Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, November 13, 2019
    7:00 am
    Registration Open
    • session level icon
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    • session level iconConference Pass
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Topic: A Legal Post-Mortem: What Did the Lawyers Learn From a Ransomware Attack?
    speaker photo
    Attorney, Focal PLLC
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: 408

    This session is for Advisory Council members only.

    8:00 am
    [SecureWorld PLUS] Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 401

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 1 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Risk Management and Program Implementation Manager, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 407

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    8:00 am
    SecureWorld PLUS Part 1 - Exercises: The Key to Writing an Effective Response Playbook
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Director of Cyber Operations, Norwich University Applied Research Institutes
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 303

    Developed with funding from the Department of Homeland Security, the DECIDE® platform has been a trusted cybersecurity live exercise solution for more than a decade. The platform’s unmatched combination of needs-based threat scenarios, strategic analytics, and communications mapping has been proven time and again in distributed sector-wide live exercises, organizational trainings, and in smaller board room settings.
    In these 3 training blocks, the facilitator/instructor will guide students to an understanding of basic exercise structure and how to apply it to their own organization, top to bottom, using a distributed, synchronous environment like Decide®.

    8:30 am
    What You Know, We Know: How Your PII Isn't Secure Enough to Be Called Personal Anymore
    • session level icon
    speaker photo
    PhD Cybersecurity Researcher, Secure Societies Institute - University of Huddersfield
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 406
    PII authentication has been used everywhere to authenticate your identity with various service providers, but after a number of data breaches and personal data loss, is it a safe way forward for our next generation? We now have more PII information available online than ever, with social media encouraging the sharing of personal data on a regular basis. Is PII a secure way to authenticate users in the future?
    Check your answers, much like the second-guessing of answers at the end of an exam. Users should be second guessing why providers need their personal information in the first place. If possible, they should change their answers. Providers should consider this PII authentication a void exercise with the amount of information posted online.Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    8:30 am
    How to Leverage Leadership Style to Improve Your Security Posture
    • session level icon
    speaker photo
    Sr. Manager, Information Security and Compliance, AAA Washington
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 405

    Noncompliance to information security policies and standards remains the primary root cause of breaches for organizations in the United States. There are many considerations and challenges to improving employee behavior in the use of IT resources, data, and technology. The style of leadership demonstrated by an organization may be one of the more important facets. This presentation demonstrates the solid connection between leadership style and employee compliance to information security policies in organizations.

    8:30 am
    The Two Faces of Artificial Intelligence
    • session level icon
    speaker photo
    Senior Lecturer, University of Washington, The Information School
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 404
    Artificial intelligence (AI) has been with us since 1965, when a computer figured out how to beat humans at checkers. AI is now embedded in many commonly used applications. But AI has two faces. We’ll examine a range of AI applications as well as proposed codes of ethics, and government research investments by the U.S. and China.
    8:30 am
    Fortifying Your Enterprise In a Changing Security & Privacy Landscape
    • session level icon
    speaker photo
    Internet Privacy & Security Analyst, The Internet Society's Online Trust Alliance
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 403
    Recent multi-million dollar sanctions for data breaches show that businesses cannot afford to be lax on privacy and security. However, the latest Internet Society studies have found that for many companies, these safeguards are severely lacking. What may start as a simple oversight can soon manifest into a potential security and financial nightmare for businesses. Embracing best practices when safeguarding user data is critical for companies to not only retain customers, but to protect themselves from the growing legal liability they could face.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    [OPENING KEYNOTE] Business Email Compromise: Real World Stories and Practical Defense
    • session level icon
    speaker photo
    Special Agent, United States Secret Service
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:30 am
    Location / Room: Keynote Theater

    The average loss from a bank robbery is about $3,000. The average loss from a successful Business Email Compromise (BEC) attack is nearly $130,000. That kind of math explains why BEC is rampant, and every type of organization is at risk. During this presentation, hear from the point person on BEC cases investigated by the U.S. Secret Service. He’ll share true crime examples of and practical steps for defense against BEC losses, which now stand at $13.5 billion in the last six years.

    10:30 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:30 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: Securing the Cloud
    speaker photo
    CTO, WA State Department of Labor and Industries
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 408

    This session is for Advisory Council members only.

    11:15 am
    Data Laundering, Exploitation, and Extortion: Time for Ethical AI
    • session level icon
    speaker photo
    Founder & Managing Director, AgeLight Digital Trust Advisory Group
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 405

    We are facing seismic change with the convergence of big data and AI. The oceans of information and computing power is providing endless opportunities while challenging the concept of digital dignity. Rather than look at regulatory frameworks, industry needs to be proactive and look at the ethical issues and their long-term impact to society. This session will review ethical frameworks including the need to respect human autonomy, prevent asymmetries of power and ability to undo unintended harm and address unintended biases. These technologies show great promise, but only if they are applied and used within societal values and norms and developed with an “ethical purpose.” They need to be grounded in and reflective of the ethical principles of beneficence (do good) and non-maleficence (do no harm).

    11:15 am
    [Trend Micro] XDR and Closing the Gap on Disparate EDR Approaches
    • session level icon
    speaker photo
    Principal Engineer, Trend Micro, Inc.
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 402
    Endpoint Detection and Response (EDR) alone has failed to provide a complete painting of the attack surface. Although EDR has provided a partial understanding of the “ones that got away,” using it as the single source of truth has limited the scope of investigation and left some pieces still in the dark. By drawing from all layers of an infrastructure, not just the security tools, a richer set of data can be gathered and the canvas can be closer to the truth. Join us for this interactive discussion.

    Much like an enhanced SIEM tools drawing from all elements on a network, we can think of XDR as helping us get one step closer to an accurate view.
    Presentation Level: TECHNICAL (deeper dive including TTPs)

     

    11:15 am
    [Panel] Women in Security: Looking to the Future
    • session level icon
    speaker photo
    Senior Lecturer, University of Washington, The Information School
    speaker photo
    Venture Investor, former CISO at DocuSign, US Bank, and Expedia
    speaker photo
    Institutional Privacy Officer and former UW Associate CISO, University of Washington
    speaker photo
    Cybersecurity & Data Privacy Attorney, Focal Law
    speaker photo
    Principal Enterprise Security Architect, F5 Networks
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 404
    Moderated by risk and security expert Annie Searle, the session features three panelists who each have long careers in cybersecurity, and who will discuss such questions as:
    Ø When hiring a security practitioner or leader on your team, what characteristics or traits do you look for?
    Ø What should women who are thinking of getting into a cybersecurity role know about working in a male dominated field?
    Ø What misconceptions do you think that people have about being in the information security field?
    Ø What are you reading?
    11:15 am
    A Survey of U.S. Domestic Security and Privacy Laws: The Evolving Landscape
    • session level icon
    speaker photo
    Managing Partner, XPAN Law Group, LLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 406

    The U.S. legal framework for cybersecurity and data privacy continues to evolve, trying to stay abreast of the ever-evolving and changing technologies. In the past year, state and federal regulatory changes have altered the legal and compliance obligations of many companies across a variety of industries. Additionally, the courts are starting to adopt opinions that are placing more liability on companies for the protection of sensitive personal data. This presentation will provide an overview of key regulatory and legal changes both at the state and federal level, and discuss how companies should prepare to meet these evolving obligations.

    11:15 am
    [Radware] Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Security Evangelist, North America, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 403

    Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Topic: Approaches to Staffing a Security Operations Center – Focus on Outsourcing One or More Aspects of the Function.
    speaker photo
    Manager, IT Security & Risk, Puget Sound Energy
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 408

    This session is for Advisory Council members only.

    12:15 pm
    [LUNCH KEYNOTE] 7 Ways To Boost InfoSec’s Influence (and Yours) by Communicating Differently
    • session level icon
    speaker photo
    Director of Media & Content, Podcast Host, SecureWorld
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Grow your personal influence, your leadership possibilities and move your InfoSec objectives forward (faster) by thinking differently about how you communicate. Whether your audience is the board, your team, or any part of the business, this session will help you and your communication stand out. Lead by a long-time TV reporter turned cybersecurity journalist who shares a framework for powerful communication you can implement immediately.

    1:15 pm
    [Cisco] Threat Landscape in Flux: Emerging Threats
    • session level icon
    speaker photo
    Threat Data Scientist, Cisco Umbrella
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 406
    Amidst the ever-evolving threat landscape, 2018 was a particularly nasty year that saw an increased threat of cryptojacking to the ever-expanding reach of emotet and all of its variants. In 2019 these threats – and others – have expanded their reach and shifted away from SMBs towards enterprise businesses. Join me for a dive into the different attacks and attack vectors that are trending in 2019, the specific industries and geographies that are under siege, the tools we use to differentiate normal versus targeted threat traffic, and what to expect for the remainder of the year and beyond.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

     

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 404

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
    Panelists:
    Ron Winward, Radware
    Myla Pilao, Trend Micro
    Prasidh Srikanth, Bitglass
    Justin Hang, Cisco
    James McCarthy
    Moderator: Larry Wilson

    1:15 pm
    Panel: You Got Burned, Now What? (Incident Response)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 405

    We’ve all heard the adage that it’s not if it happens but when you are inevitably breached… Do you have a plan? Even a framework to go off of? What do you include? Who do you include? How often should you be practicing this plan? Join our experts as they discuss incident response plans, who should be involved, best practices, and pitfalls.
    Panelists:
    Brad Pierce, Structured
    Scott Giordano, Spirion
    Robert Statsinger, ContrastSecurity
    Palo Alto Networks
    Moderator: Gene Kingsley

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:15 pm
    Birds of a Feather Discussion Groups
    • session level icon
    Topic: Cloud Security: Securing Your Organization’s Digital Transformation
    speaker photo
    Risk Management and Program Implementation Manager, University of Massachusetts
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 2:45 pm
    Location / Room: Red Booth on the Exhibitor Floor

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

    2:15 pm
    Birds of a Feather Discussion Groups
    • session level icon
    Topic: Responding to the Evolving Privacy Landscape
    speaker photo
    Cybersecurity & Data Privacy Attorney, Focal Law
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 2:45 pm
    Location / Room: White Booth on the Exhibitor Floor

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

    2:15 pm
    Birds of a Feather Discussion Groups
    • session level icon
    Topic: Insider Threat
    speaker photo
    Digital Event Director, SecureWorld
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 2:45 pm
    Location / Room: Blue Booth on the Exhibitor Floor
    2:15 pm
    Birds of a Feather Discussion Groups
    • session level icon
    Topic: Communicating to the Board
    speaker photo
    CISO, Atmosera
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 2:45 pm
    Location / Room: Yellow Booth on the Exhibitor Floor

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

    3:00 pm
    CISO Ventures Panel: Are Cybersecurity Startups Meeting Expectations of Buyers Taking a Risk on Them?
    • session level icon
    speaker photo
    Founder & Managing Director, Whiteboard Venture Partners
    speaker photo
    Director of Product Security, Privacy & Compliance, UiPath
    speaker photo
    CIO, Delta Dental of Washington
    speaker photo
    VP and CISO, TrueBlue Inc.
    speaker photo
    Founder, [Stealth Mode]
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 404

    The number of cyber startups is growing exponentially, with 4300+ cybersecurity companies worldwide including several private “unicorns”. With so many startups engaged in helping organizations achieve cybersecurity outcomes, how do organizational decision makers think about the risks involved in working with them? A panel of CXOs will share their expectations of and experiences with cybersecurity startups, including how they use solutions from startups to meet existing and emerging cybersecurity challenges.

     

    3:00 pm
    Communicating Technology Risk to Non-Tech People: Helping Organizations Understand Bad Outcomes
    • session level icon
    speaker photo
    Director, Risk Science, FAIR Institute
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 402

    Communicating risk to nontechnical people is difficult. As security professionals, we can recite the threats and vulnerabilities that are impacting our organizations and we often call those risks. This can influence executives sometimes, but often fails to resonate and connect with the decision makers in the way we want . This session will discuss how to translate threats and vulnerabilities into business risks that executives care about. A review of the weaknesses of traditional technology risk assessment methodologies is offered and an introduction to Cyber Risk Quantification (CRQ) is covered. Example risk reporting to the board is also included.

    3:00 pm
    Bias in AI: The Risk and the Reality
    • session level icon
    speaker photo
    Principal Enterprise Security Architect, Providence St. Joseph Health
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 406
    Bias generates risk in all AI systems, but how serious is the problem? This session will help answer the following questions:
    •  What is AI bias, and how prevalent is it in current systems?
    •  Do we need to reduce the impact of bias?
    •  If we want to reduce AI bias, how do we even start?

     

    3:00 pm
    [Avanan] Attack Vectors, New and Old: How Hackers Bypass Office 365, and Why They’ll Start Targeting Slack
    • session level icon
    speaker photo
    Sales Engineer, Avanan
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 405

    The scale of migration to the cloud requires a strategic shift in collaboration security suites. The Office 365 inbox and user credentials are the #1 target for hackers. 90% of breaches start with email, and the security incident orchestration, automation, and response workload drains resources from the SOC team. Sharing insights from research, Jeff will demonstrate the techniques attackers use to bypass Microsoft’s defenses, fool filters, and launch attacks.
    Slack is an increasingly important tool for communication and sharing—but is it secure? The same malicious actors who have primarily focused on email have started to turn their attention here. Jeff will discuss key insights around this burgeoning attack vector, and what security pros can do about it.
    He will discuss how CISOs have started to adopt a continuous adaptive risk and trust assessment mindset to protect users across email and messaging from evolving threats, including phishing, account takeover, and business email compromise (BEC).
    Learning Objectives:
    1. Understand the typical attack methods specific to Microsoft Office 365
    2. Learn about the new attacks targeting Slack, and how to combat them
    3. Learn about the shared responsibility model with major vendors in       relation to Zero Day and known threats
    4. Discern between the various tools available to help address preventative protection from advanced and evolving threats

    Points include data from extensive research on email-based phishing, spoofing, and malware, as well as account takeover, insider threats, and compromised credentials that have caused loss of sensitive data from organizations across the country.

    3:00 pm
    [SecureWorld PLUS] Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 401

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:00 pm
    SecureWorld PLUS Part 2 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Risk Management and Program Implementation Manager, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 407

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    3:00 pm
    SecureWorld PLUS Part 2 - Exercises: The Key to Writing an Effective Response Playbook
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director of Cyber Operations, Norwich University Applied Research Institutes
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 303
    Developed with funding from the Department of Homeland Security, the DECIDE® platform has been a trusted cybersecurity live exercise solution for more than a decade. The platform’s unmatched combination of needs-based threat scenarios, strategic analytics, and communications mapping has been proven time and again in distributed sector-wide live exercises, organizational trainings, and in smaller board room settings.
    In these 3 training blocks, the facilitator/instructor will guide students to an understanding of basic exercise structure and how to apply it to their own organization, top to bottom, using a distributed, synchronous environment like Decide®.
    3:30 pm
    Optiv Reception
    • session level icon
    Join Optiv and partners for Happy Hour on the 4th floor!
    Registration Level:
    • session level iconOpen Sessions
    3:30 pm - 6:00 pm
    Location / Room: Meydenbauer Center 4th Floor

    Join your peers for complimentary hors d’oeuvres, beverages, and conversation following the first day of SecureWorld. This is a great opportunity to network with other security professionals from the area, and to discuss the hot topics from the day. NOTE: This event is for SecureWorld attendees and Optiv partners only, thank you.

  • Thursday, November 14, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    [SecureWorld PLUS] Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 401

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 3 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Risk Management and Program Implementation Manager, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 407

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    8:00 am
    SecureWorld PLUS Part 3 - Exercises: The Key to Writing an Effective Response Playbook
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director of Cyber Operations, Norwich University Applied Research Institutes
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 303

    Developed with funding from the Department of Homeland Security, the DECIDE® platform has been a trusted cybersecurity live exercise solution for more than a decade. The platform’s unmatched combination of needs-based threat scenarios, strategic analytics, and communications mapping has been proven time and again in distributed sector-wide live exercises, organizational trainings, and in smaller board room settings.
    In these 3 training blocks, the facilitator/instructor will guide students to an understanding of basic exercise structure and how to apply it to their own organization, top to bottom, using a distributed, synchronous environment like Decide®.

    8:00 am
    InfraGard Chapter Meeting - Open to all Attendees
    • session level icon
    Presentation: Being Smart About Intelligence
    speaker photo
    CEO & Founder, Center for Threat Intelligence
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 9:15 am
    Location / Room: Keynote Theater

    Join InfraGard for their chapter meeting and guest presentation. This session is for InfraGard members and all attendees interested in the local association. This is also a great networking opportunity.
    8:00 – 8:30 – Networking
    8:30 – 9:15am – Janet’s presentation
    Presentation:
    Adversaries are sophisticated, clever, motivated and highly focused. Attacks are well planned, coordinated and use a variety tactics combining cyber, physical, human and technical to accomplish their goals. Learn more about adversarial focus, strategies and tactics and how effective threat intelligence can proactively mitigate attacks, enhance enterprise risk management and get you ahead of the game. No matter how big or small your organization is…you are a target! Knowing your adversaries gives you the strategic advantage when protecting your organization.

    8:30 am
    Human Resilience in Our Cybersecurity Culture
    • session level icon
    speaker photo
    President , DuHart Consulting
    speaker photo
    CISO, DuHart Consulting
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 404

    As employers struggle attracting and retaining cybersecurity personnel, it is important to note that employees need to feel appreciated. Employees also need to understand how to work through the stress associated with this environment. Utilizing this presentation as a springboard to greater understanding from both sides of management, one will walk away with an understanding of:
    •  What is stress?
    •  What are IT soft skills?
    •  How managing stress and practicing soft skills impact organizational culture
    •  How stress, soft skills, and culture have a direct impact on the talent gap
    •  Avoiding burnout
    Presentation Level: Managerial  (Security and Business Leaders)

    8:30 am
    Zero Trust: The Elements of Strategy
    • session level icon
    speaker photo
    Strategist, MiSec Community
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 406

    Philosophies for securing technology has crashed over our industry in waves. Capability-based security locked down IT (except when it didn’t.) Risk-based security prioritized efforts and focused us on securing the business (when people listen.) Threat-centric security cleared everything up by explaining what the bad guys were doing (with file hashes and IP addresses.) Following these less than successful philosophies, trust-centric security has entered the scene. This session will cover zero-trust strategies and highlight case studies of organizations leveraging zero-trust to align and coordinate tactics. Trust is neither binary nor permanent, and neither is real-world security.

    8:30 am
    The New "Colder" War: Cybersecurity Threats Against Consumer Privacy and Our Democratic Institutions
    • session level icon
    speaker photo
    Lieutenant Colonel, US Air Force (Ret)
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 405

    Modern cybersecurity threats have evolved into very effective disinformation campaigns based on what they know about you. What can we collectively do to protect our consumers  and our democratic institutions that we rely upon? Hint: the solution is more than just technology.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    [OPENING KEYNOTE] How to Manage Your Own Career to Get to the Top
    • session level icon
    speaker photo
    CIO, Georgia State Defense Force, Former CIO, The White House
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Do you have a plan for your future? Why not? You are the leader of your own destiny! You need to look at where you are, where you want to go, and have a plan to get there. We will talk about how to develop a plan, what to think about, and how to put one foot in front of the other to get to your end goal. We will also talk about how to manage up to your boss to get what you need to help you in your own career. Col. Mark Gelhardt made it to The White House managing his own career, and stood next to the President of the United States. He will tell you how he did it; if he can do it, so can you!

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    10:15 am
    Mark Gelhardt Book Signing on the Exhibitor Floor
    • session level icon
    Quantities are limited and will be distributed on a first-come, first-served basis.
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Mark Gelhardt will be signing copies of his book, “My Time at The Clinton White House.”
    Find him on the Exhibitor Floor at the following times:
    10:15 a.m. – 11:15 p.m..
    BOOK SYNOPSIS:
    Colonel Mark Gelhardt had an atypical military career that landed him in The White House next to the President of the United States, where he was responsible for the last link of communications between the President and the rest of the U.S. government. While a Lieutenant Colonel (LTC) in the Army, Mark was selected by top federal officials to be the Commander of the Data Systems Unit, as part of the White House Communications Agency. In this position, he supported the President as the Chief Information Officer (CIO) for all classified IT used by The White House. LTC Gelhardt served at the White House for over four years (1995-1999), working with President Clinton and his staff almost every day, both on the White House grounds and traveling worldwide. This gave him unfettered access to the inner workings of The White House and the Presidency. Since retiring from the Army in 2001, Mark has been asked by many people about his time at The White House. Mark has many stories about what happened behind closed doors, and proudly speaks about the outstanding support done by the fantastic military members that support the Commander-in-Chief. Mark has taken the time to chronicle his experiences about his day-to-day job at The White House, as well as some of the funny stories he picked up along the way. Please enjoy this non-political book with surprising behind-the-scenes stories. I hope they provide you with some insight to the wonderful military members that work so hard to keep you safe every day in support the of President and Commander-in-Chief.

    10:15 am
    Birds of a Feather Discussion Groups
    • session level icon
    Topic: Building an Effective Security Awareness Program
    speaker photo
    Director of Learning, Kalles Group
    speaker photo
    Sr. Training Consultant, Kalles Group
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 10:45 am
    Location / Room: Yellow Booth on the Exhibitor Floor

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

    10:15 am
    Birds of a Feather Discussion Groups
    • session level icon
    Topic: Insider Threat
    speaker photo
    Digital Event Director, SecureWorld
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 10:45 am
    Location / Room: Blue Booth on the Exhibitor Floor
    10:15 am
    Birds of a Feather Discussion Groups
    • session level icon
    Topic: Career Development: Becoming a CISO
    speaker photo
    Executive Director, Center for Information Assurance and Cybersecurity, University of Washington
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 10:45 am
    Location / Room: Red Booth on the Exhibitor Floor
    10:15 am
    Birds of a Feather Discussion Groups
    • session level icon
    Topic: Supply Chain Security
    speaker photo
    Director of Security - GRC, Microsoft
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 10:45 am
    Location / Room: White Booth on the Exhibitor Floor

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: The Scope of Pen Testing
    speaker photo
    CTO, WA State Department of Labor and Industries
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 408

    This session is for Advisory Council members only.

    11:00 am
    Cloud Security Alliance Meeting and Presentation - Open to all Attendees
    • session level icon
    Presentation: Threat Modeling 2019
    speaker photo
    Leading Expert on Threat Modeling, Shostack & Associates
    Registration Level:
    • session level iconOpen Sessions
    11:00 am - 12:00 pm
    Location / Room: 404

    Interested in your local associations? Join Cloud Security Alliance (CSA) for a chapter meeting and guest presentation.
    Presenting: Attacks always get better, so your threat modeling needs to evolve. Learn what’s new and important in threat modeling in 2019. Computers that are things are subject to different threats, and systems face new threats from voice cloning and computational propaganda and the growing importance of threats  at the human layer.  Take home actionable ways to ensure your security engineering is up to date.

    11:15 am
    [Panel] Discussion with Huawei’s Chief Security Officer: A Supply Chain Security Case Study
    • session level icon
    speaker photo
    Founder & Managing Director, AgeLight Digital Trust Advisory Group
    speaker photo
    Chief Security Officer, Huawei Technologies USA
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 406

    Is Huawei a trade war target or a security risk? Regardless, the Huawei accusations by the U.S. Government have shed light on a crucial fact: increased reliance on new technologies introduces new threats into an ecosystem and supply chains. Join this discussion with Huawei’s Chief Security Officer on mitigating your organization’s supply chain risk by applying stringent criteria to all devices and services. The discussion will include the recent review of Huawei technologies and lessons learned can be applied to every enterprise including best practices advocated by NIST, NTIA, and others. Key tenets include embracing security by design, use of risk-based decision models and sharing threat intelligence data.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    11:15 am
    Changes to Washington's Data Breach Laws
    • session level icon
    speaker photo
    Attorney, Vergeront Law, PLLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 403

    Washington State has recently passed a bill that will drastically change the data breach notification laws. These changes go into effect in March 2020. Are you prepared?
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    11:15 am
    DHS Cybersecurity Advisor on Risks, Best Practice Recommendations, and Available No-Cost Resources
    • session level icon
    speaker photo
    Regional Cybersecurity Advisor, DHS Cybersecurity and Infrastructure Security Agency (CISA)
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 405
    The DHS CISA Cybersecurity Advisor will speak to cyber threats and risks, then provide some simple best practices before going into detail on the many resources available at no-cost to mitigate risks and ensure more resiliency to your infrastructure and cyber systems.
    In addition to better understanding common risks and mistakes, participants will have a better understanding at the information sharing opportunities as well as resources the Federal government has made available to partners.
    Presentation Level: MANAGERIAL (security and business leaders)

     

    11:15 am
    Building a Cybersecurity Program from Scratch
    • session level icon
    speaker photo
    CISO, DuHart Consulting
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 402

    Building a successful cybersecurity program is not easy. It is often difficult to build a complete program when business requirements (and budgets) are not conducive to a fully-implemented and mature cybersecurity program. This presentation will discuss how to develop a program that will fit your organization’s needs today and how to mature it and grow in the future.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Topic: Addressing the Talent Gap
    speaker photo
    Executive Director, Center for Information Assurance and Cybersecurity, University of Washington
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 408

    This session is for Advisory Council members only.

    12:15 pm
    [LUNCH KEYNOTE] Radware: The 10 Immutable Security Facts for 2020
    • session level icon
    speaker photo
    Security Evangelist, North America, Radware
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    A presentation of top 10 security facts that will disrupt established application and infrastructure security practices. A discussion centered around questions everyone is or should be asking in 2020:

    • What is the attack surface of the public cloud?
    • Why are NIDs, HIDs, and flow collectors not adapted for cloud based infrastructure and applications?
    • How to protect APIs and cloud native applications running in dynamic, end-to-end encrypted service meshes?
    • What is Next Gen WAF and when should I consider it?
    • What are automated threats and how to protect against the 4th generation bots?
    • Is deep learning an inexorable technology as attackers get automated and attacks more sophisticated?
    • What will be the impact of 5G on application security and availability?

    Presentation outline
    A top 10 is subjective in nature, but it wasn’t just pulled out of thin air. The 10 facts are based on trends in recent threats, my own security research, and discussions with CISOs and security leaders.

    The Top 10 security facts for 2019/2020:

    1. The Attack Surface of the Public Cloud is defined by Permissions
    2. The Insider thread of the Public Cloud is the Outsider
    3. HIDs, NIDs, and Flow Collectors are pointless for Securing Cloud-based Applications
    4. WAF does not keep up with Cloud Native Applications
    5. East-West Traffic is getting Encrypted
    6. Attackers are getting Automated
    7. Attacks are getting more Sophisticated
    8. APIs are the new Front-end
    9. Machine and Deep Learning become essential for Threat Detection
    10. 5G will fuel the next IoT Explosion

    Starting the discussion with an overview of the current threat landscape, illustrating with real-world incidents in following categories:

    1. Cloud infrastructure abuse
    2. Data breaches through publicly exposed S3 buckets
    3. Ransom of poorly secured cloud data services
    4. Cloud Infrastructure owning and wiping
    5. Cloudification of DDoS attacks
    6. Automated threats

    A quick run through of the top 10 security facts.

    The rest of the discussion will lead to the 10 facts and is organized in 4 chapters, each centering around a top of mind topic:

    1. Migrating to the cloud
    2. Cloud Native Applications
    3. Automated Threats
    4. 5G/IoT Intersection

    Each chapter is summarized with the top security facts that were demonstrated throughout the discussion

     

    1:15 pm
    Panel: Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 404

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
    Panelists:
    Michael Hiskey, Avanan
    Dr. Mike Lloyd, RedSeal
    Wayne Tynes, Mimecast
    Corey Smith, Qualys
    Moderator: Bruce Lobree, Symetra

    1:15 pm
    Panel: Cloudy with a Chance of Breach
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 405

    Everything old is new again. Migrating to the cloud certainly is not a new thing. It is for some smaller companies that are just now able to afford making the move to the cloud. Cloud boasts a secure, disaster proof option for companies to store their data offsite with access to that data from practically anywhere. So, who’s fault is it when the data is compromised? What if your information is stolen from the cloud because another user’s data was at fault? At the end of the day, isn’t the cloud just someone else’s computer? Join this panel discussion as they guide you through the pros and cons in migrating to the cloud.
    Panelists:
    Grant Asplund, Check Point Security
    Robert Statsinger, Contrast Security
    Jesse Houldsworth, Sonatype
    David Nicholson, RSA
    Mark Hamilton, Palo Alto Networks
    Moderator: Jake Bernstein, Focal PLLC

    1:15 pm
    [OneTrust] CCPA: 5-Step Guide to California Consumer Privacy Act Compliance
    • session level icon
    speaker photo
    Solutions Engineer, OneTrust
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 406
    With the clock ticking down until the California Consumer Privacy Act (CCPA) comes into effect on Jan. 1, 2020, many companies are struggling to understand the sweeping new privacy law, its impact on the business, and how to manage compliance across a matrix of global privacy laws. While there are still amendments to be settled before 2020, there are several few key ways to get ready for the CCPA’s privacy governance and consumer rights requirements. In this session, we’ll outline what this new law means for your business, detail what changes to expect to see before it’s put into effect, and lay out a 5-step guide to demonstrating on-going compliance the CCPA. We’ll also share findings from research conducted with the International Association of Privacy Professionals (IAPP) on how ready (or not) businesses are for the CCPA, what factors are driving compliance and how the GDPR fits into CCPA readiness.

    Presentation Level: TECHNICAL (deeper dive including TTPs)

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Beyond the Security Awareness Check Box
    • session level icon
    speaker photo
    Director of Learning, Kalles Group
    speaker photo
    Sr. Training Consultant, Kalles Group
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 405
    It’s time to move beyond the “Awareness” messaging campaigns and the annual compliance training check box. Employees need to take the next step and act on the knowledge that is constantly pushed out to them. A solid Security Awareness program needs to include opportunities for learners to build their skills as well as practice those skills in realistic scenarios. This session will provide an overview of ways to think beyond doing an annual compliance eLearning and focus on providing on-going learning opportunities that are timely and relevant.
    3:00 pm
    Role of Information Risk and Compliance in Digital Healthcare
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Information technology is becoming a core part of healthcare with the new technology innovation. The risk and compliance strategy and guidance is challenging.
    This presentation focuses on some of the key attributes to take into consideration for creating an IT GRC model to ensure the safety, privacy, and security of the patients.Some of the attributes include:
    – Data as the centerpoint/ focus point of building the GRC model
    – Data classification based on its risk and impact
    – Thinking through Data Lifecycle Approach to attain a detailed      understanding of data and its impact
    3:00 pm
    The Reasonableness Standard for Cybersecurity: What Is It and How Do We Meet It?
    • session level icon
    speaker photo
    Attorney, Focal PLLC
    speaker photo
    Cybersecurity & Data Privacy Attorney, Focal Law
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 404
    The Federal Trade Commission is no longer the only sheriff in town when it comes to cybersecurity. More and more states–and countries–are getting involved in efforts to safeguard personal information. This includes customers and vendors who often require reasonable cybersecurity in contracts. But what does “reasonable cybersecurity” mean and how can we start to answer a question that always “depends”?Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

     

Exhibitors
  • 1TOUCH.io
    Booth: 434

    1TOUCH.io is a purpose-built security solution for sensitive data management, whether you are dealing with data governance and security, operationalizing GDPR, or need to address CCPA with an automated process around SRR. 1TOUCH.io helps companies know and reduce their privacy and security risk by automatically discovering unknown uses of sensitive data.  Unlike other solutions, 1TOUCH.io‘s network-analytics approach ensures you don’t have know where to look for your sensitive data, we find it for you. For more information, visit https://1touch.io or follow on https://www.linkedin.com/company/1touch-io.

  • Alert Logic
    Booth: 218

    Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.

  • ARMA NW Region
    Booth: 284

    THIS IS YOUR ARMA!  The Association of Records Managers and Administrators (ARMA) is the leading international not-for-profit association for Records Management and Information Governance, comprised of approximately 27,000 professionals in this field with chapters across the US, Canada, and internationally.  Do you need guidance on records policy, compliance, and operations?  We are here to help connect you with local professionals for networking, educational session, vendor contacts, meet-ups, and collaboration.

    Bellevue Eastside Chapter
    The Bellevue Chapter serves the greater eastside members providing opportunities for RIM professionals to connect and collaborate.  RIM and IG areas include Utilities, Legal, Medical, Banking, Software, Engineering, Government, Energy, and Telecommunications.

  • Avanan
    Booth: 314

    Avanan: Email Security—Reinvented.

    Avanan catches the advanced phishing attacks that evade default and advanced security. The invisible, multi-layered solution enables full-suite protection for cloud collaboration software such as Office 365™, G-Suite™, and Slack™. Deploying in one click via API, the platform prevents Business Email Compromise and blocks phishing, malware, data leakage, account takeover, and shadow IT across the enterprise. Avanan replaces the need for legacy solutions like Secure Email Gateways and Cloud Access Security Brokers with a patented solution that goes far beyond any other Cloud Email Security Supplement.

  • Bitglass
    Booth: 200

    Your company’s move to the cloud delivers flexibility and cost savings, but that doesn’t mean you should lose control of your data. Bitglass’ Cloud Access Security Broker (CASB) solution enables your enterprise to adopt cloud apps while ensuring data security and regulatory compliance. Bitglass secures your data in the cloud, at access, on any device.

    Bitglass was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.

  • BlackBerry Cylance
    Booth: Pavilion: 516

    BlackBerry Cylance develops artificial intelligence to deliver prevention-first, predictive security products and smart, simple, secure solutions that change how organizations approach endpoint security. BlackBerry Cylance provides full spectrum predictive threat prevention and visibility across the enterprise to combat the most notorious and advanced cybersecurity attacks. With AI-based malware prevention, threat hunting, automated detection and response, and expert security services, BlackBerry Cylance protects the endpoint without increasing staff workload or costs. We call it the Science of Safe. Learn more at www.cylance.com.

  • Check Point Security
    Booth: 414

    Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. We are committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.

  • Cisco
    Booth: 248

    Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.

  • Cloud Security Alliance Seattle
    Booth: 330

    The Greater Seattle Chapter of the Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing in the Pacific Northwest, and provide education on the uses of Cloud Computing to help service providers and customers be secure in the Cloud.

    The Greater Seattle Chapter began in late 2010, led by Vivek Bhatnagar and Marc Pinotti, with our first Chapter Meeting held March 24th 2011.  Our membership since then has grown to include corporate sponsors and over 1100 executive and senior level security, compliance, and IT professionals from throughout the entire Pacific Northwest, Western Canada, and Alaska.

    The Chapter provides a venue for our Members to network, share ideas and research, as well as educational opportunities through quarterly seminars and monthly Chapter meetings that feature presentations by industry experts about Cloud issues, security, and technology.

  • Cobalt.io
    Booth: 334

    Cobalt’s Pentest as a Service (PtaaS) Platform transforms traditional pentesting into a data-driven vulnerability management engine. Fueled by a global talent pool of certified freelancers, our modern pentest platform delivers actionable results that empowers agile teams to pinpoint, track, and remediate vulnerabilities.

  • Code42
    Booth: 438

    Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.

  • Contrast Security
    Booth: Pavilion: 508

    Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast’s patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.

  • CrowdStrike
    Booth: 310

    CrowdStrike Inc. (Nasdaq: CRWD), a global cybersecurity leader, is redefining security for the cloud era with an endpoint protection platform built from the ground up to stop breaches. The CrowdStrike Falcon® platform’s single lightweight-agent architecture leverages cloud-scale artificial intelligence (AI) and offers real-time protection and visibility across the enterprise, preventing attacks on endpoints on or off the network. Powered by the proprietary CrowdStrike Threat Graph®, CrowdStrike Falcon correlates over two trillion endpoint-related events per week in real time from across the globe, fueling one of the world’s most advanced data platforms for security.

    With CrowdStrike, customers benefit from better protection, better performance and immediate time-to-value delivered by the cloud-native Falcon platform. There’s only one thing to remember about CrowdStrike: We stop breaches. Qualifying organizations can gain full access to Falcon Prevent™ by starting a free trial. Learn more: https://www.crowdstrike.com/

  • CTIN
    Booth:

    CTIN has been providing high tech crime fighting training since 1996 in the areas of high-tech security, investigation, and prosecution of high-tech crimes for both private and public sector security and investigative personnel and prosecutors. CTIN sponsors training from experts world-wide for the benefit of private organizations and law enforcement agencies.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Egnyte
    Booth: 202

    Egnyte is the only secure content platform that is designed specifically for business. Egnyte provides teams with secure file sharing capability and access to content delivered at hyper-speed, regardless of file size, location, device or bandwidth.  More than 15,000 of the world’s most demanding and regulated businesses in more than 120 countries around the globe trust Egnyte to manage their content on the cloud.

  • Endace
    Booth: 306

    Customers choose Endace products for one primary reason: they deliver, where competitor products fail. Whether it is capture accuracy, fidelity of time stamps, write-to-disk performance or speed of traffic retrieval, Endace is famous for delivering the very best performing products. Telcos, broadcasters, governments, defence departments, investment banks and many other large enterprises trust our products to help them manage their critical data networks.

  • Exabeam
    Booth: Pavilion: 512

    The Exabeam Security Intelligence Platform provides organizations of all sizes with end-to-end detection, analytics, and response capabilities from a single security management and operations platform. Exabeam SIP includes Exabeam Log Manager, a modern log management system, built on top of ElasticSearch to provide unlimited data ingestion at a predictable, cost effective price. Exabeam SIP detects complex, multi-stage threats using the analytics capabilities of Exabeam Advanced Analytics; the world’s most deployed User and Entity Behavior Analytics (UEBA) solution. Finally, Exabeam SIP improves incident response efficiency with Exabeam Incident Responder, an API based security orchestration and automation solution.

  • ExtraHop
    Booth: Pavilion: 510

    ExtraHop is a force multiplier for IT teams struggling with increasing complexity. With the ExtraHop platform, organizations can regain control over the security and performance of their applications and infrastructure, and capitalize on their data analytics opportunity to improve business operations and results. Learn more at www.extrahop.com

  • Fidelis Cybersecurity
    Booth: 240

    Fidelis Cybersecurity is a leading provider of threat detection, hunting and response solutions. Fidelis combats the full spectrum of cyber-crime, data theft and espionage by providing full visibility across hybrid cloud / on-prem environments, automating threat and data theft detection, empowering threat hunting and optimizing incident response with context, speed and accuracy.

    By integrating bi-directional network traffic analysis across your cloud and internal networks with email, web, endpoint detection and response, and automated deception technology, the Fidelis Elevate platform captures rich metadata and content that enables real-time and retrospective analysis, giving security teams the platform to effectively hunt for threats in their environment. Fidelis solutions are delivered as standalone products, an integrated platform, or as a 24×7 Managed Detection and Response service that augments existing security operations and incident response capabilities. Fidelis is trusted by Global 1000s and Governments as their last line of defense. Get in the hunt. For more information go to www.fidelissecurity.com.

  • FireMon
    Booth: 420

    FireMon is at the forefront of the security management category, delivering first-ever functionality such as firewall behavior testing, workflow integration, traffic flow analysis and rule recertification. Our solutions have helped more than 1,500 organizations around the world gain visibility into and control over their complex network security infrastructures.

  • Gigamon
    Booth: Pavilion: 514

    Gigamon is leading the convergence of network and security operations to reduce complexity and increase efficiency of security stacks. Our GigaSECURE® Security Delivery Platform is a next generation network packet broker that makes threats more visible – across cloud, hybrid and on-premises environments, deploy resources faster and maximize the performance of security tools.

  • Illumio
    Booth: 198

    We built the Illumio Adaptive Security Platform (ASP)™ to provide unprecedented visualization and control of enterprise applications. Our system constantly inspects and adapts to the computing environment it is protecting, without pause.
    Moreover, since 75 percent of computing interactions never leave the data center, our customers can now have complete visibility behind the firewall, whether it is running in their data center or the vibrant public cloud services of Amazon Web Services, Microsoft Azure, Google Compute Engine, Rackspace, and many others.

  • Illusive Networks
    Booth: Pavilion: 504

    Illusive Networks is a pioneer of deception technology, empowering security teams to take informed action against advanced, targeted cyberattacks by detecting and disrupting lateral movement toward critical business assets early in the attack life cycle. Agentless and driven by intelligent automation, Illusive technology enables organizations to significantly increase proactive defense ability while adding almost no operational overhead. Illusive’s Deceptions Everywhere® approach was conceived by cybersecurity experts with over 50 years of combined experience in cyber warfare and cyber intelligence. With the ability to proactively intervene in the attack process, technology-dependent organizations can preempt significant operational disruption and business losses, and function with greater confidence in today’s complex, hyper-connected world.

  • Institute of Internal Auditors (IIA)
    Booth:

    Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.

  • InfraGard – Evergreen / WA chapter
    Booth: 328

    InfraGard is a partnership of individuals representing businesses, academic institutions, state and local law enforcement agencies, and communities who are dedicated to collaborating and sharing information to prevent hostile acts against the United States.

    The Evergreen InfraGard Members Alliance area of operation is Washington State and over 600 members. As part of the Western Region, we work closely with the IMAs in Los Angeles, San Diego, Oregon, and Idaho. Our chapter’s mission is, “To protect Washington State’s Infrastructure and critical services by providing a secure platform and trusted community to share experiences and information.”

  • ISACA Puget Sound Chapter
    Booth: 326

    The aim of the Chapter is to sponsor local educational seminars and workshops, conducts regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the area.

    The association is one of individual members who are practitioners of information systems auditing, security, risk, and/or governance in his or her organization. The membership of the ISACA reflects a multiplicity of backgrounds and skills that make our profession challenging and dynamic.

    This chapter is run by volunteers who are ISACA members nominated and elected through an established process. Please contact us if you are interested in serving on the board.

  • (ISC)2
    Booth:

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • ISSA Puget Sound Chapter
    Booth: 322

    ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. Join today.

  • Ixia, a Keysight Business
    Booth: 228

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Jazz Networks
    Booth: 410

    Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.

  • Kenna
    Booth: Pavilion: 512

    Kenna was built on the premise that cyber risk must be managed as an enterprise-wide effort. We believe cyber risk can only be effectively mitigated when the whole organization works as one, focused in the same direction and on the right target.

  • Lacework
    Booth: 400

    Lacework automates security across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), providing a comprehensive view of risks across cloud workloads and containers. Lacework’s unified cloud security platform provides unprecedented visibility, automates intrusion detection, delivers one-click investigation, and simplifies cloud compliance.

  • Lockpath
    Booth: 300

    Lockpath is a software company bringing order to the chaos of managing risk. From SMB to enterprise, our risk management platforms flex and scale to existing processes enabling customers a straightforward approach to identify, understand, manage and report on risk.

  • LogRhythm
    Booth: Pavilion: 518

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • Malwarebytes
    Booth: 224

    Malwarebytes secures endpoints, making workplaces resilient. Our adaptive attack protection predicts and detects attacks with multi-layer detection across the kill chain. We enable active threat response with machine learning that is actionable and automated, allowing for full recovery when a compromise occurs. We empower enterprise endpoint orchestration across siloed IT and Security organizations, simplifying security management and making responses effective. Malwarebytes makes endpoints resilient so workplaces can protect and remediate, and employees can regain control of their digital lives. Visit us at www.malwarebytes.com/business.

  • Menlo Security
    Booth: 440

    The Menlo Security approach delivers 100% safety via isolation — stopping the never-ending search for risky content, while delivering a seamless end-user experience. Deployed in a public or private cloud, the Menlo Security Isolation Platform reduces security complexity and increases scale by eliminating end-point software and out-dated appliances.

  • Mimecast
    Booth: 208

    Mimecast (NASDAQ: MIME) was born in 2003 with a focus on delivering relentless protection. Each day, we take on cyber disruption for our tens of thousands of customers around the globe; always putting them first, and never giving up on tackling their biggest security challenges together. We are the company that built an intentional and scalable design ideology that solves the number one cyberattack vector—email. We continuously invest to thoughtfully integrate brand protection, security awareness training, web security, compliance and other essential capabilities. Mimecast is here to help protect large and small organizations from malicious activity, human error and technology failure; and to lead the movement toward building a more resilient world.

  • nCipher
    Booth: 234

    nCipher Security, a leader in the hardware security module (HSM) market, empowers world-leading organizations by delivering trust, integrity and control to their business critical information and applications, IoT, blockchain and digital payments

  • New Tech Seattle
    Booth:

    Seattle’s largest ongoing monthly event with more than 5,600 members. New Tech Seattle is the place where you’ll always make great connections, enjoy great food and drinks, learn about new companies doing cool things, laugh, smile, and have a fun night out. And most importantly, you’ll discover the people, partners, organizations, and resources to help you to build your dreams.

    It’s your community, we just love it and give everyone a place to play together. New Tech Seattle happens on the 2nd or 3rd Tuesday of every month. You can also join us on the 1st or 2nd Tuesday of every month at New Tech Eastside if you spend more time in Kirkland, Bellevue, Redmond, and the surrounding cities.

  • Northwest Tech Alliance (NWTA)
    Booth:

    The Northwest Tech Alliance (NWTA) is an independent technology association dedicated to bringing together some of the brightest minds from the technology industry.
    NWTA events are focused on helping attendees:
    · Network with other technology industry professionals
    · Provide education and information relative to the latest technologies and industry trends
    · Generate opportunities for personal, professional and business growth
    · Promote the Puget Sound area as a desirable place to start and grow successful technology companies
    · Learn about local food/chefs, wineries, breweries, and distilleries
    · Support local businesses and give back to the community
    · Build lifelong relationships

  • Nyotron
    Booth: 298

    Nyotron provides the industry’s first OS-Centric Positive Security to strengthen laptop, desktop, and server protection. Unlike all other approaches, our patented technology does not care about the type of threat or the attack vector, allowing us to provide ultimate protection by stopping the intended damage.

    Founded in 2012, Nyotron is headquartered in Santa Clara, CA with R&D in Israel. Nyotron has earned a top score of 5 stars from SC Magazine in its review of Endpoint Security Platforms, won GOLD in the 2017 IT World Awards for Endpoint Security and was designated as the 2017 HOT COMPANY in Endpoint Security by Cyber Defense Magazine.

  • Okta
    Booth: 288

    Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

  • OneTrust
    Booth: 236

    OneTrust is the leading and fastest growing privacy management software platform used by hundreds of organizations globally to comply with data privacy regulations across sectors and jurisdictions, including the EU GDPR and Privacy Shield.

  • Optiv
    Booth: 500

    The world’s most trusted and reputable security solutions integrator, Optiv enables its clients to realize stronger, simpler and less costly cyber security programs. The company combines decades of real-world business, security strategy and technical experiences with in-depth security products knowledge to bring order to the cyber security chaos.

  • Online Trust Alliance (OTA)
    Booth:

    The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust, while promoting innovation and the vitality of the internet. OTA’s goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users’ security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, meaningful self-regulation and data stewardship.

  • Palo Alto Networks
    Booth: 209

    Palo Alto Networks™ is the network security company. Its next-generation firewalls enable unprecedented visibility and granular policy control of applications and content – by user, not just IP address – at up to 20Gbps with no performance degradation. Based on patent-pending App-ID™ technology, Palo Alto Networks firewalls accurately identify and control applications – regardless of port, protocol, evasive tactic or SSL encryption – and scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. Most recently, Palo Alto Networks has enabled enterprises to extend this same network security to remote users with the release of GlobalProtect™ and to combat targeted malware with its WildFire™ service. For more information, visit www.paloaltonetworks.com.

  • ProcessUnity
    Booth: 246

    ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources.

  • Qualys, Inc.
    Booth: 222

    Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 120 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

  • Radware
    Booth: 210

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • RedSeal
    Booth: 220

    At RedSeal, our vision is to become the essential analytics and decision-making platform for building digitally resilient organizations people can trust. We do this by becoming the measure by which every organization can quantify its digital resilience. As thought leaders on resilience, we envision every organization starting the security discussion with the question “What’s our Digital Resilience Score?” Founded in 2004, RedSeal is headquartered in Sunnyvale, California.

  • RSA a Dell Technologies Company
    Booth: 294

    RSA Business-Driven Security™ solutions provide organizations with a unified approach to managing digital risk that hinges on integrated visibility, automated insights and coordinated actions.  With solutions for rapid detection and response, user access control, consumer fraud protection, and integrated risk management, RSA customers can thrive and continuously adapt to transformational change.

  • Siemplify
    Booth: 302

    The  Siemplify  team is comprised of cyber-security professionals, veterans of Israeli intelligence agencies. We bring rich experience in security analysis,  management  and operations and are backed by experts in data science and applied mathematics.

    WE BELIEVE In the modern world of cyber threat analysis, investigation and management should be more holistic, intuitive and simple. Technology and data science should serve cyber security experts by providing all the relevant information about the threat in real-time and focus them  in  rapid decision making.

  • Sonatype
    Booth: 404

    Every day, developers rely on millions of third party and open source building blocks – known as components – to build the software that runs our world. Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don’t have to make the tradeoff between going fast and being secure. More than 120,000 organizations use Sonatype’s Nexus solutions to support agile, Continuous Delivery, and DevOps practices globally

  • Spirion
    Booth: 412

    Spirion is a leading enterprise data management software solution that provides high-precision searches and automated classification of unstructured and structured data with unparalleled accuracy.  Spirion helps businesses reduce their sensitive data footprint and proactively minimize risks, costs and reputational damage of cyberattacks by discovering, classifying, monitoring and protecting sensitive data.

  • Splunk
    Booth: Pavilion: 506

    You see servers and devices, apps and logs, traffic and clouds. We see data—everywhere. Splunk® offers the leading platform for Operational Intelligence. It enables the curious to look closely at what others ignore—machine data—and find what others never see: insights that can help make your company more productive, profitable, competitive and secure. What can you do with Splunk?
    Just ask.

  • Structured
    Booth: 209

    Structured is an award-winning solution provider delivering secure, cloud-connected digital infrastructure. For nearly 30 years, we’ve helped clients through all phases of digital transformation by securely bridging people, business and technology.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tevora
    Booth: 304

    Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats. For more information visit https://www.tevora.com.com/.

  • Thales e-Security
    Booth: 252

    As the global leader in cloud and data protection, we help the most trusted brands and largest organizations in the world protect their most sensitive data and software, secure the cloud and achieve compliance through our industry-leading data encryption, access management, and software licensing solutions.

  • TrapX Security
    Booth: 204

    TrapX Security is the pioneer and global leader in cyber deception technology. Their DeceptionGrid solution rapidly detects, deceives, and defeats advanced cyberattacks and human attackers in real-time. DeceptionGrid also provides automated, highly-accurate insight into malicious activity unseen by other types of cyber defenses. By deploying DeceptionGrid, you can create a proactive security posture, fundamentally halting the progression of an attack while changing the economics of cyberattacks by shifting the cost to the attacker. The TrapX Security customer-base includes Forbes Global 2000 commercial and government customers worldwide in sectors that include defense, healthcare, finance, energy, consumer products, and other key industries.

  • Trend Micro
    Booth: 238

    Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.

  • Trustwave
    Booth: 296

    Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries.

  • Tufin
    Booth: 209

    As the market leader of award-winning Security Policy Orchestration solutions, Tufin provides enterprises with the ability to streamline the management of security policies across complex, heterogeneous environments. With more than 2,000 customers, Tufin automatically designs, provisions, analyzes and audits network security configuration changes – from the application layer down to the network layer – accurately and securely. It assures business continuity with a tight security posture, rapid service delivery and regulatory compliance across physical, private, public and hybrid cloud environments.

  • University of Washington
    Booth:

    The Office of the Chief Information Security Officer (CISO) promotes a culture of shared responsibility to safeguard personal and institutional data. Services are designed to assist the UW community by monitoring, analyzing, and forecasting threats to information assets, advising on risk management and on contracts related to data security, providing in-person and online education, consulting on incident management, and developing and managing University policies related to information security.

  • Varonis
    Booth: Pavilion: 502

    Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • Vectra
    Booth: 206

    Vectra® is transforming cybersecurity by applying advanced AI to detect and respond to hidden cyberattackers before they can steal or cause damage. Powered by AI, Vectra and its flagship Cognito® platform enable the world’s most consequential organizations to automatically detect cyberattacks in real time and empower threat hunters to perform highly conclusive incident investigations. Vectra reduces business risk by eliminating security gaps in cloud, data center and enterprise environments.

  • WaveStrong
    Booth: 402

    Founded in 2001, WaveStrong is an industry leader in enterprise and cloud information security consulting services. We pride ourselves on our best of breed security solutions and services that span a myriad of government, education and business verticals. Our staff is comprised of both certified technical and business professionals who can help you successfully navigate complexities of planning, design, implementation and management of securing data. Our approach is vendor agnostic giving our customers the freedom to choose the best customized security model for their business.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Jake Bernstein, Esq.
    Attorney, Focal PLLC

    Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Gene Kingsley
    Risk Management and Program Implementation Manager, University of Massachusetts

    Gene Kingsley, Director of Security Operations Center where he leads his team to help protect the clients of Massachusetts Advanced Security Technologies.

  • speaker photo
    Tom Muehleisen
    Director of Cyber Operations, Norwich University Applied Research Institutes

    Tom Muehleisen, CISSP and Retired Army Lieutenant Colonel, is a proven leader in cybersecurity. He is currently the Director of Cyber Operations for NUARI, a non-profit focused on improving our nation’s cybersecurity. He has a rich emergency management background as a National Guardsman, ranging from fighting fires to writing Washington State’s cyber response plan. After retiring from the military, he continued his efforts to secure Critical Functions and Community Lifelines though education, outreach and exercises. His experiences as a senior leader in Army Information Operations give him a particularly deep view of adversary motivations, which he brings to the classroom.

  • speaker photo
    Abigail McAlpine
    PhD Cybersecurity Researcher, Secure Societies Institute - University of Huddersfield

    Abigail McAlpine is a CyberSecurity Researcher at the Secure Societies Institute at the University of Huddersfield. Her research is specialised in PII data published on digital systems that leads users to become vulnerable to a number of threats to their identity and safety long-term.

  • speaker photo
    William Lidster
    Sr. Manager, Information Security and Compliance, AAA Washington

    Dr. William Lidster has more than 25 years of experience in IT and information security leadership in government, retail, insurance, finance, healthcare, and the utility industries. He received is PhD in Information Security and Assurance from Capella University and has published in IEEE and other professional journals. Dr. Lidster focuses his research on leadership and culture in organizations and the impact those have on cybersecurity capabilities in organizations.

  • speaker photo
    Annie Searle
    Senior Lecturer, University of Washington, The Information School

    Annie Searle is a senior lecturer at the University of Washington’s School of Information, where she teaches courses on risk management, cybersecurity, and information management, She is a lifetime member of The Institute of American Entrepreneurs; and was inducted in 2011 into the Hall of Fame for the International Network of Women in Homeland Security and Emergency Management. She writes a column monthly for ASA News & Notes; and is the author of several books or book chapters, most recently "Risk Reconsidered, " a collection of articles and columns published in July 2018. She is also principal of ASA Risk Consultants, a Seattle-based firm. Searle is a pro bono advisor to the Seattle Police Department, and a member of the board of directors of the Seattle Public Library Foundation. Searle spent ten years at Washington Mutual Bank where for most of those years she chaired the crisis management team.

  • speaker photo
    Kenneth Olmstead
    Internet Privacy & Security Analyst, The Internet Society's Online Trust Alliance

    Kenneth (Kenny) Olmstead is the Internet Security & Privacy Analyst that helps research, analyze, write, and review technical content relating to The Internet Society's Online Trust Alliance issues—identity, security, privacy, and data stewardship. He also helps with communications and engages the OTA Committees on technical and techno-policy issues. Before joining the Internet Society, Kenny spent 12 years at the Pew Research Center studying how the internet affects American life. In that time, he studied various topics ranging from how the internet changed the business of journalism, to how Americans view cybersecurity, to privacy issues in the Android ecosystem. He has a Master’s degree in Communications, Culture & Technology from Georgetown University.

  • speaker photo
    Christopher McMahon
    Special Agent, United States Secret Service

    Chris McMahon is a Special Agent for the United States Secret Service. Prior to joining the Secret Service, Chris was a Prince George’s County, MD Police Officer. Chris is a well-seasoned criminal investigator specializing in cyber-enabled financial fraud, money laundering, credit card/ID fraud among other crimes. Chris began his Secret Service career out of the New York Field Office spending time between the Fraud Squad and Electronic Crimes Task Force where he earned the designation NITRO Agent for specialized training in network intrusions. While in the New York Field Office, Chris ran point on several large-scale multi-national criminal investigations targeting transnational organized crime groups. Chris is currently assigned to the U.S. Secret Service, Global Investigative Operations Center (GIOC) where he specializes in Business Email Compromise schemes and account takeovers focusing on the international nexus of cyber-enabled financial crime.

  • speaker photo
    Mukesh Dixit
    CTO, WA State Department of Labor and Industries

    Chief Technology Officer at Washington State Department of Labor and Industries. Expert level grasp on IT Security governance and management of security in application, infrastructure and cloud domains. Spearheaded teams to do FedRAMP assessments of major cloud service provider giants in the industry. Certifications include CISSP, CCSP, CISA, PCIP, PMP, and AWS-SAA. Formerly PCI-QSA certified with a PCI assessor.

  • speaker photo
    Craig Spiezle
    Founder & Managing Director, AgeLight Digital Trust Advisory Group

    Craig Spiezle is the founder and managing partner of AgeLight Advisory Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.

  • speaker photo
    Craig Schippers
    Principal Engineer, Trend Micro, Inc.

    Craig Schippers is a CISSP Certified Principal Sales Engineer at Trend Micro. He has worked in the Security Industry for approximately 17 years assisting customers with their Infrastructure Security needs. He lives in the Kettle Falls, WA.

  • speaker photo
    Annie Searle
    Senior Lecturer, University of Washington, The Information School

    Annie Searle is a senior lecturer at the University of Washington’s School of Information, where she teaches courses on risk management, cybersecurity, and information management, She is a lifetime member of The Institute of American Entrepreneurs; and was inducted in 2011 into the Hall of Fame for the International Network of Women in Homeland Security and Emergency Management. She writes a column monthly for ASA News & Notes; and is the author of several books or book chapters, most recently "Risk Reconsidered, " a collection of articles and columns published in July 2018. She is also principal of ASA Risk Consultants, a Seattle-based firm. Searle is a pro bono advisor to the Seattle Police Department, and a member of the board of directors of the Seattle Public Library Foundation. Searle spent ten years at Washington Mutual Bank where for most of those years she chaired the crisis management team.

  • speaker photo
    Vanessa Pegueros
    Venture Investor, former CISO at DocuSign, US Bank, and Expedia

    Vanessa is a cybersecurity leader with over 16 years of security experience. She is currently serving on the Board of Carbon Black (CBLK) and BECU. She also is a venture partner with Flying Fish Partners in Seattle. Vanessa formally worked as the CISO at DocuSign and successfully managed through hyper growth and an IPO in 2018. She also was the SVP of Enterprise Security at US Bank, CISO at Expedia, and has held senior level security roles with Washington Mutual, Cingular, and AT&T Wireless. She has held numerous other roles specifically within the wireless arena, including Network Planning, Architecture & Engineering, Technical Sales, and Product Development.

    She has an MBA from Stanford University, an MS in Telecommunication from the University of Colorado, and a BS in Engineering from UC Berkeley. She holds GSEC, CRISC, CISM, and CISSP security certifications, as well as the Certified Information Privacy Professional Europe (CIPP/E) privacy certification.

  • speaker photo
    Ann Nagel
    Institutional Privacy Officer and former UW Associate CISO, University of Washington

    Ann Nagel is the Associate Vice Provost for Privacy, University Privacy Officer, and European Union General Data Protection Officer for the University of Washington (UW). She is responsible for developing a cohesive strategy for the humanitarian and legal aspects of privacy across the UW. To help ensure privacy is included in the design of the UW’s systems and services she collaborates closely with other individuals at the UW who have responsibility for managing and/or protecting personal data. Prior to her privacy role she was the Associate Chief Information Security Officer at the UW with responsibilities for policy, advising, education, incident management, and security-focused software development. She has also held consulting, auditing, and project management related positions.

  • speaker photo
    Melissa Van Buhler
    Cybersecurity & Data Privacy Attorney, Focal Law

    Melissa’s legal practice focuses on cybersecurity, privacy, and regulatory compliance. Her key strength is helping organizations achieve cyber resiliency through legal and regulatory compliance.

    Before joining Newman Du Wors in 2018, she served more than 15 years as a Judge Advocate General officer in the United States Army where she supported top-secret operations at the National Security Agency (NSA), United States Cyber Command, and United States Army Special Operations Command. During her tenure, Melissa gained unique insights into worldwide vulnerabilities to cyberattacks and helped develop best practices to combat them. She advised on the complex lifecycle of intelligence data collection from origination, use and sharing within and among intelligence agencies. Her data privacy expertise grew from advising on federal rules and regulations surrounding the robust oversight of intelligence activities, particularly in the complex world of signals intelligence.

    Melissa earned a master of laws in Information Technology & Intellectual Property from University of Colorado, Boulder in between assignments with intelligence organizations. She is also a combat veteran of Operation Iraqi Freedom having served one year with the 4th Infantry Division in Taji, Iraq, from 2005-2006.

  • speaker photo
    Kat Jungck
    Principal Enterprise Security Architect, F5 Networks

    Kat is an experienced cybersecurity practitioner with a background in both enterprise cybersecurity and secure product development with deep domain experience in cloud security, identity and access management, and secure product development. Kat enjoys working with local cybersecurity chapters and programs to recruit and develop the next generation of cybersecurity practitioners.

  • speaker photo
    Jordan Fischer
    Managing Partner, XPAN Law Group, LLC

    Jordan L. Fischer is co-founder and managing partner of XPAN Law Group, LLC, a boutique international cybersecurity and data privacy law firm, and certified Women-Owned. She focuses her practice on international data privacy and cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations, the GDPR, and the CCPA. Jordan has extensive experience in the intersection of law and technology. She is also an Assistant Professor of Law at the Thomas R. Kline School of Law at Drexel University.

  • speaker photo
    Ron Winward
    Security Evangelist, North America, Radware

    As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America.
    Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
    Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
    Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
    Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation.

  • speaker photo
    Michael Ray
    Manager, IT Security & Risk, Puget Sound Energy
  • speaker photo
    Bruce Sussman
    Director of Media & Content, Podcast Host, SecureWorld

    Emmy-winning journalist Bruce Sussman spent more than 20 years on TV screens in Portland, Oregon. During his "second career," he became fascinated by cybersecurity while working with CISOs at Gartner. He joined SecureWorld in 2017 to help grow its media division. Currently, he hosts the Remote Sessions daily web conference series and SecureWorld podcast published each Tuesday, and oversees news content for secureworldexpo.com. Sussman graduated from the University of Missouri School of Journalism back in the dark ages. Message him on LinkedIn if you'd like to connect!

  • speaker photo
    Austin McBride
    Threat Data Scientist, Cisco Umbrella

    Austin McBride is a Threat Data Scientist at Cisco Umbrella who identifies unclassified threat vectors, discovers emerging trends in malware distribution, and analyzes and evaluates the impact of security threats on customers. His current research focuses on the significance of cryptocurrency in the ever-evolving threat landscape, which abets malicious actors to remain anonymous while buying infrastructure and avariciously amassing profit that has been unprecedented in traditional financial markets in recent history. His background is in data mining, analytics, security research and data visualization. McBride regularly speaks at international security conferences and lives in San Francisco with his wife and their dog Spock.

  • speaker photo
    Gene Kingsley
    Risk Management and Program Implementation Manager, University of Massachusetts

    Gene Kingsley, Director of Security Operations Center where he leads his team to help protect the clients of Massachusetts Advanced Security Technologies.

  • speaker photo
    Melissa Van Buhler
    Cybersecurity & Data Privacy Attorney, Focal Law

    Melissa’s legal practice focuses on cybersecurity, privacy, and regulatory compliance. Her key strength is helping organizations achieve cyber resiliency through legal and regulatory compliance.

    Before joining Newman Du Wors in 2018, she served more than 15 years as a Judge Advocate General officer in the United States Army where she supported top-secret operations at the National Security Agency (NSA), United States Cyber Command, and United States Army Special Operations Command. During her tenure, Melissa gained unique insights into worldwide vulnerabilities to cyberattacks and helped develop best practices to combat them. She advised on the complex lifecycle of intelligence data collection from origination, use and sharing within and among intelligence agencies. Her data privacy expertise grew from advising on federal rules and regulations surrounding the robust oversight of intelligence activities, particularly in the complex world of signals intelligence.

    Melissa earned a master of laws in Information Technology & Intellectual Property from University of Colorado, Boulder in between assignments with intelligence organizations. She is also a combat veteran of Operation Iraqi Freedom having served one year with the 4th Infantry Division in Taji, Iraq, from 2005-2006.

  • speaker photo
    Tom Bechtold
    Digital Event Director, SecureWorld
  • speaker photo
    Sean Ventura
    CISO, Atmosera

    Sean has over 30 years of experience in the Information Technology field, with a focus on information security best practices and compliance. He currently serves as the Chief Information Security Officer at Atmosera, implementing and maintaining the company’s security posture, while providing security and compliance expert advisory to Atmosera’s clientele. Prior to Atmosera, Sean served as the Director of Infrastructure and Security for ESCO a global Steel manufacturer operating in a dozen countries across six continents. He brings extensive experience in management of lean teams of infrastructure and security professionals providing a reliable and secure environment across a wide range of regulatory and legal frameworks; and has held progressively more senior roles within Gogo Air, providing security advisory and design for all the commercial wireless services, DDB/Omnicom, a worldwide marketing communications firm, as well as financial institutions, and national retail chains.

  • speaker photo
    Moderator: Abhijit Solanki
    Founder & Managing Director, Whiteboard Venture Partners

    Abhijit Solanki is the founder of Whiteboard Venture Partners, an early stage venture capital firm helping entrepreneurs achieve their whiteboard dreams.

  • speaker photo
    Ashish Popli
    Director of Product Security, Privacy & Compliance, UiPath

    Ashish thrives on pragmatism, innovation and building teams that deliver a promise. He started his career over 20 years ago, as a computer scientist in upstate NY, and since then has been learning the 'art of impossible', by wearing multiple hats, including writing code, conducting pen tests, finding and fixing security bugs, building and shipping security products, conducting customer facing security engagements, building red teams, building global teams, writing and communicating with executive management around risk management topics, building systems using machine learning to contain product abuse, and most recently taking his experience and drive for being pragmatic about security, to make a rocket ship (that is UiPath, fastest growing enterprise software company), a place where security, privacy and compliance takes the right seat on the table.

  • speaker photo
    Garrett Whitney
    CIO, Delta Dental of Washington

    Garrett Whitney is the Chief Information Officer at Delta Dental of Washington, the largest dental benefits provider in Washington State. He developed a passion for technology at an early age by learning to program Pascal, C, and 8086 Assembly languages prior to graduating high school. Garrett is a veteran of the United States Navy, specializing in Electronic Warfare, and developed his systems and security engineering skills with an embedded software start-up in the 3G mobile telecommunications sector before joining Delta Dental in 2002. His current areas of focus include transitioning the organization to a product management model and developing the DevSecOps capabilities, building data driven decision making across teams through advanced analytics capabilities, and leveraging technology for automation to optimize operating cost structure.

  • speaker photo
    Karen Holmes
    VP and CISO, TrueBlue Inc.

    Karen Holmes is the Vice President and CISO at True Blue, where she is responsible for Cybersecurity, Technology Governance, Risk and Compliance, Networking, and Telecommunications. On a mission to drive automation and orchestration, she is focused on improving overall seamless and secure user experiences while creating an innovative atmosphere of "I have a crazy idea that just might work." Prior to taking on her role at True Blue, Karen gained experience at Recreational Equipment Inc. (REI), Carnival Corporation, Holland America Lines, and JP Morgan Chase.

  • speaker photo
    Stephen Purpura
    Founder, [Stealth Mode]

    Stephen Purpura is an American entrepreneur and an applied machine learning researcher. He has co-founded four companies that focus on evolving the future of work, including Context Relevant (renamed Versive and acquired by eSentire) and SkyEye LLC (also acquired). He holds degrees from Harvard University’s Kennedy School of Government and the University of Washington. Stephen is currently working to prove out a new product idea at an early new company.

  • speaker photo
    Jack Freund, PhD
    Director, Risk Science, FAIR Institute

    Dr. Jack Freund is a leading voice in cyber risk measurement and management. He is an expert at building relationships to collaborate, persuade, and sell information risk and security programs. Jack is currently serving as Director, Risk Science at RiskLens and previously worked for TIAA as Director, Cyber Risk. Jack holds a PhD in Information Systems and has been named an IAPP Fellow of Information Privacy. Jack’s book on quantifying risk (Measuring and Managing Information Risk: A FAIR Approach) was inducted into the Cybersecurity Canon in 2016. Jack’s writings have appeared in the ISSA Journal and he currently writes a column for the @ISACA newsletter.

  • speaker photo
    Brian Cady
    Principal Enterprise Security Architect, Providence St. Joseph Health

    Brian Cady has been working in the information technology industry for more than 20 years with an exceptionally broad background focusing on security, architecture and future technologies. Brian has held leadership positions for IBM and Microsoft along with banking, airline and gaming companies. He is currently leading the Security Strategy & Architect teams for one of the largest healthcare providers in the country and is pursuing a Master of Science degree in Information Systems Management through the University of Salford in Manchester England.

  • speaker photo
    Jeff Raymond
    Sales Engineer, Avanan

    Jeff Raymond is a Seattle, WA based Cloud Security Engineer at Avanan. While working for companies ranging from security giants to start-ups, he has found his passion in protecting organizations from phishing attacks and securing their cloud applications. Outside of work, he can either be found snowboarding or wakesurfing (depending on the season) or geeking out in his home lab.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Gene Kingsley
    Risk Management and Program Implementation Manager, University of Massachusetts

    Gene Kingsley, Director of Security Operations Center where he leads his team to help protect the clients of Massachusetts Advanced Security Technologies.

  • speaker photo
    Tom Muehleisen
    Director of Cyber Operations, Norwich University Applied Research Institutes

    Tom Muehleisen, CISSP and Retired Army Lieutenant Colonel, is a proven leader in cybersecurity. He is currently the Director of Cyber Operations for NUARI, a non-profit focused on improving our nation’s cybersecurity. He has a rich emergency management background as a National Guardsman, ranging from fighting fires to writing Washington State’s cyber response plan. After retiring from the military, he continued his efforts to secure Critical Functions and Community Lifelines though education, outreach and exercises. His experiences as a senior leader in Army Information Operations give him a particularly deep view of adversary motivations, which he brings to the classroom.

  • speaker photo
    Happy Hour
  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Gene Kingsley
    Risk Management and Program Implementation Manager, University of Massachusetts

    Gene Kingsley, Director of Security Operations Center where he leads his team to help protect the clients of Massachusetts Advanced Security Technologies.

  • speaker photo
    Tom Muehleisen
    Director of Cyber Operations, Norwich University Applied Research Institutes

    Tom Muehleisen, CISSP and Retired Army Lieutenant Colonel, is a proven leader in cybersecurity. He is currently the Director of Cyber Operations for NUARI, a non-profit focused on improving our nation’s cybersecurity. He has a rich emergency management background as a National Guardsman, ranging from fighting fires to writing Washington State’s cyber response plan. After retiring from the military, he continued his efforts to secure Critical Functions and Community Lifelines though education, outreach and exercises. His experiences as a senior leader in Army Information Operations give him a particularly deep view of adversary motivations, which he brings to the classroom.

  • speaker photo
    Janet Lawless
    CEO & Founder, Center for Threat Intelligence

    Janet is CEO and Founder of Center for Threat Intelligence. Janet established a team of intelligence experts to build a cutting-edge threat intelligence consulting, training and a certification program for Certified Threat Intelligence Professionals (CTIP). We are a proud provider for The National Initiative for Cybersecurity Education (NICE), Department of Homeland Security (DHS). Janet’s former leadership roles at Microsoft and Cisco, creating and managing global programs focused on compliance and security, in addition to her work at a managed security start-up, brings a wealth of knowledge in security services. Janet is a member of InfraGuard and Pacific Coast Analyst Roundtable. Janet is a former Board Member for the American Red Cross and Big Brother/Big Sister organizations. She volunteers for the American Red Cross and Community Emergency Response Team. Janet also founded PCs 2 Vets.

  • speaker photo
    Samantha Dutton
    President , DuHart Consulting

    Dr. Samantha Dutton is the President of DuHart Consulting where she works with her husband in addressing cybersecurity business needs, as it impacts the human factor. She is also an Associate Dean and the Director of the Social Work Program in the College of Social and Behavioral Sciences at the University of Phoenix. She is a Licensed Clinical Social Worker and holds a PhD in Social Work and Social Research. Dr. Dutton served over 25 years in the United States Air Force, retiring as Lieutenant Colonel. She held positions of Deputy Commander of Medical Operations at Mike O’Callaghan Military Medical Center as well as the Medical Squadron at Joint Base Lewis-McChord. She also commanded the Mental Health Clinic at Nellis Air Force Base. She has been the recipient of numerous Air Force level awards and was deployed in support of Operation Iraqi Freedom and Operation Enduring Freedom where she was the lone mental health practitioner for 2500 personnel. Dr. Dutton’s passions include military transition, single parents serving in the military and ensuring veterans have access to services. She has recently embarked on a venture with her husband to address the needs of the cybersecurity profession. She has presented in different forums surrounding these passions as well as publishing an article on single parents in the Air Force. Dr. Dutton created the military social work curriculum for online institution where she brought real world experience and research to the program. Dr. Dutton is married and has 4 children and a granddaughter.

  • speaker photo
    Andrew Dutton
    CISO, DuHart Consulting

    Strategic Global Cybersecurity leader that is accomplished in complex multinational organizations. Strong interpersonal skills and communicator. Extensive experience in cybersecurity, compliance, governance, architecture. Expert in deployment of enterprise standards, processes, and policies. Strong project management experience. Dedicated and well versed in analyzing and mitigating risk, deployment of cost-effective solutions based on business requirements, and technical architecture. Adept in changing culture and developing engaged/motivated teams as well as working individually with resources.

  • speaker photo
    Wolfgang Goerlich
    Strategist, MiSec Community

    J Wolfgang Goerlich is an active part of the Michigan security community. He hosts a YouTube video series and the Encode/Decode Security Podcast. Wolfgang regularly advises on and presents on the topics of risk management, incident response, business continuity, secure development life cycles, and more.

  • speaker photo
    Kevin J. Murphy
    Lieutenant Colonel, US Air Force (Ret)

    Kevin was the VP of Cybersecurity Operations and Governance at IOActive.com, a retired US Air Force intelligence officer, and the former Director of Windows Security Architecture at Microsoft with over 25 years of experience in threat intelligence and information security. Kevin holds the following security certifications. CISM, CISSP, CGEIT.

  • speaker photo
    Mark Gelhardt
    CIO, Georgia State Defense Force, Former CIO, The White House

    Colonel Gelhardt, at the pinnacle of his military career was selection to work at The White House as the CIO, supporting President Clinton, the VP, the White House Staff, and the U.S. Secret Service managing all the classified automation and telecommunications. Colonel Gelhardt is a combat veteran. Colonel Gelhardt is a well-known speaker and the author of “My time at the Clinton White House”. Since retiring from active service, Colonel Gelhardt has volunteer with many different service organizations. Currently he is the Chief Information Officer for the Georgia State Defense Force and all volunteer force keeping your state safe.

  • speaker photo
    Book Signing
  • speaker photo
    Jeanette Rogers
    Director of Learning, Kalles Group

    Jeanette Rogers is the Director of Learning at Kalles Group, helping companies build world-class security awareness and training solutions. She has over a decade of experience in design, development, and delivery of global corporate technology-based programs and holds a Master's degree from Stanford University.

  • speaker photo
    Sonja Torseth
    Sr. Training Consultant, Kalles Group

    Sonja Torseth is a Senior Training Consultant at Kalles Group. She designs communications strategy and learning experiences with a sharp focus on end-goals: to affect staff behavior change, especially for security risk mitigation. She has more than 10 years’ experience in communications, learning design, and project delivery, and holds a B.S. degree from Texas Tech University.

  • speaker photo
    Tom Bechtold
    Digital Event Director, SecureWorld
  • speaker photo
    Barbara Endicott-Popovsky
    Executive Director, Center for Information Assurance and Cybersecurity, University of Washington

    Barbara Endicott-Popovsky, Ph.D., is Executive Director of the Center for Information Assurance and Cybersecurity at the University of Washington, recently re-designated by NSA/DHS as a Center of Academic Excellence in Cyber Defense Education, headquartered at UW Bothell, and a Center of Academic Excellence in Research, headquartered at the APL (Applied Physics Lab). She is a Principal Research Scientist at APL; an Affiliate Professor at UW Bothell’s Department of Computer Science and Systems and UW Seattle’s Department of Urban Planning and Management for the Master of Infrastructure Planning and Management, and adjunct faculty at University of Hawaii Manoa’s Department of Information and Computer Science. She was named Department Fellow at Aberyswyth University Wales (2012). Her academic career follows a 20-year career in industry marked by executive and consulting positions in IT architecture and project management.

  • speaker photo
    Brian Shea
    Director of Security - GRC, Microsoft

    Brian is an IT Executive with 25 years of experience from IT Operations and Support, Security, through Compliance, Risk Management, and Technology Innovation. As part of his tenure at Microsoft he has been supporting Supply Chain security and compliance for the last 7 years including hardware supply chain, software supply chain, and vendor / supplier management.

  • speaker photo
    Mukesh Dixit
    CTO, WA State Department of Labor and Industries

    Chief Technology Officer at Washington State Department of Labor and Industries. Expert level grasp on IT Security governance and management of security in application, infrastructure and cloud domains. Spearheaded teams to do FedRAMP assessments of major cloud service provider giants in the industry. Certifications include CISSP, CCSP, CISA, PCIP, PMP, and AWS-SAA. Formerly PCI-QSA certified with a PCI assessor.

  • speaker photo
    Adam Shostack
    Leading Expert on Threat Modeling, Shostack & Associates

    Adam is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and advises startups including as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.

  • speaker photo
    Craig Spiezle
    Founder & Managing Director, AgeLight Digital Trust Advisory Group

    Craig Spiezle is the founder and managing partner of AgeLight Advisory Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.

  • speaker photo
    Andy Purdy
    Chief Security Officer, Huawei Technologies USA

    Andy is Chief Security Officer for Huawei Technologies USA, overseeing Huawei USA's cybersecurity assurance program and supporting Huawei’s global assurance program. Andy is the Huawei global lead for the East-West Institute Global Cooperation in Cyberspace Initiative and serves on the Steering Committee of The Open Group Trusted Technology Forum, which developed the Open Trusted Technology Provider Standard (O-TTPS), recognized as ISO/IEC 20243.

    Andy was the senior cybersecurity official of the U.S. Government from 2004-2006. Prior to joining the Department of Homeland Security, Andy was a member of the White House staff where he helped to draft the U.S. National Strategy to Secure Cyberspace (2003), after which he went to the Department of Homeland Security (DHS) where he helped to form and then led the National Cyber Security Division (NCSD) and the U.S. Computer Emergency Readiness Team (US-CERT).

  • speaker photo
    Jerry Vergeront
    Attorney, Vergeront Law, PLLC

    Jerry Vergeront is the founder and attorney at Vergeront Law, PLLC. With over 25 years in Information Security before becoming an attorney, he brings an industry understanding to data security, privacy, and compliance law.

  • speaker photo
    Ronald Watters
    Regional Cybersecurity Advisor, DHS Cybersecurity and Infrastructure Security Agency (CISA)

    Ron Watters currently serves as the Region X (WA, OR, AK, ID) Cybersecurity Advisor for the Stakeholder Engagement and Cyber Infrastructure Resilience Division of the Office of Cybersecurity and Communications (CS&C) National Protection and Programs Directorate (NPPD). Based in Seattle, WA, he supports the Department of Homeland Security (DHS) mission of strengthening the security and resilience of the nation's critical infrastructure. His program coordinates cyber preparedness, risk mitigation and incident response, and provides cyber security resources, including assessments, to the nation's sixteen critical infrastructure sectors and state, local, tribal, and territorial government entities. Prior to joining DHS, Watters served 27 years with the U.S. Navy and Naval Reserve as a Submarine Sonar Technician and Diver, retiring from the US Navy in 2007. Recalled to Active duty following 9/11, he was offered a position as the Deputy, Information Systems Management Officer with the 4th Marine Corps recruiting District in New Cumberland, PA. He rose to the position of S-6 before leaving in 2009 to take a position as the Chief, Information Assurance Division, Network Enterprise Center Ft Irwin, CA. Watters remained in that position until leaving to become the Branch Manager of the Cybersecurity Branch of the Puget Sound Naval Shipyard in March of 2016 and, soon after, as the Region X Cybersecurity advisor in June of 2017, which he currently holds.

  • speaker photo
    Andrew Dutton
    CISO, DuHart Consulting

    Strategic Global Cybersecurity leader that is accomplished in complex multinational organizations. Strong interpersonal skills and communicator. Extensive experience in cybersecurity, compliance, governance, architecture. Expert in deployment of enterprise standards, processes, and policies. Strong project management experience. Dedicated and well versed in analyzing and mitigating risk, deployment of cost-effective solutions based on business requirements, and technical architecture. Adept in changing culture and developing engaged/motivated teams as well as working individually with resources.

  • speaker photo
    Barbara Endicott-Popovsky
    Executive Director, Center for Information Assurance and Cybersecurity, University of Washington

    Barbara Endicott-Popovsky, Ph.D., is Executive Director of the Center for Information Assurance and Cybersecurity at the University of Washington, recently re-designated by NSA/DHS as a Center of Academic Excellence in Cyber Defense Education, headquartered at UW Bothell, and a Center of Academic Excellence in Research, headquartered at the APL (Applied Physics Lab). She is a Principal Research Scientist at APL; an Affiliate Professor at UW Bothell’s Department of Computer Science and Systems and UW Seattle’s Department of Urban Planning and Management for the Master of Infrastructure Planning and Management, and adjunct faculty at University of Hawaii Manoa’s Department of Information and Computer Science. She was named Department Fellow at Aberyswyth University Wales (2012). Her academic career follows a 20-year career in industry marked by executive and consulting positions in IT architecture and project management.

  • speaker photo
    Ron Winward
    Security Evangelist, North America, Radware

    As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America.
    Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
    Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
    Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
    Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation.

  • speaker photo
    Ethan Sailers
    Solutions Engineer, OneTrust

    Ethan Sailers serves as a Privacy Engineer at OneTrust, the largest and most widely-used dedicated privacy management technology platform to operationalize privacy, security, and third-party risk management. In his role, he advises companies large and small on EU GDPR, California Consumer Privacy Act (CCPA), Brazil LGPD, and hundreds of the world's privacy laws, focused on formulating efficient and effective responses to data protection requirements as well as building and scaling privacy programs. Ethan is a Certified Information Privacy Professional (CIPP/E, CIPM), and earned a Bachelor of Science in Industrial and Systems Engineering from the Georgia Institute of Technology.

  • speaker photo
    Jeanette Rogers
    Director of Learning, Kalles Group

    Jeanette Rogers is the Director of Learning at Kalles Group, helping companies build world-class security awareness and training solutions. She has over a decade of experience in design, development, and delivery of global corporate technology-based programs and holds a Master's degree from Stanford University.

  • speaker photo
    Sonja Torseth
    Sr. Training Consultant, Kalles Group

    Sonja Torseth is a Senior Training Consultant at Kalles Group. She designs communications strategy and learning experiences with a sharp focus on end-goals: to affect staff behavior change, especially for security risk mitigation. She has more than 10 years’ experience in communications, learning design, and project delivery, and holds a B.S. degree from Texas Tech University.

  • speaker photo
    Jake Bernstein, Esq.
    Attorney, Focal PLLC

    Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.

  • speaker photo
    Melissa Van Buhler
    Cybersecurity & Data Privacy Attorney, Focal Law

    Melissa’s legal practice focuses on cybersecurity, privacy, and regulatory compliance. Her key strength is helping organizations achieve cyber resiliency through legal and regulatory compliance.

    Before joining Newman Du Wors in 2018, she served more than 15 years as a Judge Advocate General officer in the United States Army where she supported top-secret operations at the National Security Agency (NSA), United States Cyber Command, and United States Army Special Operations Command. During her tenure, Melissa gained unique insights into worldwide vulnerabilities to cyberattacks and helped develop best practices to combat them. She advised on the complex lifecycle of intelligence data collection from origination, use and sharing within and among intelligence agencies. Her data privacy expertise grew from advising on federal rules and regulations surrounding the robust oversight of intelligence activities, particularly in the complex world of signals intelligence.

    Melissa earned a master of laws in Information Technology & Intellectual Property from University of Colorado, Boulder in between assignments with intelligence organizations. She is also a combat veteran of Operation Iraqi Freedom having served one year with the 4th Infantry Division in Taji, Iraq, from 2005-2006.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store