman, ranging from fighting fires to writing Washington State’s cyber response plan. After retiring from the military, he continued his efforts to secure Critical Functions and Community Lifelines though education, outreach and exercises. His experiences as a senior leader in Army Information Operations give him a particularly deep view of adversary motivations, which he brings to the classroom.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Gene Kingsley
    Director of Security Operations, Massachusetts Advanced Secure Technologies

    Gene Kingsley, Director of Security Operations Center where he leads his team to help protect the clients of Massachusetts Advanced Security Technologies.

  • speaker photo
    Tom Muehleisen
    Director of Cyber Operations, Norwich University Applied Research Institutes

    Tom Muehleisen, CISSP and Retired Army Lieutenant Colonel, is a proven leader in cybersecurity. He is currently the Director of Cyber Operations for NUARI, a non-profit focused on improving our nation’s cybersecurity. He has a rich emergency management background as a National Guardsman, ranging from fighting fires to writing Washington State’s cyber response plan. After retiring from the military, he continued his efforts to secure Critical Functions and Community Lifelines though education, outreach and exercises. His experiences as a senior leader in Army Information Operations give him a particularly deep view of adversary motivations, which he brings to the classroom.

  • speaker photo
    Samantha Dutton
    President , DuHart Consulting

    Dr. Samantha Dutton is the President of DuHart Consulting where she works with her husband in addressing cybersecurity business needs, as it impacts the human factor. She is also an Associate Dean and the Director of the Social Work Program in the College of Social and Behavioral Sciences at the University of Phoenix. She is a Licensed Clinical Social Worker and holds a PhD in Social Work and Social Research. Dr. Dutton served over 25 years in the United States Air Force, retiring as Lieutenant Colonel. She held positions of Deputy Commander of Medical Operations at Mike O’Callaghan Military Medical Center as well as the Medical Squadron at Joint Base Lewis-McChord. She also commanded the Mental Health Clinic at Nellis Air Force Base. She has been the recipient of numerous Air Force level awards and was deployed in support of Operation Iraqi Freedom and Operation Enduring Freedom where she was the lone mental health practitioner for 2500 personnel. Dr. Dutton’s passions include military transition, single parents serving in the military and ensuring veterans have access to services. She has recently embarked on a venture with her husband to address the needs of the cybersecurity profession. She has presented in different forums surrounding these passions as well as publishing an article on single parents in the Air Force. Dr. Dutton created the military social work curriculum for online institution where she brought real world experience and research to the program. Dr. Dutton is married and has 4 children and a granddaughter.

  • speaker photo
    Andrew Dutton
    Principle Cybersecurity Architect, DuHart Consulting

    Andrew Dutton is a leader in the cybersecurity industry with DuHart Consulting as the Principle Cybersecurity Architect. In previous roles, he has designed, implemented and overseen program development, control adoption, and strategic planning. He has developed programs for multiple organizations and excels as using a risk-based approach to ensure organizations have implemented the most effective solutions and processes. He implements cybersecurity into processes and not as a separate silo. Building a cybersecurity culture is a key fundamental for any program. Andrew has advanced expertise in the security and compliance space, including NIST, CIS, COBIT, ISO, ITIL, HIPAA, and other frameworks and programs in the IT strategic and tactical processes. He brings a street smart approach to intricate business problems in order to find secure solutions. He is also committed to developing human resources to get the job done.

  • speaker photo
    Troy Leach
    Chief Technology Officer, PCI Security Standards Council

    : Troy Leach is the Chief Technology Officer for the PCI Security Standards Council. In his role, Mr. Leach partners with Council representatives, Participating Organizations and industry leaders to develop comprehensive standards and strategies to secure payment card data and the supporting infrastructure. He is a congressional subject matter expert on payment security and holds advanced degrees from Syracuse University in network management and information security.

  • speaker photo
    Wolfgang Goerlich
    Strategist, MiSec Community

    J Wolfgang Goerlich is an active part of the Michigan security community. He hosts a YouTube video series and the Encode/Decode Security Podcast. Wolfgang regularly advises on and presents on the topics of risk management, incident response, business continuity, secure development life cycles, and more.

  • speaker photo
    William Lidster
    Sr. Manager, Information Security and Compliance, AAA Washington

    Dr. William Lidster has more than 25 years of experience in IT and information security leadership in government, retail, insurance, finance, healthcare, and the utility industries. He received is PhD in Information Security and Assurance from Capella University and has published in IEEE and other professional journals. Dr. Lidster focuses his research on leadership and culture in organizations and the impact those have on cybersecurity capabilities in organizations.

  • speaker photo
    Mark Gelhardt
    Former CIO, The White House

    Colonel Mark Gelhardt is a retired Army combat veteran. While in the Army, Mark was selected to be the Chief Information Officer for The White House, supporting President Clinton with secure Automation and Telecommunication for over four and half years. Mark has over 40 years of experience in providing executive level management in Information Technology and Cybersecurity fields as a CTO, CSO, CIO, and CISO for several global companies. He is currently the VP of Global Technology Governance for US Bank. Mark is a published author and well-known keynote speaker.

  • speaker photo
    Adam Shostack
    Leading Expert on Threat Modeling, Shostack & Associates

    Adam is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and advises startups including as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.

  • speaker photo
    Ron Winward
    Security Evangelist, Radware

    Ron Winward is a Security Evangelist for Radware, where he helps execute the company’s thought leadership on today’s security threat landscape. Ron brings nearly 20 years of experience in the Internet service provider space, most recently as Director of Network Engineering for a global infrastructure and colocation provider. With an expertise in network architectures and DDoS mitigation, Ron has helped design solutions for carriers, enterprises, and cybersecurity service providers around the world.

  • speaker photo
    Jeanette Rogers
    Director of Learning, Kalles Group

    Jeanette Rogers is the Director of Learning at Kalles Group, helping companies build world-class security awareness and training solutions. She has over a decade of experience in design, development, and delivery of global corporate technology-based programs and holds a Master's degree from Stanford University.

  • speaker photo
    Sonja Torseth
    Sr. Training Consultant, Kalles Group

    Sonja Torseth is a Senior Training Consultant at Kalles Group. She designs communications strategy and learning experiences with a sharp focus on end-goals: to affect staff behavior change, especially for security risk mitigation. She has more than 10 years’ experience in communications, learning design, and project delivery, and holds a B.S. degree from Texas Tech University.

  • speaker photo
    Matthew Clapham
    Director of Cybersecurity, GE Healthcare

    Matt Clapham is a Directory of Cybersecurity at GE Healthcare. He and his team make products more secure.

  • speaker photo
    Anne-Marie Scollay
    CISO, Axiom Law

    As CISO for Axiom Law, Anne-Marie leads the information security strategy for Axiom's products/services, corporation, and governance, risk and compliance (GRC). Prior to joining Axiom, she built out and oversaw the infrastructure and security for a Seattle-based SaaS startup and global multi-nationals. Anne-Marie has a passion for operational excellence and a knack for thinking strategically.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Don't miss out!

Join us for high-quality, affordable cybersecurity training and networking. Sign up today!