Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, November 13, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am

    This session is for Advisory Council members only.

    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 1 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Director of Security Operations, Massachusetts Advanced Secure Technologies
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    8:00 am
    SecureWorld PLUS Part 1 - Exercises: The Key to Writing an Effective Response Playbook
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Director of Cyber Operations, Norwich University Applied Research Institutes
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    Developed with funding from the Department of Homeland Security, the DECIDE® platform has been a trusted cybersecurity live exercise solution for more than a decade. The platform’s unmatched combination of needs-based threat scenarios, strategic analytics, and communications mapping has been proven time and again in distributed sector-wide live exercises, organizational trainings, and in smaller board room settings.
    In these 3 training blocks, the facilitator/instructor will guide students to an understanding of basic exercise structure and how to apply it to their own organization, top to bottom, using a distributed, synchronous environment like Decide®.

    8:30 am
    What You Know, We Know: How Your PII Isn't Secure Enough to Be Called Personal Anymore
    • session level icon
    speaker photo
    PhD Cybersecurity Researcher, Secure Societies Institute - University of Huddersfield
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    PII authentication has been used everywhere to authenticate your identity with various service providers, but after a number of data breaches and personal data loss, is it a safe way forward for our next generation? We now have more PII information available online than ever, with social media encouraging the sharing of personal data on a regular basis. Is PII a secure way to authenticate users in the future?
    Check your answers, much like the second-guessing of answers at the end of an exam. Users should be second guessing why providers need their personal information in the first place. If possible, they should change their answers. Providers should consider this PII authentication a void exercise with the amount of information posted online.Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    8:30 am
    The New "Colder" War: Cybersecurity Threats Against Consumer Privacy and Our Democratic Institutions
    • session level icon
    speaker photo
    Lieutenant Colonel, US Air Force (Ret)
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Modern cybersecurity threats have evolved into very effective disinformation campaigns based on what they know about you. What can we collectively do to protect our consumers  and our democratic institutions that we rely upon? Hint: the solution is more than just technology.

    8:30 am
    The Two Faces of Artificial Intelligence
    • session level icon
    speaker photo
    Senior Lecturer, University of Washington, The Information School
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Artificial intelligence (AI) has been with us since 1965, when a computer figured out how to beat humans at checkers. AI is now embedded in many commonly used applications. But AI has two faces. We’ll examine a range of AI applications as well as proposed codes of ethics, and government research investments by the U.S. and China.
    8:30 am
    Approaches to Justifying Cybersecurity Spending
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Practical tips and examples for getting your security initiatives approved and funded, whether you’re talking to your manager or the CFO.

     

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    [OPENING KEYNOTE] Business Email Compromise: Real World Stories and Practical Defense
    • session level icon
    speaker photo
    Special Agent, United States Secret Service
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:30 am
    Location / Room: Keynote Theater

    The average loss from a bank robbery is about $3,000. The average loss from a successful Business Email Compromise (BEC) attack is nearly $130,000. That kind of math explains why BEC is rampant, and every type of organization is at risk. During this presentation, hear from the point person on BEC cases investigated by the U.S. Secret Service. He’ll share true crime examples of and practical steps for defense against BEC losses, which now stand at $13.5 billion in the last six years.

    10:30 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:30 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm

    This session is for Advisory Council members only.

    11:15 am
    Data Laundering, Exploitation, and Extortion: Time for Ethical AI
    • session level icon
    speaker photo
    Founder & Managing Director, AgeLight Digital Trust Advisory Group
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    We are facing seismic change with the convergence of big data and AI. The oceans of information and computing power is providing endless opportunities while challenging the concept of digital dignity. Rather than look at regulatory frameworks, industry needs to be proactive and look at the ethical issues and their long-term impact to society. This session will review ethical frameworks including the need to respect human autonomy, prevent asymmetries of power and ability to undo unintended harm and address unintended biases. These technologies show great promise, but only if they are applied and used within societal values and norms and developed with an “ethical purpose.” They need to be grounded in and reflective of the ethical principles of beneficence (do good) and non-maleficence (do no harm).

    11:15 am
    [Trend Micro] XDR and Closing the Gap on Disparate EDR Approaches
    • session level icon
    speaker photo
    Principal Engineer, Trend Micro, Inc.
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Endpoint Detection and Response (EDR) alone has failed to provide a complete painting of the attack surface. Although EDR has provided a partial understanding of the “ones that got away,” using it as the single source of truth has limited the scope of investigation and left some pieces still in the dark. By drawing from all layers of an infrastructure, not just the security tools, a richer set of data can be gathered and the canvas can be closer to the truth. Join us for this interactive discussion.

    Much like an enhanced SIEM tools drawing from all elements on a network, we can think of XDR as helping us get one step closer to an accurate view.
    Presentation Level: TECHNICAL (deeper dive including TTPs)

     

    11:15 am
    [Panel] Women in Security: Looking to the Future
    • session level icon
    speaker photo
    Senior Lecturer, University of Washington, The Information School
    speaker photo
    CISO, f5
    speaker photo
    Venture Investor, Former CISO at: DocuSign, US Bank & Expedia
    speaker photo
    Institutional Privacy Officer and former UW Associate CISO, University of Washington
    speaker photo
    Cybersecurity & Data Privacy Attorney, Newman Du Wors LLP
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Moderated by risk and security expert Annie Searle, the session features three panelists who each have long careers in cybersecurity, and who will discuss such questions as:
    Ø When hiring a security practitioner or leader on your team, what characteristics or traits do you look for?
    Ø What should women who are thinking of getting into a cybersecurity role know about working in a male dominated field?
    Ø What misconceptions do you think that people have about being in the information security field?
    Ø What are you reading?
    11:15 am
    [Radware] Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Security Evangelist, North America, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm

    This session is for Advisory Council members only.

    12:15 pm
    [LUNCH KEYNOTE] 7 Ways To Boost InfoSec’s Influence (and Yours) by Communicating Differently
    • session level icon
    speaker photo
    Emmy-Winning Journalist, SecureWorld
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Grow your personal influence, your leadership possibilities and move your InfoSec objectives forward (faster) by thinking differently about how you communicate. Whether your audience is the board, your team, or any part of the business, this session will help you and your communication stand out. Lead by a long-time TV reporter turned cybersecurity journalist who shares a framework for powerful communication you can implement immediately.

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.

    1:15 pm
    Panel: You Got Burned, Now What? (Incident Response)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    We’ve all heard the adage that it’s not if it happens but when you are inevitably breached… Do you have a plan? Even a framework to go off of? What do you include? Who do you include? How often should you be practicing this plan? Join our experts as they discuss incident response plans, who should be involved, best practices, and pitfalls.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    CISO Ventures Panel: Are Cybersecurity Startups Meeting Expectations of Buyers Taking a Risk on Them?
    • session level icon
    speaker photo
    Founder & Managing Director, Whiteboard Venture Partners
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm

    The number of cyber startups is growing exponentially, with 4300+ cybersecurity companies worldwide including several private “unicorns”. With so many startups engaged in helping organizations achieve cybersecurity outcomes, how do organizational decisionmakers think about the risks involved in working with them? A panel of CISOs will share their expectations of and experiences with cybersecurity startups, including how they use solutions from startups to meet existing and emerging cybersecurity challenges.

     

    3:00 pm
    Communicating Technology Risk to Non-Tech People: Helping Organizations Understand Bad Outcomes
    • session level icon
    speaker photo
    Director, Risk Science, FAIR Institute
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Communicating risk to nontechnical people is difficult. As security professionals, we can recite the threats and vulnerabilities that are impacting our organizations and we often call those risks. This can influence executives sometimes, but often fails to resonate and connect with the decision makers in the way we want . This session will discuss how to translate threats and vulnerabilities into business risks that executives care about. A review of the weaknesses of traditional technology risk assessment methodologies is offered and an introduction to Cyber Risk Quantification (CRQ) is covered. Example risk reporting to the board is also included.

    3:00 pm
    Bias in AI: The Risk and the Reality
    • session level icon
    speaker photo
    Principal Enterprise Security Architect, Providence St. Joseph Health
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Bias generates risk in all AI systems, but how serious is the problem? This session will help answer the following questions:
    •  What is AI bias, and how prevalent is it in current systems?
    •  Do we need to reduce the impact of bias?
    •  If we want to reduce AI bias, how do we even start?

     

    3:00 pm
    [Avanan] How Hackers Bypass Email Security: An Attack Guide for the Uninitiated
    • session level icon
    speaker photo
    Chief Marketing Officer, Avanan
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm

    The scale of email migration to the cloud requires a strategic shift in security for collaboration suites. The Office 365 inbox and user credentials are the #1 target for hackers. 90% of breaches start with email and the security incident orchestration, automation and response workload drains resources from the SOC team.  Sharing insights from research, Michael will demonstrate the techniques attackers use to bypass Microsoft’s defenses, fool filters, and launch attacks.
    We will discuss how CISOs have started to adopt a continuous adaptive risk and trust assessment mindset to protect inboxes from the evolving threats including phishing, account takeover and business email compromise.

     

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:00 pm
    SecureWorld PLUS Part 2 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director of Security Operations, Massachusetts Advanced Secure Technologies
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    3:00 pm
    SecureWorld PLUS Part 2 - Exercises: The Key to Writing an Effective Response Playbook
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director of Cyber Operations, Norwich University Applied Research Institutes
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Developed with funding from the Department of Homeland Security, the DECIDE® platform has been a trusted cybersecurity live exercise solution for more than a decade. The platform’s unmatched combination of needs-based threat scenarios, strategic analytics, and communications mapping has been proven time and again in distributed sector-wide live exercises, organizational trainings, and in smaller board room settings.
    In these 3 training blocks, the facilitator/instructor will guide students to an understanding of basic exercise structure and how to apply it to their own organization, top to bottom, using a distributed, synchronous environment like Decide®.
  • Thursday, November 14, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 3 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director of Security Operations, Massachusetts Advanced Secure Technologies
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    8:00 am
    SecureWorld PLUS Part 3 - Exercises: The Key to Writing an Effective Response Playbook
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director of Cyber Operations, Norwich University Applied Research Institutes
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    Developed with funding from the Department of Homeland Security, the DECIDE® platform has been a trusted cybersecurity live exercise solution for more than a decade. The platform’s unmatched combination of needs-based threat scenarios, strategic analytics, and communications mapping has been proven time and again in distributed sector-wide live exercises, organizational trainings, and in smaller board room settings.
    In these 3 training blocks, the facilitator/instructor will guide students to an understanding of basic exercise structure and how to apply it to their own organization, top to bottom, using a distributed, synchronous environment like Decide®.

    8:30 am
    Human Resilience in Our Cybersecurity Culture
    • session level icon
    speaker photo
    President , DuHart Consulting
    speaker photo
    Principle Cybersecurity Architect, DuHart Consulting
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    As employers struggle attracting and retaining cybersecurity personnel, it is important to note that employees need to feel appreciated. Employees also need to understand how to work through the stress associated with this environment. Utilizing this presentation as a springboard to greater understanding from both sides of management, one will walk away with an understanding of:
    •  What is stress?
    •  What are IT soft skills?
    •  How managing stress and practicing soft skills impact organizational culture
    •  How stress, soft skills, and culture have a direct impact on the talent gap
    •  Avoiding burnout
    Presentation Level: GENERAL
    (InfoSec best practices, trends, solutions, etc.)

    8:30 am
    3 Things You Absolutely Need to Know About Data Privacy in 2019 to Move Your Organization Forward
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    In today’s business landscape, privacy will make you more innovative and become your competitive advantage. Transparency is the key to long-term mutually beneficial relationships with your customers. In this session, we’ll cover the latest GDPR updates, the road to CCPA compliance and offer practical steps on how to integrate privacy within the security culture of your company.

    If you don’t have your customer’s best interests at heart, your competiton will. This means caring enough to stay on top of the latest privacy trends and how to make a sustainable privacy program to keep your customer’s trust.
    8:30 am
    Zero Trust: The Elements of Strategy
    • session level icon
    speaker photo
    Strategist, MiSec Community
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Philosophies for securing technology has crashed over our industry in waves. Capability-based security locked down IT (except when it didn’t.) Risk-based security prioritized efforts and focused us on securing the business (when people listen.) Threat-centric security cleared everything up by explaining what the bad guys were doing (with file hashes and IP addresses.) Following these less than successful philosophies, trust-centric security has entered the scene. This session will cover zero-trust strategies and highlight case studies of organizations leveraging zero-trust to align and coordinate tactics. Trust is neither binary nor permanent, and neither is real-world security.

    8:30 am
    How to Leverage Leadership Style to Improve Your Security Posture
    • session level icon
    speaker photo
    Sr. Manager, Information Security and Compliance, AAA Washington
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Noncompliance to information security policies and standards remains the primary root cause of breaches for organizations in the United States. There are many considerations and challenges to improving employee behavior in the use of IT resources, data, and technology. The style of leadership demonstrated by an organization may be one of the more important facets. This presentation demonstrates the solid connection between leadership style and employee compliance to information security policies in organizations.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    [OPENING KEYNOTE] How to Manage Your Own Career to Get to the Top
    • session level icon
    speaker photo
    Former CIO, The White House
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Do you have a plan for your future? Why not? You are the leader of your own destiny! You need to look at where you are, where you want to go, and have a plan to get there. We will talk about how to develop a plan, what to think about, and how to put one foot in front of the other to get to your end goal. We will also talk about how to manage up to your boss to get what you need to help you in your own career. Col. Mark Gelhardt made it to The White House managing his own career, and stood next to the President of the United States. He will tell you how he did it; if he can do it, so can you!

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    10:15 am
    Mark Gelhardt Book Signing on the Exhibitor Floor
    • session level icon
    Quantities are limited and will be distributed on a first-come, first-served basis.
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Mark Gelhardt will be signing copies of his book, “My Time at The Clinton White House.”
    Find him on the Exhibitor Floor at the following times:
    10:15 a.m. – 11:15 p.m..
    BOOK SYNOPSIS:
    Colonel Mark Gelhardt had an atypical military career that landed him in The White House next to the President of the United States, where he was responsible for the last link of communications between the President and the rest of the U.S. government. While a Lieutenant Colonel (LTC) in the Army, Mark was selected by top federal officials to be the Commander of the Data Systems Unit, as part of the White House Communications Agency. In this position, he supported the President as the Chief Information Officer (CIO) for all classified IT used by The White House. LTC Gelhardt served at the White House for over four years (1995-1999), working with President Clinton and his staff almost every day, both on the White House grounds and traveling worldwide. This gave him unfettered access to the inner workings of The White House and the Presidency. Since retiring from the Army in 2001, Mark has been asked by many people about his time at The White House. Mark has many stories about what happened behind closed doors, and proudly speaks about the outstanding support done by the fantastic military members that support the Commander-in-Chief. Mark has taken the time to chronicle his experiences about his day-to-day job at The White House, as well as some of the funny stories he picked up along the way. Please enjoy this non-political book with surprising behind-the-scenes stories. I hope they provide you with some insight to the wonderful military members that work so hard to keep you safe every day in support the of President and Commander-in-Chief.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm

    This session is for Advisory Council members only.

    11:00 am
    Cloud Security Alliance Meeting and Presentation - Open to all Attendees
    • session level icon
    Presentation: Threat Modeling 2019
    speaker photo
    Leading Expert on Threat Modeling, Shostack & Associates
    Registration Level:
    • session level iconOpen Sessions
    11:00 am - 12:00 pm

    Interested in your local associations? Join Cloud Security Alliance (CSA) for a chapter meeting and guest presentation.
    Presenting: Attacks always get better, so your threat modeling needs to evolve. Learn what’s new and important in threat modeling in 2019. Computers that are things are subject to different threats, and systems face new threats from voice cloning and computational propaganda and the growing importance of threats  at the human layer.  Take home actionable ways to ensure your security engineering is up to date.

    11:15 am
    [Panel] Discussion With Huawei’s CSO: A Supply Chain Security Case Study
    • session level icon
    speaker photo
    Founder & Managing Director, AgeLight Digital Trust Advisory Group
    speaker photo
    Chief Security Officer, Huawei Technologies
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Is Huawei a trade war target or a security risk? Regardless, the Huawei accusations by the U.S. Government have shed light on a crucial fact: increased reliance on new technologies introduces new threats into an ecosystem and supply chains. Join this discussion with Huawei’s Chief Security Officer on mitigating your organization’s supply chain risk by applying stringent criteria to all devices and services. The discussion will include the recent review of Huawei technologies and lessons learned can be applied to every enterprise including best practices advocated by NIST, NTIA, and others. Key tenets include embracing security by design, use of risk-based decision models and sharing threat intelligence data.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    11:15 am
    A Survey of U.S. Domestic Security and Privacy Laws: The Evolving Landscape
    • session level icon
    speaker photo
    Managing Partner, XPAN Law Group, LLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    The U.S. legal framework for cybersecurity and data privacy continues to evolve, trying to stay abreast of the ever-evolving and changing technologies. In the past year, state and federal regulatory changes have altered the legal and compliance obligations of many companies across a variety of industries. Additionally, the courts are starting to adopt opinions that are placing more liability on companies for the protection of sensitive personal data. This presentation will provide an overview of key regulatory and legal changes both at the state and federal level, and discuss how companies should prepare to meet these evolving obligations.

    11:15 am
    7 Ways to Boost InfoSec’s Influence (and Yours) by Communicating Differently
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Grow your personal influence, your leadership possibilities and move your InfoSec objectives forward (faster) by thinking differently about how you communicate. Whether your audience is the board, your team, or any part of the business, this session will help you and your communication stand out. Lead by a long-time TV reporter turned cybersecurity journalist who shares a framework for powerful communication you can implement immediately.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm

    This session is for Advisory Council members only.

    12:15 pm
    [LUNCH KEYNOTE] Radware: The 10 Immutable Security Facts for 2019
    • session level icon
    speaker photo
    Security Evangelist, North America, Radware
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    A presentation of top 10 security facts that will disrupt established application and infrastructure security practices. A discussion centered around questions everyone is or should be asking in 2019:

    • What is the attack surface of the public cloud?
    • Why are NIDs, HIDs, and flow collectors not adapted for cloud based infrastructure and applications?
    • How to protect APIs and cloud native applications running in dynamic, end-to-end encrypted service meshes?
    • What is Next Gen WAF and when should I consider it?
    • What are automated threats and how to protect against the 4th generation bots?
    • Is deep learning an inexorable technology as attackers get automated and attacks more sophisticated?
    • What will be the impact of 5G on application security and availability?

    Presentation outline
    A top 10 is subjective in nature, but it wasn’t just pulled out of thin air. The 10 facts are based on trends in recent threats, my own security research, and discussions with CISOs and security leaders.

    The Top 10 security facts for 2019:

    1. The Attack Surface of the Public Cloud is defined by Permissions
    2. The Insider thread of the Public Cloud is the Outsider
    3. HIDs, NIDs, and Flow Collectors are pointless for Securing Cloud-based Applications
    4. WAF does not keep up with Cloud Native Applications
    5. East-West Traffic is getting Encrypted
    6. Attackers are getting Automated
    7. Attacks are getting more Sophisticated
    8. APIs are the new Front-end
    9. Machine and Deep Learning become essential for Threat Detection
    10. 5G will fuel the next IoT Explosion

    Starting the discussion with an overview of the current threat landscape, illustrating with real-world incidents in following categories:

    1. Cloud infrastructure abuse
    2. Data breaches through publicly exposed S3 buckets
    3. Ransom of poorly secured cloud data services
    4. Cloud Infrastructure owning and wiping
    5. Cloudification of DDoS attacks
    6. Automated threats

    A quick run through of the top 10 security facts.

    The rest of the discussion will lead to the 10 facts and is organized in 4 chapters, each centering around a top of mind topic:

    1. Migrating to the cloud
    2. Cloud Native Applications
    3. Automated Threats
    4. 5G/IoT Intersection

    Each chapter is summarized with the top security facts that were demonstrated throughout the discussion

     

    1:15 pm
    Panel: Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.

    1:15 pm
    Panel: The Battle for the Endpoint Continues (Endpoint Security)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    What are you doing to keep the network safe for your employees? You’ve got your fancy next-gen firewall and some A/V. Maybe even some biometrics or 2FA thrown in for safekeeping. We also keep hearing the IAM acronym thrown around. And what is Zero Trust? What are you missing? Oh, yeah… remote workers and IoT. Wouldn’t it be cool if you had someone to ask? Now you do. This panel will go through these questions and more. Join the group discussion as we address the challenges in endpoint and network security.

    1:15 pm
    [OneTrust] CCPA vs Nevada: Comparing 'Do Not Sell' Requirements
    • session level icon
    speaker photo
    Solutions Engineer, OneTrust
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    The CCPA has started an avalanche of new state privacy laws and amendments around the country. From New York to Nevada, these regulations aim to put the control of personal data back with the people, but leave privacy and marketing teams with even more questions. Just how alike are the CCPA’s “Do Not Sell” and Nevada Privacy Law’s “Opt Out of Sale” requirements? How do you understand what data you sell and where that data exists? How can you create customer experiences that deliver on user experience expectations that also integrate with backend systems to automate the process? This session will answer these questions, compare the two laws, share a “Do Not Sell”/”Opt Out of Sale” roadmap and action plan and detail how to create a scalable and sustainable approach to consumer rights to comply with a variety of state and global privacy laws.
    Presentation Level: TECHNICAL (deeper dive including TTPs)
    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Beyond the Security Awareness Check Box
    • session level icon
    speaker photo
    Director of Learning, Kalles Group
    speaker photo
    Sr. Training Consultant, Kalles Group
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    It’s time to move beyond the “Awareness” messaging campaigns and the annual compliance training check box. Employees need to take the next step and act on the knowledge that is constantly pushed out to them. A solid Security Awareness program needs to include opportunities for learners to build their skills as well as practice those skills in realistic scenarios. This session will provide an overview of ways to think beyond doing an annual compliance eLearning and focus on providing on-going learning opportunities that are timely and relevant.
    3:00 pm
    Role of Information Risk and Compliance in Digital Healthcare
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Information technology is becoming a core part of healthcare with the new technology innovation. The risk and compliance strategy and guidance is challenging.
    This presentation focuses on some of the key attributes to take into consideration for creating an IT GRC model to ensure the safety, privacy, and security of the patients.Some of the attributes include:
    – Data as the centerpoint/ focus point of building the GRC model
    – Data classification based on its risk and impact
    – Thinking through Data Lifecycle Approach to attain a detailed      understanding of data and its impact
    3:00 pm
    7 Ways to Boost InfoSec’s Influence (and Yours) by Communicating Differently
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Grow your personal influence, your leadership possibilities and move your InfoSec objectives forward (faster) by thinking differently about how you communicate. Whether your audience is the board, your team, or any part of the business, this session will help you and your communication stand out. Lead by a long-time TV reporter turned cybersecurity journalist who shares a framework for powerful communication you can implement immediately.

    3:00 pm
    The Other Insider Threat
    • session level icon
    speaker photo
    CISO, Axiom Law
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    There’s a lot of talk about the malicious insider, but not as much about the unintentional insider. Whether its employees using personal software to simply get the job done or teams selecting and expensing unauthorized software, company information assets are increasingly difficult to manage. The cloud has brought many great things with it, but it has also created a new form of shadow IT that has the potential for much more devastating consequences than ever before.
    Attend this session to learn:
    • what unintentional insider threat looks like
    • hear first-hand examples of unintentional insider behavior
    • strategies for identifying and managing the other insider threat
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

Exhibitors
  • 1TOUCH.io
    Booth:

    1TOUCH.io, the industry’s first purpose-built personal data discovery solution, helps companies know and reduce their privacy and security risk by discovering unknown uses of personal data. Unlike other solutions, 1TOUCH.io’s network-analytics approach means you don’t have to know where to look for your personal data; we find it for you. Whether you are dealing with data governance and security, operationalizing GDPR, or need to address CCPA with an automated process around SRR, 1TOUCH.io has the solution.

  • Alert Logic
    Booth:

    Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.

  • ARMA NW Region
    Booth:

    THIS IS YOUR ARMA!  The Association of Records Managers and Administrators (ARMA) is the leading international not-for-profit association for Records Management and Information Governance, comprised of approximately 27,000 professionals in this field with chapters across the US, Canada, and internationally.  Do you need guidance on records policy, compliance, and operations?  We are here to help connect you with local professionals for networking, educational session, vendor contacts, meet-ups, and collaboration.

    Bellevue Eastside Chapter
    The Bellevue Chapter serves the greater eastside members providing opportunities for RIM professionals to connect and collaborate.  RIM and IG areas include Utilities, Legal, Medical, Banking, Software, Engineering, Government, Energy, and Telecommunications.

  • Avanan
    Booth:

    Avanan: Email Security—Reinvented.
    Avanan catches the advanced phishing attacks that evade default and advanced security. The invisible, multi-layered solution enables full-suite protection for cloud collaboration software such as Office 365™, G-Suite™, and Slack™. Deploying in one click via API, the platform prevents Business Email Compromise and blocks phishing, malware, data leakage, account takeover, and shadow IT across the enterprise. Avanan replaces the need for legacy solutions like Secure Email Gateways and Cloud Access Security Brokers with a patented solution that goes far beyond any other Cloud Email Security Supplement.

  • Bitglass
    Booth:

    Your company’s move to the cloud delivers flexibility and cost savings, but that doesn’t mean you should lose control of your data. Bitglass’ Cloud Access Security Broker (CASB) solution enables your enterprise to adopt cloud apps while ensuring data security and regulatory compliance. Bitglass secures your data in the cloud, at access, on any device.

    Bitglass was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.

  • CISO Ventures
    Booth:

    Whiteboard Venture Partners is building this exclusive community to help cybersecurity startups engage/collaborate with security innovation stakeholders.

  • Cisco
    Booth:

    Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.

  • Cloud Security Alliance Seattle
    Booth:

    The Greater Seattle Chapter of the Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing in the Pacific Northwest, and provide education on the uses of Cloud Computing to help service providers and customers be secure in the Cloud.

    The Greater Seattle Chapter began in late 2010, led by Vivek Bhatnagar and Marc Pinotti, with our first Chapter Meeting held March 24th 2011.  Our membership since then has grown to include corporate sponsors and over 1100 executive and senior level security, compliance, and IT professionals from throughout the entire Pacific Northwest, Western Canada, and Alaska.

    The Chapter provides a venue for our Members to network, share ideas and research, as well as educational opportunities through quarterly seminars and monthly Chapter meetings that feature presentations by industry experts about Cloud issues, security, and technology.

  • Cobalt.io
    Booth:

    Cobalt’s Pentest as a Service (PtaaS) Platform transforms traditional pentesting into a data-driven vulnerability management engine. Fueled by a global talent pool of certified freelancers, our modern pentest platform delivers actionable results that empowers agile teams to pinpoint, track, and remediate vulnerabilities.

  • Corelight
    Booth:

    Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com 

  • CrowdStrike
    Booth:

    CrowdStrike Inc. (Nasdaq: CRWD), a global cybersecurity leader, is redefining security for the cloud era with an endpoint protection platform built from the ground up to stop breaches. The CrowdStrike Falcon® platform’s single lightweight-agent architecture leverages cloud-scale artificial intelligence (AI) and offers real-time protection and visibility across the enterprise, preventing attacks on endpoints on or off the network. Powered by the proprietary CrowdStrike Threat Graph®, CrowdStrike Falcon correlates over two trillion endpoint-related events per week in real time from across the globe, fueling one of the world’s most advanced data platforms for security.

    With CrowdStrike, customers benefit from better protection, better performance and immediate time-to-value delivered by the cloud-native Falcon platform.

    There’s only one thing to remember about CrowdStrike: We stop breaches.

    Qualifying organizations can gain full access to Falcon Prevent™ by starting a free trial. Learn more: https://www.crowdstrike.com/

  • CTIN
    Booth:

    CTIN has been providing high tech crime fighting training since 1996 in the areas of high-tech security, investigation, and prosecution of high-tech crimes for both private and public sector security and investigative personnel and prosecutors. CTIN sponsors training from experts world-wide for the benefit of private organizations and law enforcement agencies.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Fidelis Cybersecurity
    Booth:

    Fidelis Cybersecurity is a leading provider of threat detection, hunting and response solutions. Fidelis combats the full spectrum of cyber-crime, data theft and espionage by providing full visibility across hybrid cloud / on-prem environments, automating threat and data theft detection, empowering threat hunting and optimizing incident response with context, speed and accuracy. For more information, go to www.fidelissecurity.com.

  • Institute of Internal Auditors (IIA)
    Booth:

    Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.

  • InfraGard – Evergreen / WA chapter
    Booth:

    InfraGard is a partnership of individuals representing businesses, academic institutions, state and local law enforcement agencies, and communities who are dedicated to collaborating and sharing information to prevent hostile acts against the United States.

    The Evergreen InfraGard Members Alliance area of operation is Washington State and over 600 members. As part of the Western Region, we work closely with the IMAs in Los Angeles, San Diego, Oregon, and Idaho. Our chapter’s mission is, “To protect Washington State’s Infrastructure and critical services by providing a secure platform and trusted community to share experiences and information.”

  • ISACA
    Booth:

    As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

  • (ISC)2
    Booth:

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • ISSA Puget Sound Chapter
    Booth:

    ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. Join today.

  • Ixia, a Keysight Business
    Booth:

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Jazz Networks
    Booth:

    Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.

  • Lockpath
    Booth:

    Lockpath is a software company bringing order to the chaos of managing risk. From SMB to enterprise, our risk management platforms flex and scale to existing processes enabling customers a straightforward approach to identify, understand, manage and report on risk.

  • Malwarebytes
    Booth:

    Malwarebytes secures endpoints, making workplaces resilient. Our adaptive attack protection predicts and detects attacks with multi-layer detection across the kill chain. We enable active threat response with machine learning that is actionable and automated, allowing for full recovery when a compromise occurs. We empower enterprise endpoint orchestration across siloed IT and Security organizations, simplifying security management and making responses effective.

    Malwarebytes makes endpoints resilient so workplaces can protect and remediate, and employees can regain control of their digital lives. Visit us at www.malwarebytes.com.

  • Mimecast
    Booth:

    Mimecast Is Making Email Safer For Business.

    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service. Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • nCipher
    Booth:

    nCipher Security, a leader in the hardware security module (HSM) market, empowers world-leading organizations by delivering trust, integrity and control to their business critical information and applications, IoT, blockchain and digital payments

  • New Tech Seattle
    Booth:

    Seattle’s largest ongoing monthly event with more than 5,600 members. New Tech Seattle is the place where you’ll always make great connections, enjoy great food and drinks, learn about new companies doing cool things, laugh, smile, and have a fun night out. And most importantly, you’ll discover the people, partners, organizations, and resources to help you to build your dreams.

    It’s your community, we just love it and give everyone a place to play together. New Tech Seattle happens on the 2nd or 3rd Tuesday of every month. You can also join us on the 1st or 2nd Tuesday of every month at New Tech Eastside if you spend more time in Kirkland, Bellevue, Redmond, and the surrounding cities.

  • Northwest Tech Alliance (NWTA)
    Booth:

    The Northwest Tech Alliance (NWTA) is an independent technology association dedicated to bringing together some of the brightest minds from the technology industry.
    NWTA events are focused on helping attendees:
    · Network with other technology industry professionals
    · Provide education and information relative to the latest technologies and industry trends
    · Generate opportunities for personal, professional and business growth
    · Promote the Puget Sound area as a desirable place to start and grow successful technology companies
    · Learn about local food/chefs, wineries, breweries, and distilleries
    · Support local businesses and give back to the community
    · Build lifelong relationships

  • OneTrust
    Booth:

    OneTrust is the leading and fastest growing privacy management software platform used by hundreds of organizations globally to comply with data privacy regulations across sectors and jurisdictions, including the EU GDPR and Privacy Shield.

  • Online Trust Alliance (OTA)
    Booth:

    The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust, while promoting innovation and the vitality of the internet. OTA’s goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users’ security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, meaningful self-regulation and data stewardship.

  • ProcessUnity
    Booth:

    ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources.

  • Qualys, Inc.
    Booth:

    Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 120 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

  • Radware
    Booth:

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • RedSeal
    Booth:

    At RedSeal, our vision is to become the essential analytics and decision-making platform for building digitally resilient organizations people can trust. We do this by becoming the measure by which every organization can quantify its digital resilience. As thought leaders on resilience, we envision every organization starting the security discussion with the question “What’s our Digital Resilience Score?” Founded in 2004, RedSeal is headquartered in Sunnyvale, California.

  • Spirion
    Booth:

    Spirion is a leading enterprise data management software solution that provides high-precision searches and automated classification of unstructured and structured data with unparalleled accuracy.  Spirion helps businesses reduce their sensitive data footprint and proactively minimize risks, costs and reputational damage of cyberattacks by discovering, classifying, monitoring and protecting sensitive data.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tevora
    Booth:

    Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats. For more information visit https://www.tevora.com.com/.

  • Thales e-Security
    Booth:

    Today’s enterprises depend on the cloud, data and software to make decisive decisions. That’s why the most respected brands and largest organizations in the world rely on Thales to help them protect their most sensitive information and software wherever it is created, accessed or stored – from the cloud and data centers to devices and across networks. As the global leader in cloud and data protection, our solutions enable organizations to move to the cloud securely, achieve compliance with confidence, and create more value from their software in the devices and services used by millions of consumers every day.

  • Trend Micro
    Booth:

    Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.

  • Trustwave
    Booth:

    Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries.

  • University of Washington
    Booth:

    The Office of the Chief Information Security Officer (CISO) promotes a culture of shared responsibility to safeguard personal and institutional data. Services are designed to assist the UW community by monitoring, analyzing, and forecasting threats to information assets, advising on risk management and on contracts related to data security, providing in-person and online education, consulting on incident management, and developing and managing University policies related to information security.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Gene Kingsley
    Director of Security Operations, Massachusetts Advanced Secure Technologies

    Gene Kingsley, Director of Security Operations Center where he leads his team to help protect the clients of Massachusetts Advanced Security Technologies.

  • speaker photo
    Tom Muehleisen
    Director of Cyber Operations, Norwich University Applied Research Institutes

    Tom Muehleisen, CISSP and Retired Army Lieutenant Colonel, is a proven leader in cybersecurity. He is currently the Director of Cyber Operations for NUARI, a non-profit focused on improving our nation’s cybersecurity. He has a rich emergency management background as a National Guardsman, ranging from fighting fires to writing Washington State’s cyber response plan. After retiring from the military, he continued his efforts to secure Critical Functions and Community Lifelines though education, outreach and exercises. His experiences as a senior leader in Army Information Operations give him a particularly deep view of adversary motivations, which he brings to the classroom.

  • speaker photo
    Abigail McAlpine
    PhD Cybersecurity Researcher, Secure Societies Institute - University of Huddersfield

    Abigail McAlpine is a CyberSecurity Researcher at the Secure Societies Institute at the University of Huddersfield. Her research is specialised in PII data published on digital systems that leads users to become vulnerable to a number of threats to their identity and safety long-term.

  • speaker photo
    Kevin J. Murphy
    Lieutenant Colonel, US Air Force (Ret)

    Kevin was the VP of Cybersecurity Operations and Governance at IOActive.com, a retired US Air Force intelligence officer, and the former Director of Windows Security Architecture at Microsoft with over 25 years of experience in threat intelligence and information security. Kevin holds the following security certifications. CISM, CISSP, CGEIT.

  • speaker photo
    Annie Searle
    Senior Lecturer, University of Washington, The Information School

    Annie Searle is a senior lecturer at the University of Washington’s School of Information, where she teaches courses on risk management, cybersecurity, and information management, She is a lifetime member of The Institute of American Entrepreneurs; and was inducted in 2011 into the Hall of Fame for the International Network of Women in Homeland Security and Emergency Management. She writes a column monthly for ASA News & Notes; and is the author of several books or book chapters, most recently "Risk Reconsidered, " a collection of articles and columns published in July 2018. She is also principal of ASA Risk Consultants, a Seattle-based firm. Searle is a pro bono advisor to the Seattle Police Department, and a member of the board of directors of the Seattle Public Library Foundation. Searle spent ten years at Washington Mutual Bank where for most of those years she chaired the crisis management team.

  • speaker photo
    Christopher McMahon
    Special Agent, United States Secret Service

    Chris McMahon is a Special Agent for the United States Secret Service. Prior to joining the Secret Service, Chris was a Prince George’s County, MD Police Officer. Chris is a well-seasoned criminal investigator specializing in cyber-enabled financial fraud, money laundering, credit card/ID fraud among other crimes. Chris began his Secret Service career out of the New York Field Office spending time between the Fraud Squad and Electronic Crimes Task Force where he earned the designation NITRO Agent for specialized training in network intrusions. While in the New York Field Office, Chris ran point on several large-scale multi-national criminal investigations targeting transnational organized crime groups. Chris is currently assigned to the U.S. Secret Service, Global Investigative Operations Center (GIOC) where he specializes in Business Email Compromise schemes and account takeovers focusing on the international nexus of cyber-enabled financial crime.

  • speaker photo
    Craig Spiezle
    Founder & Managing Director, AgeLight Digital Trust Advisory Group

    Craig Spiezle is the founder and managing partner of AgeLight Advisory Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.

  • speaker photo
    Craig Schippers
    Principal Engineer, Trend Micro, Inc.

    Craig Schippers is a CISSP Certified Principal Sales Engineer at Trend Micro. He has worked in the Security Industry for approximately 17 years assisting customers with their Infrastructure Security needs. He lives in the Kettle Falls, WA.

  • speaker photo
    Annie Searle
    Senior Lecturer, University of Washington, The Information School

    Annie Searle is a senior lecturer at the University of Washington’s School of Information, where she teaches courses on risk management, cybersecurity, and information management, She is a lifetime member of The Institute of American Entrepreneurs; and was inducted in 2011 into the Hall of Fame for the International Network of Women in Homeland Security and Emergency Management. She writes a column monthly for ASA News & Notes; and is the author of several books or book chapters, most recently "Risk Reconsidered, " a collection of articles and columns published in July 2018. She is also principal of ASA Risk Consultants, a Seattle-based firm. Searle is a pro bono advisor to the Seattle Police Department, and a member of the board of directors of the Seattle Public Library Foundation. Searle spent ten years at Washington Mutual Bank where for most of those years she chaired the crisis management team.

  • speaker photo
    Mary Gardner
    CISO, f5

    Mary Gardner’s background provides a wealth of security, compliance, and risk management expertise from a variety of industries, including healthcare, finance, and transportation/logistics. She joined F5 as chief information security officer (CIS)) from Seattle Children’s, where she served as CISO. She has also held security leadership positions at Fred Hutchinson Cancer Research Center, Port of Seattle, JPMorgan Chase, and Washington Mutual.
    Gardner holds a B.S. from Trinity University. She is also a Certified Information Systems Security Professional (CISSP) and member of the Executive Women’s Forum. Gardner is based in Seattle at F5’s corporate headquarters.

  • speaker photo
    Vanessa Pegueros
    Venture Investor, Former CISO at: DocuSign, US Bank & Expedia

    Vanessa is a CyberSecurity leader with over 16 years of security experience. She is currently serving on the Board of Carbon Black (CBLK) and BECU. She also is a venture partner with Flying Fish Partners in Seattle. Vanessa formally worked as the CISO at DocuSign and successfully managed through hyper growth and an IPO in 2018. She also was the SVP of Enterprise Security at US Bank, CISO at Expedia and has held senior level security roles with Washington Mutual, Cingular and AT&T Wireless. She has held numerous other roles specifically within the wireless arena including Network Planning, Architecture & Engineering, Technical Sales, and Product Development. She has an MBA from Stanford University, a MS in Telecommunication from the University of Colorado, and a BS in Engineering from UC Berkeley. She holds GSEC, CRISC, CISM, and CISSP security certifications as well as the Certified Information Privacy Professional Europe (CIPP/E) privacy certification.

  • speaker photo
    Ann Nagel
    Institutional Privacy Officer and former UW Associate CISO, University of Washington

    Ann Nagel is the Associate Vice Provost for Privacy, University Privacy Officer, and European Union General Data Protection Officer for the University of Washington (UW). She is responsible for developing a cohesive strategy for the humanitarian and legal aspects of privacy across the UW. To help ensure privacy is included in the design of the UW’s systems and services she collaborates closely with other individuals at the UW who have responsibility for managing and/or protecting personal data. Prior to her privacy role she was the Associate Chief Information Security Officer at the UW with responsibilities for policy, advising, education, incident management, and security-focused software development. She has also held consulting, auditing, and project management related positions.

  • speaker photo
    Melissa Van Buhler
    Cybersecurity & Data Privacy Attorney, Newman Du Wors LLP

    Melissa’s legal practice focuses on cybersecurity, privacy, and regulatory compliance. Her key strength is helping organizations achieve cyber resiliency through legal and regulatory compliance.

    Before joining Newman Du Wors in 2018, she served more than 15 years as a Judge Advocate General officer in the United States Army where she supported top-secret operations at the National Security Agency (NSA), United States Cyber Command, and United States Army Special Operations Command. During her tenure, Melissa gained unique insights into worldwide vulnerabilities to cyberattacks and helped develop best practices to combat them. She advised on the complex lifecycle of intelligence data collection from origination, use and sharing within and among intelligence agencies. Her data privacy expertise grew from advising on federal rules and regulations surrounding the robust oversight of intelligence activities, particularly in the complex world of signals intelligence.

    Melissa earned a master of laws in Information Technology & Intellectual Property from University of Colorado, Boulder in between assignments with intelligence organizations. She is also a combat veteran of Operation Iraqi Freedom having served one year with the 4th Infantry Division in Taji, Iraq, from 2005-2006.

  • speaker photo
    Ron Winward
    Security Evangelist, North America, Radware

    As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America. Before joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP.
    Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
    Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
    Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
    Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation.

  • speaker photo
    Bruce Sussman
    Emmy-Winning Journalist, SecureWorld

    Bruce Sussman is a life-long storyteller who spent 20 years on TV screens in Portland, Oregon, as a journalist and meteorologist, winning two regional Emmy awards for “Best Weather Anchor.” He still pops up on KATU News occasionally, but he’s more likely to be spotted now on a security podcast, moderating a panel discussion at a SecureWorld InfoSec conference, or leading a session on more powerful communication in a corporate environment. After a brief stint at Gartner working with CISOs, Sussman now leads cybersecurity writing and content for SecureWorld’s media division.

  • speaker photo
    Moderator: Abhijit Solanki
    Founder & Managing Director, Whiteboard Venture Partners

    Abhijit Solanki is the founder of Whiteboard Venture Partners, an early stage venture capital firm helping entrepreneurs achieve their whiteboard dreams.

  • speaker photo
    Jack Freund, PhD
    Director, Risk Science, FAIR Institute

    Dr. Jack Freund is a leading voice in cyber risk measurement and management. He is an expert at building relationships to collaborate, persuade, and sell information risk and security programs. Jack is currently serving as Director, Risk Science at RiskLens and previously worked for TIAA as Director, Cyber Risk. Jack holds a PhD in Information Systems and has been named an IAPP Fellow of Information Privacy. Jack’s book on quantifying risk (Measuring and Managing Information Risk: A FAIR Approach) was inducted into the Cybersecurity Canon in 2016. Jack’s writings have appeared in the ISSA Journal and he currently writes a column for the @ISACA newsletter.

  • speaker photo
    Brian Cady
    Principal Enterprise Security Architect, Providence St. Joseph Health

    Brian Cady has been working in the information technology industry for more than 20 years with an exceptionally broad background focusing on security, architecture and future technologies. Brian has held leadership positions for IBM and Microsoft along with banking, airline and gaming companies. He is currently leading the Security Strategy & Architect teams for one of the largest healthcare providers in the country and is pursuing a Master of Science degree in Information Systems Management through the University of Salford in Manchester England.

  • speaker photo
    Michael Hiskey
    Chief Marketing Officer, Avanan

    Michael Hiskey is a long-time data, analytics, cloud, and AI industry executive. An accomplished writer and speaker, he has published articles in Forbes, InfoWorld, TechCrunch, ITProPortal, etc. He spends his time thinking about how these innovations impact B2B organizations and their customers. Michael has a background in enterprise technology from IBM, where he led marketing, customer success, and development teams for almost 10 years. He then went on to lead marketing efforts at high-growth firms like Kognitio, Trifacta, and Semarchy before joining the Avanan team in 2019. Michael holds an MBA from Columbia Business School, and lives on Long Island with his wife and daughter—one current and one future "women in technology."

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Gene Kingsley
    Director of Security Operations, Massachusetts Advanced Secure Technologies

    Gene Kingsley, Director of Security Operations Center where he leads his team to help protect the clients of Massachusetts Advanced Security Technologies.

  • speaker photo
    Tom Muehleisen
    Director of Cyber Operations, Norwich University Applied Research Institutes

    Tom Muehleisen, CISSP and Retired Army Lieutenant Colonel, is a proven leader in cybersecurity. He is currently the Director of Cyber Operations for NUARI, a non-profit focused on improving our nation’s cybersecurity. He has a rich emergency management background as a National Guardsman, ranging from fighting fires to writing Washington State’s cyber response plan. After retiring from the military, he continued his efforts to secure Critical Functions and Community Lifelines though education, outreach and exercises. His experiences as a senior leader in Army Information Operations give him a particularly deep view of adversary motivations, which he brings to the classroom.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Gene Kingsley
    Director of Security Operations, Massachusetts Advanced Secure Technologies

    Gene Kingsley, Director of Security Operations Center where he leads his team to help protect the clients of Massachusetts Advanced Security Technologies.

  • speaker photo
    Tom Muehleisen
    Director of Cyber Operations, Norwich University Applied Research Institutes

    Tom Muehleisen, CISSP and Retired Army Lieutenant Colonel, is a proven leader in cybersecurity. He is currently the Director of Cyber Operations for NUARI, a non-profit focused on improving our nation’s cybersecurity. He has a rich emergency management background as a National Guardsman, ranging from fighting fires to writing Washington State’s cyber response plan. After retiring from the military, he continued his efforts to secure Critical Functions and Community Lifelines though education, outreach and exercises. His experiences as a senior leader in Army Information Operations give him a particularly deep view of adversary motivations, which he brings to the classroom.

  • speaker photo
    Samantha Dutton
    President , DuHart Consulting

    Dr. Samantha Dutton is the President of DuHart Consulting where she works with her husband in addressing cybersecurity business needs, as it impacts the human factor. She is also an Associate Dean and the Director of the Social Work Program in the College of Social and Behavioral Sciences at the University of Phoenix. She is a Licensed Clinical Social Worker and holds a PhD in Social Work and Social Research. Dr. Dutton served over 25 years in the United States Air Force, retiring as Lieutenant Colonel. She held positions of Deputy Commander of Medical Operations at Mike O’Callaghan Military Medical Center as well as the Medical Squadron at Joint Base Lewis-McChord. She also commanded the Mental Health Clinic at Nellis Air Force Base. She has been the recipient of numerous Air Force level awards and was deployed in support of Operation Iraqi Freedom and Operation Enduring Freedom where she was the lone mental health practitioner for 2500 personnel. Dr. Dutton’s passions include military transition, single parents serving in the military and ensuring veterans have access to services. She has recently embarked on a venture with her husband to address the needs of the cybersecurity profession. She has presented in different forums surrounding these passions as well as publishing an article on single parents in the Air Force. Dr. Dutton created the military social work curriculum for online institution where she brought real world experience and research to the program. Dr. Dutton is married and has 4 children and a granddaughter.

  • speaker photo
    Andrew Dutton
    Principle Cybersecurity Architect, DuHart Consulting

    Andrew Dutton is a leader in the cybersecurity industry with DuHart Consulting as the Principle Cybersecurity Architect. In previous roles, he has designed, implemented and overseen program development, control adoption, and strategic planning. He has developed programs for multiple organizations and excels as using a risk-based approach to ensure organizations have implemented the most effective solutions and processes. He implements cybersecurity into processes and not as a separate silo. Building a cybersecurity culture is a key fundamental for any program. Andrew has advanced expertise in the security and compliance space, including NIST, CIS, COBIT, ISO, ITIL, HIPAA, and other frameworks and programs in the IT strategic and tactical processes. He brings a street smart approach to intricate business problems in order to find secure solutions. He is also committed to developing human resources to get the job done.

  • speaker photo
    Wolfgang Goerlich
    Strategist, MiSec Community

    J Wolfgang Goerlich is an active part of the Michigan security community. He hosts a YouTube video series and the Encode/Decode Security Podcast. Wolfgang regularly advises on and presents on the topics of risk management, incident response, business continuity, secure development life cycles, and more.

  • speaker photo
    William Lidster
    Sr. Manager, Information Security and Compliance, AAA Washington

    Dr. William Lidster has more than 25 years of experience in IT and information security leadership in government, retail, insurance, finance, healthcare, and the utility industries. He received is PhD in Information Security and Assurance from Capella University and has published in IEEE and other professional journals. Dr. Lidster focuses his research on leadership and culture in organizations and the impact those have on cybersecurity capabilities in organizations.

  • speaker photo
    Mark Gelhardt
    Former CIO, The White House

    Colonel Mark Gelhardt is a retired Army combat veteran. While in the Army, Mark was selected to be the Chief Information Officer for The White House, supporting President Clinton with secure Automation and Telecommunication for over four and half years. Mark has over 40 years of experience in providing executive level management in Information Technology and Cybersecurity fields as a CTO, CSO, CIO, and CISO for several global companies. He is currently the VP of Global Technology Governance for US Bank. Mark is a published author and well-known keynote speaker.

  • speaker photo
    Book Signing
  • speaker photo
    Adam Shostack
    Leading Expert on Threat Modeling, Shostack & Associates

    Adam is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and advises startups including as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.

  • speaker photo
    Craig Spiezle
    Founder & Managing Director, AgeLight Digital Trust Advisory Group

    Craig Spiezle is the founder and managing partner of AgeLight Advisory Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.

  • speaker photo
    Andy Purdy
    Chief Security Officer, Huawei Technologies

    Andy is Chief Security Officer for Huawei Technologies USA, overseeing Huawei USA's cybersecurity assurance program and supporting Huawei’s global assurance program. Andy is the Huawei global lead for the East-West Institute Global Cooperation in Cyberspace Initiative and serves on the Steering Committee of The Open Group Trusted Technology Forum, which developed the Open Trusted Technology Provider Standard (O-TTPS), recognized as ISO/IEC 20243.

    Andy was the senior cybersecurity official of the U.S. Government from 2004-2006. Prior to joining the Department of Homeland Security, Andy was a member of the White House staff where he helped to draft the U.S. National Strategy to Secure Cyberspace (2003), after which he went to the Department of Homeland Security (DHS) where he helped to form and then led the National Cyber Security Division (NCSD) and the U.S. Computer Emergency Readiness Team (US-CERT).

  • speaker photo
    Jordan Fischer
    Managing Partner, XPAN Law Group, LLC

    Jordan L. Fischer is co-founder and managing partner of XPAN Law Group, LLC, a Women-Owned boutique law firm. She focuses her practice on international data privacy and cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations and the General Data Protection Regulation (GDPR). Jordan has extensive experience in the intersection of law and technology. She is also an Assistant Professor of Law at the Thomas R. Kline School of Law at Drexel University.

  • speaker photo
    Ron Winward
    Security Evangelist, North America, Radware

    As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America. Before joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP.
    Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
    Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
    Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
    Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation.

  • speaker photo
    Ethan Sailers
    Solutions Engineer, OneTrust

    Ethan Sailers serves as a Privacy Engineer at OneTrust, the largest and most widely-used dedicated privacy management technology platform to operationalize privacy, security, and third-party risk management. In his role, he advises companies large and small on EU GDPR, California Consumer Privacy Act (CCPA), Brazil LGPD, and hundreds of the world's privacy laws, focused on formulating efficient and effective responses to data protection requirements as well as building and scaling privacy programs. Ethan is a Certified Information Privacy Professional (CIPP/E, CIPM), and earned a Bachelor of Science in Industrial and Systems Engineering from the Georgia Institute of Technology.

  • speaker photo
    Jeanette Rogers
    Director of Learning, Kalles Group

    Jeanette Rogers is the Director of Learning at Kalles Group, helping companies build world-class security awareness and training solutions. She has over a decade of experience in design, development, and delivery of global corporate technology-based programs and holds a Master's degree from Stanford University.

  • speaker photo
    Sonja Torseth
    Sr. Training Consultant, Kalles Group

    Sonja Torseth is a Senior Training Consultant at Kalles Group. She designs communications strategy and learning experiences with a sharp focus on end-goals: to affect staff behavior change, especially for security risk mitigation. She has more than 10 years’ experience in communications, learning design, and project delivery, and holds a B.S. degree from Texas Tech University.

  • speaker photo
    Anne-Marie Scollay
    CISO, Axiom Law

    As CISO for Axiom Law, Anne-Marie leads the information security strategy for Axiom's products/services, corporation, and governance, risk and compliance (GRC). Prior to joining Axiom, she built out and oversaw the infrastructure and security for a Seattle-based SaaS startup and global multi-nationals. Anne-Marie has a passion for operational excellence and a knack for thinking strategically.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Don't miss out!

Join us for high-quality, affordable cybersecurity training and networking. Sign up today!