Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, November 9, 2022
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 4:30 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    Joint Chapter Meeting: ISSA Puget Sound, ISSA Portland, and Cloud Security Alliance Seattle
    • session level icon
    Panel Discussion: Identity in a Zero Trust Environment
    speaker photo
    Managing Director, Cloud Security, TIAA
    speaker photo
    Sr. Director, Information Security & Compliance, Chipotle Mexican Grill
    speaker photo
    Director, Asset Protection, BECU
    Registration Level:
    • session level iconOpen Sessions
    7:30 am - 8:30 am
    Location / Room: Keynote Theater

    Open to all attendees.

    7:30 am
    [PLUS Course] Privacy & Security by Design & Default: Understanding the Convergence of Law, Policy & Technology
    • session level icon
    Part 1: Trends in the Law: An Overview of the Regulatory & Legal Landscape
    speaker photo
    Cyber Attorney, Global Leader of Privacy Practice Group, Octillo Law
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am
    Location / Room: 403

    Attendees are eligible to receive 18 CPE credits (including 12 CPEs from the Conference Pass).

    Increasingly, each country, and even each state, is providing unique legal solutions to data privacy and security. For businesses that cross borders, both national and domestic, this creates distinct challenges to building effective solutions. These evolving privacy, security and technology requirements are impacting the growth and innovation within companies, requiring strategic decisions regarding risk, legal liability, and strategic planning.

    Often, the concepts of security and privacy by design and by default are built into these legal requirements. But, understanding the requirements of the law, and translating those requirements into technological solutions can be challenging. This workshop will provide in-depth understanding of those legal requirements, and provide a framework to help the industry incorporate these core concepts of design within technology.

    The course will start with an overview of general privacy and security legal and policy principles, and then will focus on two key laws that are pushing the privacy and security laws: the European Union’s General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”). Using these laws, we will discuss case studies, and how to communicate, plan, and strategize on products and solutions that incorporate privacy and security requirements.

    The course will include both lecture and hands-on exercises. The goal is for attendees to take away tools and strategies to bring this conversation to their teams and departments.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 4:30 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    Advisory Council Roundtable Breakfast – (VIP / Invite only)
    • session level icon
    speaker photo
    Distinguished Fellow, ISSA
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:50 am
    Location / Room: 402

    This roundtable discussion is for our Advisory Council members only.

    8:00 am
    A Whole Lotta BS (Behavioral Science) About Cybersecurity
    • session level icon
    speaker photo
    Executive Director, National Cybersecurity Alliance
    Registration Level:
    • session level iconConference Pass
    8:00 am - 8:50 am
    Location / Room: 404

    Let’s be honest: people can frustrate us. They don’t always do the things we’d like, and they often do some things we’d rather they didn’t. New research from the National Cybersecurity Alliance reveals insights about the public’s attitudes and beliefs about security.  We’ll explore the 2022 “Oh Behave! Cybersecurity Attitudes and Behaviors Report,” and some of the findings may surprise you! We’ll also give you practical, actionable advice on how you can better communicate to influence the behavior change you want to see.

     

    9:00 am
    [Opening Keynote] Cloud-Native Security Operations
    • session level icon
    speaker photo
    Director, Product Management, Security, Google
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    Location / Room: Keynote Theater

    Security is inherently a big data problem today. As SOC analysts investigate attacks, the ability to correlate data across a variety of sources is critical, and doing that well requires a scalable platform that can provide the vehicle for investigation and analytics. In addition, security operations tools need to beyond just providing a generic data lake and also provide the right capability around threat intelligence, detection analytics, and access to quality IR personnel. This session will review how next generation SOC platforms running natively in the cloud are uniquely positioned to solve customer challenges versus traditional SIEM platforms.

    9:45 am
    Networking Break & Professional Headshots
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 2:00 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall for solution vendor displays or connect with attendees.

    Get your complimentary professional headshot! A photographer will be onsite Day 1 from 9 a.m. to 2 p.m. in the Exhibitor Hall.

    10:15 am
    Securing the Supply Chain
    • session level icon
    speaker photo
    Deputy CISO, State of Washington
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am
    Location / Room: 405

    Session description to come.

    10:15 am
    Deriving Insight from Threat Actor Infrastructure
    • session level icon
    speaker photo
    Threat Research Analyst, Team Cymru
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am
    Location / Room: 404

    From proactively hunting for unknown attacker infrastructure, to placing the exploitation of vulnerabilities on a timeline often obscured by large spikes in activity. This talk will explore ways in which we can enrich our understanding of the threat landscape beyond that which is shared in threat feeds and reports.

    10:15 am
    The Proliferation of Privacy Laws: What Cybersecurity Professionals Need to Know
    • session level icon
    speaker photo
    Partner - Data Protection, Privacy & Security Group, K&L Gates LLP
    speaker photo
    Associate - Data Protection, Privacy & Security Group, K&L Gates LLP
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am
    Location / Room: 406

    Key Takeaway:
    Strategize for the coming year by reflecting on a watershed period in cybersecurity law, investigating case studies, and exploring enforcement actions.

    The past three years were saturated with change and upheaval. From state-level battles concerning private rights of action to the adoption of privacy laws across the globe, the data protection and security industry refuses to stand still.

    This session looks forward to 2023 by chronicling years past. Forthcoming legislation and regulations tackling data protection respond to pitfalls and triumphs under existing structures. To that end, this session encourages cybersecurity professionals to examine:

    • The content of and consequences arising from new state privacy bills in California, Connecticut, Colorado, Virginia, and Utah, and their accompanying regulations
    • The United States’ proposed American Data Privacy and Protection Act
    • Updates to global privacy laws, including those in the European Union, Brazil, South Africa, and China
    • How the FTC’s renewed focus on unfair practices can impact companies with poor data protection protocols
    • Increasingly common problems, such as rampant data breach liability, ransomware vulnerability, and phishing scams
    11:10 am
    Data vs. Systems Protection: The New Cybersecurity School of Thought
    • session level icon
    speaker photo
    CISO, AAA Washington
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am
    Location / Room: 405

    The average individual has had their personal data compromised at least seven times in the past several years. This has spawned industries that are providing products and solutions to help people be made whole again with minimal effort.

    In a time when we are becoming tone deaf to data security breaches, we are acutely aware of breaches that have far greater impact than data confidentiality. Ransomware and denial of service attacks are proving to cause a more harmful impact to organizations than data breaches. Yet, the cybersecurity profession continues to emphasize data protection as its primary concern.

    This session will explore whether cybersecurity professionals and supporting product and solution providers should be changing their emphasis from data protection to systems protection to address the new threat and risk landscape.

    11:10 am
    Securing Your Sensitive Assets in a Cloud-First World
    • session level icon
    speaker photo
    Security, Cyral
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am
    Location / Room: 406

    Key take-away: 
    How to rethink database security controls in a cloud-first world.

    For most organizations, data repositories hold our most sensitive, mission critical assets. The advent of the internet introduced new external threats and an ever-growing attack surface, prompting IT teams to start focusing on the protection of data repositories.

    As enterprises continue their digital transformation journeys, data repositories and the sensitive assets within are more exposed than ever before for several reasons, including a dramatic rise in the:

    • Amount of data created, collected, and stored
    • Number of repositories storing sensitive data across clouds
    • Number of users and applications that need access to dataIn this talk, we’ll address how organizations can avoid top threats facing your data repositories with GitOps and how to safely democratize access to data repositories across clouds.

    Presentation Level: MANAGERIAL (security and business leaders)

    11:10 am
    Zero Trust Segmentation – Easier Than You Think
    • session level icon
    speaker photo
    Sr. Systems Engineer, Illumio
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am
    Location / Room: 404

    Zero Trust has got to be one of the most talked about themes in cyber security.  While the term means different things to different people, there are two things that can be agreed on:  it’s a journey worth taking and segmentation is a key pillar of that journey. The next question always is how do you get started?

    Regardless of the sophistication of the ransomware, the end goal is always the same:  get in through a vulnerability and move laterally through your network.  Join this presentation as we help peel back the layers to provide you simple steps to get started that include:

    • Gaining visibility to where you are the most vulnerable
    • Closing risky ports
    • Leveraging tools you already have in place without adding layers of complexity

    While the journey can seem intimidating, we’ll help you realize that it doesn’t take a team of 100 or a PhD to deploy zero trust segmentation that will protect your organization and keep ransomware at bay.

    12:00 pm
    [Lunch Keynote] Predicting Security Events: A Machine Learning Approach
    • session level icon
    speaker photo
    Chief Data Scientist, Kenna Security (a Cisco company)
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm
    Location / Room: Keynote Theater

    Security is overdue for actionable forecasts. Like predicting the weather, similar models should work for vulnerabilities. With some open source data and a clever machine learning model, the open source EPSS model predicts which vulnerabilities will be exploited in the next 30 days. The author is one of the creators of EPSS and will walk through the history of vulnerability predictions, how the team from Virginia Tech, RAND, Cisco, and Cyentia came together to create the model (and how they got the patent licenses), and what the future of predictive security holds for XDR.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    speaker photo
    Sr. Director, Cyber GRC, General Communications, Inc. (GCI)
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 12:45 pm
    Location / Room: 402

    Advisory Council – VIP / INVITE ONLY

    12:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:45 pm - 1:15 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    1:15 pm
    [Panel] The Current Threat Landscape
    • session level icon
    speaker photo
    Chief Security Strategist, BeyondTrust
    speaker photo
    Sr. Product Manger for Email Threat Protection, Carbonite and Webroot, OpenText Security Solutions
    speaker photo
    Solutions Engineering Manager, Proofpoint
    speaker photo
    AD Security and Management Team Lead, One Identity
    speaker photo
    Founder & President, AgeLight Advisory & Research Group
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    If we’ve learned one thing from the pandemic it’s that cybercriminals do not take breaks. They are constantly retooling and trying new approaches. They collaborate—often better than we do. It is time for us to join forces, identify the most likely of risks to our organizations, and strengthen our networks. We’ve got to get our developers on board, as well, as it’s got to be secure before it goes to market. And what about all the careless clicking from employees?

    It’s a huge task, but we don’t have to do it alone. Join our panel of experts as they unpack the current threat landscape and offer ideas on how to start making effective changes within your organization.

    1:15 pm
    Online Consumer Privacy Is Too Complicated for Consumers
    • session level icon
    speaker photo
    Business Information Security Officer (BISO), T-Mobile USA
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:15 pm
    Location / Room: 406
    Are you using basic tools to protect yourself, your company, and your family? The consumer has no idea what personal information they are sharing or how they’re tracked online. Let’s talk about how our industry can address this challenge to protect the consumer from themselves.
    Presentation Level: GENERAL (InfoSec best practices, trends, solutions, etc.)
    1:15 pm
    Why Should You Care About HIPAA
    • session level icon
    How to Build and Scale Secure and Compliant SaaS Business in Healthcare
    speaker photo
    CTO & CISO, AIDA Healthcare
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:00 pm
    Location / Room: 404

    Key Takeaway: How to adopt HIPAA in a small to mid-level organization.

    Security and compliance in the healthcare world are very important. HIPAA is a cornerstone of the security frameworks that brings a special mindset to cyber defense. We will dive into the aspects of HIPAA that are relevant to CISOs in all stages of the startup.

    2:30 pm
    [Panel] Cloudy with a Chance of Breach
    • session level icon
    speaker photo
    CEO & CTO, InGuardians, Inc.
    speaker photo
    MDR Specialist, Open Systems
    speaker photo
    Principal Researcher Engineer, Expel
    speaker photo
    Enterprise Sales Manager, Cloud, SentinelOne
    speaker photo
    Director of Solution Architecture, Cymulate
    speaker photo
    Distinguished Fellow, ISSA
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 3:15 pm
    Location / Room: Keynote Theater

    The cloud saved many businesses when the pandemic hit. Some were already there and found new ways to thrive. For others, it was their first jump. It’s been almost two years now. Our panel will share what we’ve learned in this journey to the cloud—from doing more with less, to the ever-present insider threat risk, to supporting our DevOps teams like never before.

    2:30 pm
    Threat Intelligence Made Easy—from IP to APT
    • session level icon
    speaker photo
    Threat Intelligence Consultant, North America West, Recorded Future
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 3:15 pm
    Location / Room: 404

    With Recorded Future, organizations of any maturity or size can implement threat intelligence into their processes and receive value. This session walks through how to do this, from enrichment and detection rules in integrations, efforts to make the product easier to use and have fewer clicks to actionable intelligence, to an advanced query builder and in-depth research from the Insikt Group.

    3:15 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 3:45 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    3:45 pm
    The CISO's Journey to a Board Position
    • session level icon
    speaker photo
    Board Member, Cybersecurity Leader, Angel Investor
    Registration Level:
    • session level iconConference Pass
    3:45 pm - 4:30 pm
    Location / Room: 406

    CISOs often make solid contributors to boards—be it with public or private companies of varying sizes, non-profits, or with organizations with a cause that is near and dear to their heart—but lots of thought must go into the journey to becoming a board member.

    Takeaways from this session will include:

    • Answering the questions, “Is board work something I want to do?” and “Is it something that plays to my strengths?” (Board positions are typically for CISOs with a knack for governance and big-picture thinking; not for the super technical, for instance.)
    • What every CISO needs to do to prepare to become a board member; it’s a multi-year journey (taking our speaker five years to achieve).
    • You’re ready, you have the experience, so what do you need to do next? (Such as networking and preparing a board bio, which is very different from a resume.)
    3:45 pm
    [PLUS Course] Privacy & Security by Design & Default: Understanding the Convergence of Law, Policy & Technology
    • session level icon
    Part 2: Privacy by Design & by Default: The Legal & Policy Requirements
    speaker photo
    Cyber Attorney, Global Leader of Privacy Practice Group, Octillo Law
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm
    Location / Room: 403

    Increasingly, each country, and even each state, is providing unique legal solutions to data privacy and security. For businesses that cross borders, both national and domestic, this creates distinct challenges to building effective solutions. These evolving privacy, security and technology requirements are impacting the growth and innovation within companies, requiring strategic decisions regarding risk, legal liability, and strategic planning.

    Often, the concepts of security and privacy by design and by default are built into these legal requirements. But, understanding the requirements of the law, and translating those requirements into technological solutions can be challenging. This workshop will provide in-depth understanding of those legal requirements, and provide a framework to help the industry incorporate these core concepts of design within technology.

    The course will start with an overview of general privacy and security legal and policy principles, and then will focus on two key laws that are pushing the privacy and security laws: the European Union’s General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”). Using these laws, we will discuss case studies, and how to communicate, plan, and strategize on products and solutions that incorporate privacy and security requirements.

    The course will include both lecture and hands-on exercises. The goal is for attendees to take away tools and strategies to bring this conversation to their teams and departments.

    4:00 pm
    Happy Hour
    • session level icon
    Sponsored by Team Cymru
    Registration Level:
    • session level iconOpen Sessions
    4:00 pm - 5:30 pm
    Location / Room: Rainier Terrace (4th Floor)

    Join your peers for conversation and complimentary beer, wine, and soda. This is a great opportunity to network with other security professionals from the area, and to discuss the hot topics from the day.

    Generously sponsored by:

  • Thursday, November 10, 2022
    7:00 am
    Registration open
    Registration Level:
    7:00 am - 4:30 pm

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    [PLUS Course] Privacy & Security by Design & Default: Understanding the Convergence of Law, Policy & Technology
    • session level icon
    Part 3: Operationalizing Privacy by Design & by Default
    speaker photo
    Cyber Attorney, Global Leader of Privacy Practice Group, Octillo Law
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am
    Location / Room: 403

    Increasingly, each country, and even each state, is providing unique legal solutions to data privacy and security. For businesses that cross borders, both national and domestic, this creates distinct challenges to building effective solutions. These evolving privacy, security and technology requirements are impacting the growth and innovation within companies, requiring strategic decisions regarding risk, legal liability, and strategic planning.

    Often, the concepts of security and privacy by design and by default are built into these legal requirements. But, understanding the requirements of the law, and translating those requirements into technological solutions can be challenging. This workshop will provide in-depth understanding of those legal requirements, and provide a framework to help the industry incorporate these core concepts of design within technology.

    The course will start with an overview of general privacy and security legal and policy principles, and then will focus on two key laws that are pushing the privacy and security laws: the European Union’s General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”). Using these laws, we will discuss case studies, and how to communicate, plan, and strategize on products and solutions that incorporate privacy and security requirements.

    The course will include both lecture and hands-on exercises. The goal is for attendees to take away tools and strategies to bring this conversation to their teams and departments.

    8:00 am
    Exhibitor Hall open
    Registration Level:
    8:00 am - 4:30 pm

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    Washington State InfraGard Chapter Meeting
    • session level icon
    Discussion Topic: Maelstrom of Security
    speaker photo
    CEO & Founder, Center for Threat Intelligence
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:50 pm
    Location / Room: Keynote Theater

    This session is designed for individuals responsible for their organizations’ Confidentiality, Integrity, and Availability—from the front door firewall administrator with IDS/IPS, Cloud, compliance and governance, and networking all the way to the Chief Executives of an organization. In a world of ever-changing threat landscape, this session will cover the overall magnitude of the challenge, the evolution as it took place, and what to do about fixing it with what is in our hands today. Discussing throughout how to speak to the C-Suite and get the business side of the conversation to move forward with better security hygiene. The question of how much security is enough will be answered. This session is truly about information security risk. The risk is Very High to all organizations. The NIST 800-30 defines Very High Risk as that of a threat event that could be expected to have multiple, severe, or catastrophic adverse effects on organizational operations, organizational assets, individuals, other organizations, or the Nation. The topics will be open and free flowing, discussing real-world business issues with the ability to ask questions.

    9:00 am
    [Opening Keynote] BEC Attacks, Crypto, and the Investigative Powers of the Secret Service
    • session level icon
    speaker photo
    Financial Analyst (Forensics), United States Secret Service - San Francisco Field Office
    speaker photo
    Incident Response & Data Privacy Compliance Attorney, Octillo Law
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    Location / Room: Keynote Theater
    9:45 am
    Networking Break
    Registration Level:
    9:45 am - 10:15 am

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    10:15 am
    Encryption and Quantum Computing - Breaking It Down
    • session level icon
    speaker photo
    Security & Privacy Information Systems Leader, Philips
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am
    Location / Room: 405
    This presentation will discuss the current state of encryption and why it won’t be sufficient in the world of Quantum computing. We will look at the life of data and why current encryption models will not be able to meet the life expectancy of the data, which is a measure of how strong your company’s encryption needs to be. We will also look at legacy data that is encrypted at rest and why it is also at risk, and why redoing the encryption of this data using newer encryption models may become mandatory in order to safeguard your data.
    10:15 am
    Security Awareness: Best Practices and Use Cases
    • session level icon
    speaker photo
    Head of Information Security, Prosper Marketplace
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am
    Location / Room: 406

    Session description to come.

    10:15 am
    Multi-Cloud Security: It's Not as Difficult as You May Think
    • session level icon
    speaker photo
    Field CISO, Oracle
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am
    Location / Room: 404

    Cloud providers have a stake in getting you to use as many of their native services as possible as they all want to capture as much of your cloud spend as possible.  This is certainly true for their core IaaS and PaaS services but is also true when it comes to the security services they offer.  The major cloud providers all offer a range of native security services that can be leveraged to help you secure the workloads you have on that platform.  But let’s face it, most organizations don’t use just a single cloud provider.  So, while these services all do a good job for their platform, they are different from the tools you are currently using to manage your on-premises environment, and they are different from each other.  This can lead to inefficiencies in your security operations model if you elect to use the cloud native security services for each of your providers.  These inefficiencies include duplication of effort and cost; increased staff training time and cost; need for more staff, and most importantly; disparate views of the security posture across your on premises and cloud environments.

    Key session takeaways will include:

    • Strategies for leveraging cloud native tools to your best advantage
    • Integrating cloud tools into your sec ops tools and processes
    • A look at the new gen CSPM tools and how they can help
    11:10 am
    Cyber Insurance for IT Professionals
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am
    Location / Room: 405
    Although everyone needs cyber insurance, it’s getting more difficult for anyone to get a policy. At the same time, insurance companies are requiring more and more controls, like multifactor authentication (MFA) and endpoint detection and response (EDR). Not only that, but an IT person often has to complete and sign parts of the complex insurance application. This course will explain why cyber insurance is entering the IT professional’s world and how you can help your organization get the policy it needs.
    11:10 am
    Is Your Defensive Stack Ready for a Targeted Attack?
    • session level icon
    speaker photo
    Sr. Sales Engineer, Pentera
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am
    Location / Room: 404

    This session will focus on automated security validation. Organizations over the years have been following a defense in depth model to protect their critical assets.

    While this strategy makes sense, the tools, processes and procedures surrounding this initiative have grown significantly.
    How confident can organizations be that each layer and the enormous effort undertaking is working effectively?

    Walk away from this session with a better understanding of how continuous security validation, with real life attacker tactics and techniques, will help an organization assure their security readiness across their complete attack surface.

    11:10 am
    Improved Security that Is Recession Friendly and Cost Effective
    • session level icon
    speaker photo
    Vice President - Security Strategy, Infoblox
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am

    While the future economic impact on IT budgets is unclear, one thing is clear: attackers will not slow down and may even ramp up knowing organizations are considering lowering IT and cybersecurity spend. It is clear enterprise security is of extreme importance and making investments stretch is going to become essential. Core network services you already have in place, including DNS, DHCP and IPAM (IP Address Management), are often overlooked in the cybersecurity world but can become the most powerful weapon against attackers. During this session, you will learn how to leverage existing services to:

    • Reduce the burden on existing security investments, extending their capacity and lifespan
    • Combat up to 92% of malware and ransomware without new security tools
    • Decrease SecOps investigation time by up to 60%
    • Improve your security posture, lowering cyber insurance costs
    12:00 pm
    [Lunch Keynote] Cybersecurity Collaboration: A Vital Component to U.S. Cyber Resilience
    • session level icon
    speaker photo
    Director, Region 10, DHS Cybersecurity and Infrastructure Security Agency (CISA)
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm
    Location / Room: Keynote Theater
    The threats against our national cyber defenses are growing increasingly sophisticated and resourced. To adequately protect networks and information, government and industry must utilize their collective strengths, combine their talents, and work together to share threat information and best practices.
    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    speaker photo
    Principal Member of Technical Staff, AT&T
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 12:45 pm
    Location / Room: 402

    Advisory Council – VIP / INVITE ONLY

    12:45 pm
    Networking Break
    Registration Level:
    12:45 pm - 1:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    1:15 pm
    CISOs Are from Mars, Board Members Are from Venus
    • session level icon
    Lessons Learned from Previous Board Interactions
    speaker photo
    Founder & President, AgeLight Advisory & Research Group
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:15 pm
    Location / Room: 404
    Hear lessons learned from the trenches on how to effectively communicate with a board and your executive leadership. This session shares missteps and mistakes, providing strategies to help tell a powerful story to: 1) inform and educate; 2) influence a decision; and 3) inspire action.
    1:15 pm
    Navigating Insurance with Risk Management and Zero Trust
    • session level icon
    speaker photo
    Technical Sales Engineer, Trend Micro
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 406

    Explore the main factors to conquering today’s insurance demands for corporate infrastructures. Explore Risk Management through innovative cybersecurity technologies such as XDR and how SOC/Operation teams can get involved in maintaining a secure framework. C-Level guests will explore Zero Trust concepts and what they can do to align with this cybersecurity model today in their own organization. All teams will gain insight on threats that challenge the cybersecurity models of the recent past and present.

    1:15 pm
    [Panel] Incident Response!
    • session level icon
    speaker photo
    Solution Engineer, Red Canary
    speaker photo
    Sr. Systems Engineer, Code42
    speaker photo
    CISO, AAA Washington
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Security teams are struggling to keep up with the myriad of attack vectors looming. As we emerge from the pandemic, now is the time to focus and adjust your Incident Response plan. There is a new set of tools and technologies helping squash attacks, but what happens when they fail? What’s in your IR plan that addresses the unknown, and how are your preparing? What has worked and what has not? Join our panel of experts in a valuable discussion focusing on current threats and how your company can be better equipped during these unprecedented times.

    2:30 pm
    Insider Threat: Within Your Walls
    • session level icon
    Adversary Strategies to Infiltrate Your Organization
    speaker photo
    CEO & Founder, Center for Threat Intelligence
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 3:15 pm
    Location / Room: 405

    A storm is gaining strength — you don’t know when it will hit, but you know it will. Your adversaries have been planning, studying and waiting. They seek out their best targets to persuade, bribe, extort or send in one of their own. They know your processes, your weaknesses, your strengths and, importantly, what assets you have that they want. It is time to change the game. This course gives you critical knowledge to understand and identify your adversary’s tradecraft to create insiders. In addition, you will learn to identify signs and motivations that may convert loyal employees to dangerous insiders. There is hope. While you can’t convince people not to be insider threats, you can inspire your people to be loyal. Learn how!

    Participants will gain awareness of adversarial tactics, understand signs of the potential “unwitting” insiders and understand core psychological motivations and needs of an insider threat.

    2:30 pm
    Zero B.S. Guide to Zero Trust
    • session level icon
    speaker photo
    Certified Ethical Hacker & Principal Architect, Cybersecurity
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 3:15 pm
    Location / Room: 404
    Get a pragmatic take on Zero Trust, what it is and why it’s important, why everyone is advertising solutions for it, how to create a strategy, and how to get started on the journey.
    3:15 pm
    Networking Break and Dash for Prizes
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 3:45 pm

    Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

    Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

    3:45 pm
    Human Beings in Cyber
    • session level icon
    speaker photo
    Executive Director, Center for Information Assurance and Cybersecurity, University of Washington
    speaker photo
    Lead Instructor, Certificate in Risk Management, University of Washington
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 4:30 pm
    Location / Room: 406

    Technology is made up of machines. Businesses are made up of people.

    This session concentrates on what competencies and experiences people need to snag entry-level positions and achieve mastery in cybersecurity. The presenters discuss the need for ethics and moral character and introduce the “Rule and Tools” model to tackle any workforce role. They discuss the effectiveness of “collaboratories”—online, immersive environments to exponentially increase regional capability. Additionally, the presenters highlight how to evolve from a 1:1 relationship to a 1:many approach to advance your ability to excel in the culture of the internet.

    3:45 pm
    [PLUS Course] Privacy & Security by Design & Default: Understanding the Convergence of Law, Policy & Technology
    • session level icon
    Part 4
    speaker photo
    Cyber Attorney, Global Leader of Privacy Practice Group, Octillo Law
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm
    Location / Room: 403

    Increasingly, each country, and even each state, is providing unique legal solutions to data privacy and security. For businesses that cross borders, both national and domestic, this creates distinct challenges to building effective solutions. These evolving privacy, security and technology requirements are impacting the growth and innovation within companies, requiring strategic decisions regarding risk, legal liability, and strategic planning.

    Often, the concepts of security and privacy by design and by default are built into these legal requirements. But, understanding the requirements of the law, and translating those requirements into technological solutions can be challenging. This workshop will provide in-depth understanding of those legal requirements, and provide a framework to help the industry incorporate these core concepts of design within technology.

    The course will start with an overview of general privacy and security legal and policy principles, and then will focus on two key laws that are pushing the privacy and security laws: the European Union’s General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”). Using these laws, we will discuss case studies, and how to communicate, plan, and strategize on products and solutions that incorporate privacy and security requirements.

    The course will include both lecture and hands-on exercises. The goal is for attendees to take away tools and strategies to bring this conversation to their teams and departments.

Exhibitors
  • Adaptiva
    Booth: 560

    Adaptiva’s unrivaled solutions empower complex, enterprise IT teams to manage and secure endpoints with unparalleled speed at massive scale. They eliminate the need for a vast IT infrastructure and automate countless endpoint management tasks for many of the world’s largest organizations and government agencies.

  • Armis, Inc
    Booth: 610

    Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust Armis’ unique out-of-band sensing technology to discover and analyze all managed and unmanaged devices, analyze endpoint behavior to identify risks and attacks, and protect information and systems.

  • AuditBoard, Inc
    Booth: 195

    AuditBoard is the leading cloud-based platform transforming how enterprises manage risk. Its integrated suite of easy-to-use audit, risk, and compliance solutions streamlines internal audit, SOX compliance, controls management, risk management, and security compliance. AuditBoard’s clients range from prominent pre-IPO to Fortune 50 companies

    looking to modernize, simplify, and elevate their functions. AuditBoard is the top-rated audit management and GRC software on G2, and was recently ranked for the second year in a row as one of the 100 fastest-growing technology companies in North America by Deloitte.

  • BeyondTrust
    Booth: 160

    BeyondTrust is the worldwide leader in Privileged Access Management (PAM), empowering organizations to secure and manage their entire universe of privileges. Our integrated products and platform offer the industry’s most advanced PAM solution, enabling organizations to quickly shrink their attack surface across traditional, cloud and hybrid environments.

    The BeyondTrust Universal Privilege Management approach secures and protects privileges across passwords, endpoints, and access, giving organizations the visibility and control they need to reduce risk, achieve compliance, and boost operational performance. We are trusted by 20,000 customers, including 78 of the Fortune 100, and a global partner network.

  • BlackBerry Cylance
    Booth: 430

    Cylance technology powers BlackBerry cybersecurity, providing customers endpoint security that proactively detects malware and prevents cyberattacks from happening.

    Protect your organization with a modern unified endpoint security solution. Our end-to-end approach to cybersecurity is deeply rooted in Cylance® AI and machine learning, providing enhanced visibility and protection against current and future cyberthreats.

  • BlueVoyant
    Booth: 530

    At BlueVoyant, we recognize that effective cybersecurity requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics, and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem.

    Accuracy. Actionability. Timeliness. Scalability.

  • Carbonite and Webroot, OpenText Security Solutions
    Booth: 140

    Carbonite and Webroot, OpenText Security Solutions, provide comprehensive cyber resilience solutions so businesses can stay up and running in the face of cyberattacks and data loss. Together we offer security, data backup and recovery, and threat intelligence services used by leading vendors worldwide. Learn more at carbonite.com and webroot.com.

  • Check Point Software Technologies Inc.
    Booth: 410

    Check Point Software Technologies Inc. is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • Cloud Security Alliance Seattle
    Booth: 520

    The Greater Seattle Chapter of the Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing in the Pacific Northwest, and provide education on the uses of Cloud Computing to help service providers and customers be secure in the Cloud.

    The Greater Seattle Chapter began in late 2010, led by Vivek Bhatnagar and Marc Pinotti, with our first Chapter Meeting held March 24th 2011.  Our membership since then has grown to include corporate sponsors and over 1100 executive and senior level security, compliance, and IT professionals from throughout the entire Pacific Northwest, Western Canada, and Alaska.

    The Chapter provides a venue for our Members to network, share ideas and research, as well as educational opportunities through quarterly seminars and monthly Chapter meetings that feature presentations by industry experts about Cloud issues, security, and technology.

  • Cisco / Kenna Security
    Booth: 240

    We pioneered risk-based vulnerability management, and now we’re doing the same for Modern Vulnerability Management. What is Modern Vulnerability Management? It’s a new model for managing the right level of risk for your business. It provides clear prioritization based on real-time threat and exploit intelligence, and uses those insights to deliver guidance unique to your environment. And it eliminates the friction between Security and IT teams about what to patch, and when. So you can save time, money and resources—and keep your teams efficiently focused on reducing the biggest risks to your business.

  • Cloudflare
    Booth: 400

    Cloudflare is a global network designed to make everything you connect to the Internet secure, private, fast, and reliable.

    Secure your websites, APIs, and Internet applications.
    Protect corporate networks, employees, and devices.
    Write and deploy code that runs on the network edge.

  • Code42
    Booth: 210

    Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.

  • Critical Start
    Booth: 360

    Critical Start is a cybersecurity company with a holistic, customer-focused approach. We work with our customers to understand the impact of IT on their business and determine the associated risks. Using this risk profile, we can offer big-picture guidance on the strategies and controls that will enable them to effectively manage risk and improve security. Critical Start is 100% employee owned by a team of experts who are passionate about security, quality and service. For more information on what sets us apart, visit criticalstart.com.

  • Cymulate
    Booth: 570

    Cymulate SaaS-based continuous security validation makes it simple to measure and improve your security posture across the full attack kill-chain. Every assessment is scored and includes actionable remediation guidance to mitigate risk and optimize security control effectiveness. Cymulate enables you to take data-driven decisions and manage your security resources efficiently.

  • Cyral
    Booth: 200

    Cyral delivers enterprise data security and governance across all data services such as S3, Snowflake, Kafka, MongoDB, Oracle and more.

    The cloud-native service is built on a stateless interception technology that monitors all data endpoint activity in real-time and enables unified visibility, identity federation and granular access controls.

    Cyral automates workflows and enables collaboration between DevOps and Security teams to operationalize assurance and prevent data leakage.

  • DHS Cybersecurity and Infrastructure Security Agency (CISA), Region 10
    Booth: 620

    Through CISA’s efforts to understand and advise on cyber and physical risks to the Nation’s critical infrastructure, we help partners strengthen their own capabilities. We connect our stakeholders in industry and government to each other and to resources, analyses, and tools to help them build their own cyber, physical and communications security, and, in turn, strengthen national resilience.

    Led by Regional Director Patrick J. Massey, based in Seattle, Washington, CISA’s Region 10 staff provides cybersecurity, physical infrastructure security, chemical security, and sector outreach services to 271 Tribal Nations and the following states: Alaska, Idaho, Oregon, and Washington.

    Region 10 personnel carry out CISA’s five priorities:

    • Improve supply chain security against cyber threats from malicious actors and the rollout of 5G technologies;
    • Harden federal networks (the civilian .gov domain);
    • Reduce risk at soft targets;
    • Enhance election security; and
    • Protect critical infrastructure that includes industrial control systems and the processes that provide vital services in critical infrastructure.
  • Endace
    Booth: 450

    Customers choose Endace products for one primary reason: they deliver, where competitor products fail. Whether it is capture accuracy, fidelity of time stamps, write-to-disk performance or speed of traffic retrieval, Endace is famous for delivering the very best performing products. Telcos, broadcasters, governments, defence departments, investment banks and many other large enterprises trust our products to help them manage their critical data networks.

  • Expel
    Booth: 340

    Expel provides transparent managed security, on-prem and in the cloud. It’s the antidote for companies trapped in failed relationships with their managed security service provider (MSSP) and those looking to avoid the frustration of working with one in the first place. To learn more, go to https://www.expel.io.

  • Google Cloud
    Booth: 150

    Google Cloud provides organizations with leading infrastructure, platform capabilities and industry solutions to help them solve their most critical business problems. Google Cloud Security helps customers protect their global operations with solutions such as zero trust security, application and data protection, fraud prevention, and threat detection and response.

  • Halcyon, Inc
    Booth: 630

    Halcyon is a cybersecurity company building products that stop ransomware from impacting enterprise customers. Halcyon’s core platform offers layered ransomware protection that combines pre-execution detection, behavioral modeling, deception techniques and, if all else fails, resiliency, recovery and isolation of impacted nodes. To learn more and get a demo, contact us today.

  • Illumio
    Booth: 170

    We built the Illumio Adaptive Security Platform (ASP)™ to provide unprecedented visualization and control of enterprise applications. Our system constantly inspects and adapts to the computing environment it is protecting, without pause.
    Moreover, since 75 percent of computing interactions never leave the data center, our customers can now have complete visibility behind the firewall, whether it is running in their data center or the vibrant public cloud services of Amazon Web Services, Microsoft Azure, Google Compute Engine, Rackspace, and many others.

  • Washington State InfraGard
    Booth: 540

    InfraGard is a partnership of individuals representing businesses, academic institutions, state and local law enforcement agencies, and communities who are dedicated to collaborating and sharing information to prevent hostile acts against the United States.

    The Evergreen InfraGard Members Alliance area of operation is Washington State and over 600 members. As part of the Western Region, we work closely with the IMAs in Los Angeles, San Diego, Oregon, and Idaho. Our chapter’s mission is, “To protect Washington State’s Infrastructure and critical services by providing a secure platform and trusted community to share experiences and information.”

  • Infoblox, Inc
    Booth: 180

    Infoblox delivers modern, cloud-first networking and security experiences that are simple, automated, scalable and reliable. The company is the market leader with over 12,000 customers worldwide, including over 70 percent of the Fortune 500. The company’s portfolio of SaaS, data center, and hybrid offerings for DHCP, DNS, IPAM and security solutions enable organizations to leverage the advantages of on-premises and cloud-first architectures. The combination of NIOS, BloxOne DDI, BloxOne Threat Defense and threat intelligence services provide a robust foundation for connecting and securing the modern enterprise.

  • InGuardians, Inc
    Booth: 420

    InGuardians, Inc. is an independent information security consulting company providing high-value services. Our specialties include Red Team Penetration Testing, Hardware and Application Security Assessments, Threat Hunting, Security Architecture Reviews, ICS and IIoT Security, Kubernetes and Public Cloud Security, Incident Response, Custom Training, and more.
    InGuardians strives to assemble the best and the brightest minds in information security. Our aim is to channel the collective talents of our team in providing actionable business-focused information security consulting.

    Established in 2003 by industry veterans, InGuardians brings technical experience and business acumen to your projects. Our information security professionals have authored tools, books, testing frameworks, and training programs.

  • ISACA Puget Sound Chapter
    Booth: 500

    The aim of the Chapter is to sponsor local educational seminars and workshops, conducts regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the area.

    The association is one of individual members who are practitioners of information systems auditing, security, risk, and/or governance in his or her organization. The membership of the ISACA reflects a multiplicity of backgrounds and skills that make our profession challenging and dynamic.

    This chapter is run by volunteers who are ISACA members nominated and elected through an established process. Please contact us if you are interested in serving on the board.

  • ISSA Portland
    Booth: 520

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. The primary goal of the ISSA is to promote management practices that will ensure the confidentiality, integrity, and availability of information resources. The ISSA facilitates interaction and education to create a more successful environment for global information systems security and for the professionals involved. Members include practitioners at all levels of the security field in a broad range of industries such as communications, education, healthcare, manufacturing, financial, and government.

  • ISSA Puget Sound Chapter
    Booth: 520

    ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. Join today.

  • Keysight
    Booth: 460

    Keysight works with innovators to push the boundaries of engineering to design, emulate, test, and deliver breakthrough electronics. Whether you’re looking to improve product experiences, optimize and secure your network, or get a head start on technologies like 5G, 6G, electric or autonomous vehicles, IoT, or quantum, Keysight accelerates innovation with intelligent insights built on the most accurate measurements to reduce risk and speed time-to-market. Forge ahead with confidence knowing your new technologies have been designed and tested for our increasingly connected and dynamic world.

  • Mimecast
    Booth: 310

    Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.

  • Netography
    Booth: 470

    Netography is the only company that delivers Security for the Atomized Network. In the Atomized Network, applications and data are scattered across a complex environment consisting of multi-cloud, on-premise, and legacy infrastructure, all being accessed by increasingly mobile and remote workers.

    Netography Fusion®, a pure SaaS, universal platform, provides a single view of complete network visibility for real-time and retrospective attack detection across your entire footprint. Empowering enterprises with full visibility and control, Fusion provides custom threat detections, cloud and network visibility, and threat hunting. No hardware, no software, and nothing to deploy–with time-to-value within minutes.

  • Open Systems
    Booth: 190

    The escalated threat level, the cyber talent shortage, and the sheer complexity of deploying and managing a multitude of security solutions, are the perfect storm for security and IT teams. We are deeply passionate about protecting organizations from that storm.

    We provide a set of AI-based, cloud-delivered security solutions that are simple to deploy and manage, and provide the highest level of protection. And Mission Control, our integrated NOC and SOC, is staffed by experts, not only in threat hunting and cyber hygiene, but also in the proper configuration and maintenance of the Microsoft security stack. So we can leverage what you already own.

    The combination is changing the lives of our customers, giving them security traditionally reserved for only the largest organizations. We give them “shelter from the storm”. That is our passion.

  • One Identity
    Booth: 640

    Turn security from the practice of denial and restriction to the utopia of enablement and transformation with the One Identity family of IAM solutions for access management, identity governance, and privileged account management on prem and in the cloud.

  • Pentera
    Booth: 330

    Pentera is the category leader for Automated Security Validation, allowing every organization to test with ease the integrity of all cybersecurity layers, unfolding true, current security exposures at any moment, at any scale.

    Thousands of security professionals and service providers around the world use Pentera to guide remediation and close security gaps before they are exploited.

  • Polarity
    Booth: 255

    Polarity was founded by former intelligence officers and incident responders who built a solution for the challenge they saw cybersecurity teams facing everywhere: knowledge and data is spread across disparate systems, which results in teams making bad decisions based on incomplete comprehension. Our founders didn’t want to create just another tool, but a system that fuses all of your disparate data, tools, and knowledge into one unified view.

    We set out to empower our users to spend their time solving problems instead of making endless searches. Some of the world’s largest financial institutions jumped on board as early customers when Polarity was in closed beta and now we are expanding rapidly across industries. Today, Polarity’s enterprise platform not only supports cybersecurity teams, but use cases including IT Helpdesk, HR, and far beyond. We hope you share our vision of a world with less search and better decisions, and decide to join our team or user community.

  • Proofpoint
    Booth: 120

    Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.

    Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.

  • Recorded Future
    Booth: 230

    Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.

  • Red Canary
    Booth: 110

    Red Canary was founded to create a world where every organization can make its greatest impact without fear of cyber attacks. As a security operations ally, we arm businesses of all sizes with outcome-focused solutions to quickly identify and shut down attacks from adversaries. Security teams can make a measurable improvement to security operations within minutes.

  • ReliaQuest
    Booth: 100

    ReliaQuest fortifies the world’s most trusted brands against cyber threats with its platform for proactive security model management. Acting as a force multiplier on an organization’s existing cybersecurity investments, only ReliaQuest’s GreyMatter integrates disparate technologies to provide a unified, actionable view that fills the gaps in enterprise security programs.

  • runZero
    Booth: 260

    runZero provides an asset inventory and network visibility solution that helps organizations find and identify managed and unmanaged assets connected to their networks and in the cloud. Powered by our research-driven model for fingerprinting, runZero can uncover areas of your network you didn’t even know you had. No credentials needed.

  • Security Journey
    Booth: 550

    HackEDU’s spring 2022 acquisition of Security Journey brings together two powerful platforms to provide application security education for developers and the entire SDLC team. The two officially became one in August 2022 and are now Security Journey. Two platforms, one path to build a security-first development culture.

  • SentinelOne
    Booth: 600

    SentinelOne is the future of Endpoint Protection. It unifies prevention, detection and response in a single platform driven by sophisticated machine learning and intelligent automation. With SentinelOne, organizations can detect malicious behavior across multiple vectors, rapidly eliminate threats with fully-automated, integrated response capabilities, and adapt their defenses against the most advanced cyber attacks.

  • Tanium
    Booth: 250

    Tanium was founded to deliver a new and innovative approach to endpoint management and security that delivers instant visibility and responsiveness that does not slow down as the enterprise environment scales. Tanium is empowering the largest enterprises in the world to gather critical information globally from every endpoint and drive remediating action in seconds, including the distribution of patches, applications, and tools – all from a single server.

  • Team Cymru
    Booth: 300

    Team Cymru’s mission is to save and improve human lives.  We are unrivalled across three disciplines; digital business risk platforms, free to use community services and support services to over 143 Government CSIRT teams.

    Our business risk and threat intelligence platforms empower global organizations with unmatched Threat Reconnaissance and Attack Surface Management capabilities to meet the challenges of today’s cyber threats.

    Community Services equip those who run the internet to defend it from criminals who wish to disrupt and cause harm, and CSIRT enables Governments the tools to outmaneuver nation state threat actors.

    Since 2005, our reputation remains unchallenged.

  • TechTarget
    Booth: N/A

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tevora
    Booth: 440

    Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats. For more information visit https://www.tevora.com.com/.

  • Trend Micro
    Booth: 220

    Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.

  • UpGuard
    Booth: 510

    UpGuard is the best platform for securing your organization’s sensitive data. Our security ratings engine monitors millions of companies and billions of data points every day.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Aradhna Chetal
    Managing Director, Cloud Security, TIAA
  • speaker photo
    Shawn Harris
    Sr. Director, Information Security & Compliance, Chipotle Mexican Grill
  • speaker photo
    Sean Updegrove
    Director, Asset Protection, BECU
  • speaker photo
    Instructor Jordan Fischer
    Cyber Attorney, Global Leader of Privacy Practice Group, Octillo Law

    Jordan Fischer leads Octillo Law's Global Privacy Team, where she represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Moderator Frank Simorjay
    Distinguished Fellow, ISSA

    Frank Simorjay (CISSP, ISSA Distinguished Fellow) is a cloud security and compliance subject matter expert. Frank works for Microsoft Azure global ecosystem organization as the Lead PM of the Azure automation Blueprint program, that includes the PCI automation blueprint. Frank has written an extensive library of papers, and blogs (http://cloudntech.blogspot.com).

  • speaker photo
    Lisa Plaggemier
    Executive Director, National Cybersecurity Alliance

    Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.

  • speaker photo
    Chris Corde
    Director, Product Management, Security, Google
  • speaker photo
    Steven Fox
    Deputy CISO, State of Washington
  • speaker photo
    Rachelle Goddin
    Threat Research Analyst, Team Cymru

    Rachelle joined the S2 Team having been a senior threat intelligence researcher analyst at one of the world's biggest retail brands, Nike. She specializes in e-crime and Russian threat actor tracking. In her free time, she enjoys frustrating baddies as a member of the Cryptolaemus group.

  • speaker photo
    Jake Bernstein, Esq.
    Partner - Data Protection, Privacy & Security Group, K&L Gates LLP

    Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.

  • speaker photo
    Jane E. Petoskey, Esq.
    Associate - Data Protection, Privacy & Security Group, K&L Gates LLP

    Jane E. Petoskey is an associate at the firm's Seattle office. She is a member of the Technology Transactions practice group, and primarily services clients under the Data Protection, Privacy, and Security focus area. Jane is also a Certified Information Privacy Professional in the United States (CIPP/US) and Certified Information Privacy Manager (CIPM), and is a Fellow of Information Privacy (FIP).

    Prior to joining the firm, Jane served as a technology transactions and data privacy associate attorney at the Seattle office of an AmLaw 100 firm. Through this role, Jane regularly advised clients of all sizes and industries through privacy and data security matters, including counseling on compliance with domestic and international privacy and data security laws and regulations, including the CCPA, COPPA, GLBA, HIPAA and HITECH, and GDPR.

  • speaker photo
    William Lidster, PhD
    CISO, AAA Washington

    William serves as the leader of AAA Washington’s information security and compliance efforts. He is responsible to establish a responsive, dynamic, and flexible cybersecurity program to meet continually changing information security, regulatory, and compliance needs in the organization.  William has been with AAA Washington since August of 2017. Other roles that William serves in the company includes coordinating business continuity program activities and leading the company through emerging privacy legislation management.

    In the evenings, William instructs graduate and undergraduate cybersecurity courses at the University of Washington and The Penn State University.
    William completed his Bachelor of Science in Computer Science from the US Military Academy at West Point. He subsequently earned a Masters in Management Information Systems and an MBA from the University of Maryland. In December of 2018, he completed his Doctorate of Philosophy in Cybersecurity and Information Assurance from Capella University.

    Prior to William starting at AAA Washington, he served five years as the Manager of IT Security Engineering at Puget Sound Energy. Prior to that he also served as the regional Chief Information Security Officer for Providence Health and Services. He has also served in similar positions with Alaska USA Federal Credit Union, Chugach Electric Association, and the State of Alaska, Department of Public Safety.

    William served in the US Army from 1990 to 1996 as an officer in the Infantry and is a combat veteran for Operation Desert Storm.

  • speaker photo
    Solomon
    Security, Cyral

    Solomon has over 20 years' experience as a security leader at such companies as Microsoft, IBM, VMware, and Facebook.

  • speaker photo
    Tony Steffe, CISSP
    Sr. Systems Engineer, Illumio

    With over twenty years of leadership experience across technology, risk, cybersecurity, and compliance, Tony Steffe, serves as a Senior Systems Engineer at Illumio and is a Certified Information Systems Security Professional (CISSP). Prior to becoming a Systems Engineer, Tony was a network engineer and IT Project Manager for a Fortune 500 company and a number of mid-sized organizations.

  • speaker photo
    Michael Roytman
    Chief Data Scientist, Kenna Security (a Cisco company)

    Michael Roytman is a recognized expert in cybersecurity data science. At Kenna Security, Michael is responsible for building the company's core analytics functionality focusing on security metrics, risk measurement, and vulnerability measurement.

    Named one of Forbes' 30 Under 30, Michael's strong entrepreneurship skills include founding organizations such as Dharma Platform, a cloud-based data management platform, and TruckSpotting, a mobile app for tracking food trucks. He also serves on the board of Cryptomove, a moving target data protection startup. In addition, Michael chairs the Board of Dharma Platform, is a board member and the program director at the Society of Information Risk Analysts (SIRA), and is a co-author of the Exploit Prediction Scoring System (EPSS).

    Michael is a frequent speaker at security industry events, including Black Hat, BSides, Metricon, RSA, SIRACon, SOURCE, and more. Michael holds a Master of Science in Operations Research degree from Georgia Institute of Technology.

  • speaker photo
    Moderator Peter Gregory
    Sr. Director, Cyber GRC, General Communications, Inc. (GCI)
  • speaker photo
    Chris Hills
    Chief Security Strategist, BeyondTrust

    Christopher L. Hills has more than 20 years’ experience as a Technical Director, Senior Solutions Architect, and Security Engineer operating in highly sensitive environments. Chris is a military veteran of the United States Navy and started with BeyondTrust after his most recent role leading a Privileged Access Management (PAM) team as a Technical Director within a Fortune 500 organization. In his current position, he has responsibilities as a Chief Security Strategist (America’s) working with Customer, Marketing, and Executives on Thought Leadership, Market Trends, Company Vision and Strategy reporting to the CSO. Chris has held the Deputy CTO and Deputy CISO role since starting with BeyondTrust. Chris is also co-author in the recently released Cloud Attack Vectors book. In his free time, Chris enjoys spending time with his family on the water boating, supporting his son’s football career as a senior, going to the sand dunes and offroading.

  • speaker photo
    Roger Brassard
    Sr. Product Manger for Email Threat Protection, Carbonite and Webroot, OpenText Security Solutions

    Roger is a 22-year veteran product manager who specializes in capturing customer and partner concerns, staying abreast of industry trends including regulatory changes, and translating that information into cross-functional development teams to solve the cybersecurity business problems of today and tomorrow. At OpenText Security Solutions, he and his team are focused on quality and efficacy to continuously evolve our Advanced Email Threat Protection and Email Continuity Service solutions, equipping customers and partners with security solutions that are needed in today's continuously evolving threat landscape.

  • speaker photo
    Dan Mihaylov
    Solutions Engineering Manager, Proofpoint
  • speaker photo
    Dan Conrad
    AD Security and Management Team Lead, One Identity

    Dan Conrad is AD Security and Management Team Lead for One Identity. He has been with Quest since 2007, where his roles have included Solutions Architect, Federal CTO, and IAM Strategist. He is an experienced sysadmin, having administered organizations ranging from 10,000 to 150,000 users. Dan holds a BS in Information Systems Management from Wayland Baptist University, an MS in Cybersecurity from Western Governors University, and many certifications, including CISSP, CEH, MCITP, and MCSE/MCSA.

  • speaker photo
    Moderator Craig Spiezle
    Founder & President, AgeLight Advisory & Research Group

    Craig Spiezle is the Founder and President of AgeLight Advisory & Research Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.

  • speaker photo
    Kevin Murphy
    Business Information Security Officer (BISO), T-Mobile USA

    Kevin has more than 25 years of experience in threat intelligence and information security. He was the VP of cybersecurity operations and governance at IOActive.com, a retired NSA intelligence officer, the former director of Windows security architecture at Microsoft, and shipped Windows 10 (not by myself). He holds the CISM, CISSP, CGEIT security certifications.

  • speaker photo
    Michael Nikitin
    CTO & CISO, AIDA Healthcare

    Passionate product leader with the focus on solving real-life problems with smart technology. An advocate of the user-friendly, a simple intuitive interface and UX-driven design approach.

  • speaker photo
    Jay Beale
    CEO & CTO, InGuardians, Inc.

    Jay Beale is CTO and CEO for InGuardians. He works on Kubernetes, Linux, and Cloud-Native security, both as a professional threat actor and as an Open Source maintainer and contributor. Jay is a member of the Kubernetes project and previously co-led the project’s Security Audit Working Group. He's the architect of the Peirates attack tool for Kubernetes and the Bustakube CTF Kubernetes cluster. In the distant past, he created Bastille Linux, a lockdown tool that introduced a vital security-training component, and the Center for Internet Security’s Linux scoring tool, both used by hundreds of thousands. Since 2000, he has led training classes on Linux & Kubernetes security at the Black Hat, RSA, CanSecWest and IDG conferences, as well as in private training.

  • speaker photo
    Chris Staley
    MDR Specialist, Open Systems

    Chris Staley is a cybersecurity specialist at Open Systems and advisor to enterprise security and technology leaders. He has over a decade of experience in enterprise technology, secure networking and emerging security services like SASE and XDR. His experience ranges from working with small and medium businesses to large global enterprises, helping them to modernize network and security practices via multivendor strategies and managed services.

  • speaker photo
    Dan Whalen
    Principal Researcher Engineer, Expel

    Dan is a Principal Research Engineer at Expel, a 24x7 security operations platform. With nearly a decade of experience in security operations at scale, he's been exposed to a ton of different environments, unusual attacks, and challenging security problems. Lately, he's been focused on helping organizations protect their cloud and containerized infrastructure.

  • speaker photo
    Mark Hamilton
    Enterprise Sales Manager, Cloud, SentinelOne

    Mark Hamilton is a Cloud Sales Manager for SentinelOne based in the Seattle area. His long selling career has included time with HP, Cisco, F5, and Palo Alto Networks. In this current role, he facilitates cloud security discussions between clients, partners, and sales teams.

  • speaker photo
    Arien Seghetti
    Director of Solution Architecture, Cymulate

    Arien Seghetti is an Industry veteran with 20 plus years of experience in cybersecurity, starting out his career serving in the US Air Force for six years to now Director of Solutions Architects at Cymulate. Having worked on all 7 continents, he has a global view of IT and security across all verticals. Though Arien calls the Greater Atlanta area home, he has spoken all over the US on many forums, covering topics such Cloud Security, Zero Trust, Tools rationalization, SecOps Evolution, Network Automation, and Moving from the Endpoint to Identity. Serving in multiple theaters of combat for over 20+ years, whether in uniform or on Gov contract supporting, has given him a unique perspective on cybersecurity warfare, such as the ability to architect and deploy defenses in cyber that mirror the real world. Arien worked high level commands to develop multi-year strategies for many government agencies to reduce and focus the security tool sprawl and establish standards and templates to be used across all agencies.

  • speaker photo
    Moderator Frank Simorjay
    Distinguished Fellow, ISSA

    Frank Simorjay (CISSP, ISSA Distinguished Fellow) is a cloud security and compliance subject matter expert. Frank works for Microsoft Azure global ecosystem organization as the Lead PM of the Azure automation Blueprint program, that includes the PCI automation blueprint. Frank has written an extensive library of papers, and blogs (http://cloudntech.blogspot.com).

  • speaker photo
    Asher Bergman
    Threat Intelligence Consultant, North America West, Recorded Future

    Asher is a consultant with a broad set of expertise in SaaS customer success, intelligence analysis and strategy, and stakeholder management. Before his current role, he was an analyst working within this ambiguous, expansive idea of risk: financial risk, security and cyber risks, reputational risks, etc. He's fully embraced this concept in his current role, where he diagnoses his customers' threat intelligence and risk assessment needs, works with internal stakeholders to develop his products to provide that intelligence, and anticipate future trends to further improve his technology and deepen his relationships, both with customers and our external partners.

  • speaker photo
    Vanessa Pegueros
    Board Member, Cybersecurity Leader, Angel Investor

    Vanessa is a cybersecurity leader with over 16 years of security experience. She is currently serving on the Board of Carbon Black (CBLK) and BECU. She also is a venture partner with Flying Fish Partners in Seattle. Vanessa formally worked as the CISO at DocuSign and successfully managed through hyper growth and an IPO in 2018. She also was the SVP of Enterprise Security at US Bank, CISO at Expedia, and has held senior level security roles with Washington Mutual, Cingular, and AT&T Wireless. She has held numerous other roles specifically within the wireless arena, including Network Planning, Architecture & Engineering, Technical Sales, and Product Development.

    She has an MBA from Stanford University, an MS in Telecommunication from the University of Colorado, and a BS in Engineering from UC Berkeley. She holds GSEC, CRISC, CISM, and CISSP security certifications, as well as the Certified Information Privacy Professional Europe (CIPP/E) privacy certification.

  • speaker photo
    Instructor Jordan Fischer
    Cyber Attorney, Global Leader of Privacy Practice Group, Octillo Law

    Jordan Fischer leads Octillo Law's Global Privacy Team, where she represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Happy Hour
  • speaker photo
    Instructor Jordan Fischer
    Cyber Attorney, Global Leader of Privacy Practice Group, Octillo Law

    Jordan Fischer leads Octillo Law's Global Privacy Team, where she represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Janet Lawless
    CEO & Founder, Center for Threat Intelligence

    Janet is CEO and Founder of Center for Threat Intelligence. Janet established a team of intelligence experts to build a cutting-edge holistic threat intelligence program including assessments, consulting and training. Janet’s former leadership roles at Microsoft and Cisco, creating and managing global programs focused on compliance and security, in addition to her work at a cyber-security start-up, brings a wealth of knowledge in security services. Janet is currently the Chair for ASIS International Puget Sound Chapter, and former Committee Chair for Women in Security. She is Chair Emeritus for the Pacific Coast Analyst Roundtable and a former Board Member for the American Red Cross. She is also a member of InfraGard, the United States Secret Service Cyber Fraud Task Force and the Washington State Fusion Center.

  • speaker photo
    Andrew Frey
    Financial Analyst (Forensics), United States Secret Service - San Francisco Field Office

    Andrew is a Forensic Financial Analyst with the U.S. Secret Service’s San Francisco Field Office. Andrew is currently assigned to San Francisco’s Digital Assets team, where he investigates crimes involving cryptocurrency and other digital assets. Andrew’s background includes large scale criminal investigations involving a wide range of cyber-enabled fraud, including business email compromises, romance scams and embezzlement, as well as complex money laundering schemes. Andrew is also a certified network intrusion responder, specializing in the investigation of Business Email Compromises. Prior to joining the U.S. Secret Service, Andrew spent nearly 15 years at Bank of America, the majority of which was spent on the Bank’s Financial Crimes Investigations unit where Andrew led investigations involving money laundering and organized crime.

    Andrew’s work combatting cyber-enabled fraud and financial crime has resulted in numerous federal indictments against actors both domestic and abroad, and tens of millions of dollars in recoveries for victims of fraud.

  • speaker photo
    Naimah J. Duporte, Esq.
    Incident Response & Data Privacy Compliance Attorney, Octillo Law

    Experienced Data Privacy and Compliance Attorney, with a focus on Incident Response, and data analysis and classification standards. Background in criminal law, European Union law, and international law.

  • speaker photo
    Bruce Lobree
    Security & Privacy Information Systems Leader, Philips

    Bruce Lobree has participated in and managed technical security, technical architecture, audit and consulting, teams as a first level manager up to having Global responsibilities at an executive level managing multi-million programs. He has working experience in government, retail, financial, software and utility industries generating cost effective, client focused security solutions, operational models and programs to meet corporate and regulatory requirements. This has included architecting, designing, individually implementing or managing the implementation of physical and logical security systems and controls for reliability and availability. These programs have dealt with implementing various industry standards and regulatory requirements including HIPAA, SOX, PCI, GLBA and ISO 270001 and other National and International control standards. He has also authored books and taught at the University level.

  • speaker photo
    Varsha Agarwal
    Head of Information Security, Prosper Marketplace
  • speaker photo
    Kurt Hagerman
    Field CISO, Oracle

    Kurt Hagerman is a Field CISO in the North American Cloud Engineering group for Oracle. In this role, he provides cloud security advisory services in support Oracle Cloud Infrastructure and other Oracle cloud-based solutions and applications to C-level executives across multiple industry verticals.

    Prior to Oracle, Kurt served as a CxO Advisor, Cyber Strategy at Coalfire. In this role, he provided strategic cybersecurity advisory services in support of C-level executives of Coalfire customers across multiple industry verticals with a specialization in cloud security strategy. Before Coalfire, Kurt was the Chief Information Security Officer for Armor, a cloud security company, for six years. He stood up Armor’s security and privacy programs including a coordinated compliance program encompassing PCI, HITRUST/HIPAA, SOC 2, ISO 27001, and GDPR.

    Over his 30-year career, Kurt has held a wide range of positions encompassing many IT and security disciplines and has conducted hundreds of security reviews and audits across several industries including the payment space, healthcare, financial services, and higher education. He has spoken and written on information security topics covering cloud security and the payments and health care spaces.

  • speaker photo
    Kip Boyle
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Janet Rae
    Sr. Sales Engineer, Pentera

    Janet joined Pentera in 2022 and has been in sales engineering roles with various network and data security vendors for the last 20 years.

  • speaker photo
    Anthony James
    Vice President - Security Strategy, Infoblox

    Anthony James is a seasoned technology executive with 20+ years of product and marketing experience in the cybersecurity industry. Anthony leads as Infoblox’s VP of Product Marketing and has also held executive leadership roles across a variety of security startups and well-known organizations, including FireEye, Fortinet, Cyphort and TrapX. Anthony holds an associate degree in Computer Science from the Sydney Institute of Technology in Australia, where he began his career before migrating to the San Francisco Bay Area in 1999 to drive innovation within the Silicon Valley.

  • speaker photo
    Patrick Massey
    Director, Region 10, DHS Cybersecurity and Infrastructure Security Agency (CISA)

    Patrick Massey serves as the Regional Director of the DHS Cybersecurity and Infrastructure Security Agency (CISA) Region 10 office in Seattle where he is responsible for assisting private and public sector stakeholders enhance the security and resiliency of critical infrastructure facilities in the states of Alaska, Idaho, Oregon, and Washington.

    Prior to joining CISA in 2016, Mr. Massey served for twenty years with the Federal Emergency Management Agency (FEMA) Region 10 office including as the Director, National Preparedness Division, Regional Integration Branch Chief, Technological Hazards Branch Chief, and as a Hazard Mitigation Specialist. In addition, Mr. Massey served in various operational assignments on numerous disasters throughout the country over his career.

    Prior to joining FEMA, Mr. Massey served as the Assistant State Hazard Mitigation Officer with the Illinois Emergency Management Agency and served as a Planner for a Regional Planning Commission in Illinois.

    Trained as a Nuclear, Biological, and Chemical Officer in the United States Army, Mr. Massey served in a tank battalion in West Germany and in the First Gulf War. Mr. Massey holds several professional certifications to include: CISM, CRISC, and CPP and has earned a B.S. in Electrical Engineering Technology, and an M.S. in Environmental Planning from Southern Illinois University, an M.A. in Security Studies from the Naval Postgraduate School, and an M.A. in Strategic Studies from the United States Army War College.

  • speaker photo
    Moderator Greg MacPherson
    Principal Member of Technical Staff, AT&T
  • speaker photo
    Craig Spiezle
    Founder & President, AgeLight Advisory & Research Group

    Craig Spiezle is the founder and managing partner of AgeLight Advisory Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.

  • speaker photo
    Scarlett Menendez
    Technical Sales Engineer, Trend Micro

    Scarlett Menendez is a cybersecurity specialist with an expertise in hacking and programming. As a woman in technology, Scarlett utilizes her tenure at Trend Micro to spread awareness on the cyber-threat landscapes of the future and provide guidance on strengthening organizational infrastructures using Trend Micro products. She is the founder of Neural Oceans which is a non-profit initiative that provides Open-Source technology education to public schools of financially impacted communities. As the world transitions into the decentralized space, Scarlett continues to forge new concepts about blockchain threats and protection of within the cyber-community.

  • speaker photo
    David Pier
    Solution Engineer, Red Canary

    David is a Security and Privacy evangelist with over a decade of experience working in the industry. Prior to his work directly on Security, David was an IT Analyst for multiple large enterprise organizations and has experience working in the NOC of a 24/7 environment. When not at his computer, David loves the outdoors, taking any chance to kayak, hike, or camp.

  • speaker photo
    Brad Russell
    Sr. Systems Engineer, Code42

    Brad started his career in IT consulting after graduating from Vanguard University with a B.A. in Business Administration. From there, he moved to Cylance Inc. as an IT Manager/Systems Administrator and later into product development. From Cylance, he went to SentinelOne as a TAM for companies such as Nike and Salesforce, helping shape their endpoint security posture. Checkpoint Inc. came next as a Sales Engineer selling cloud and network security. He is currently a Senior Systems Engineer at Code42, helping companies solve their data protection problems with Incydr, a leading Insider Risk Management SaaS.

  • speaker photo
    Moderator William Lidster, PhD
    CISO, AAA Washington

    William serves as the leader of AAA Washington’s information security and compliance efforts. He is responsible to establish a responsive, dynamic, and flexible cybersecurity program to meet continually changing information security, regulatory, and compliance needs in the organization.  William has been with AAA Washington since August of 2017. Other roles that William serves in the company includes coordinating business continuity program activities and leading the company through emerging privacy legislation management.

    In the evenings, William instructs graduate and undergraduate cybersecurity courses at the University of Washington and The Penn State University.
    William completed his Bachelor of Science in Computer Science from the US Military Academy at West Point. He subsequently earned a Masters in Management Information Systems and an MBA from the University of Maryland. In December of 2018, he completed his Doctorate of Philosophy in Cybersecurity and Information Assurance from Capella University.

    Prior to William starting at AAA Washington, he served five years as the Manager of IT Security Engineering at Puget Sound Energy. Prior to that he also served as the regional Chief Information Security Officer for Providence Health and Services. He has also served in similar positions with Alaska USA Federal Credit Union, Chugach Electric Association, and the State of Alaska, Department of Public Safety.

    William served in the US Army from 1990 to 1996 as an officer in the Infantry and is a combat veteran for Operation Desert Storm.

  • speaker photo
    Janet Lawless
    CEO & Founder, Center for Threat Intelligence

    Janet is CEO and Founder of Center for Threat Intelligence. Janet established a team of intelligence experts to build a cutting-edge holistic threat intelligence program including assessments, consulting and training. Janet’s former leadership roles at Microsoft and Cisco, creating and managing global programs focused on compliance and security, in addition to her work at a cyber-security start-up, brings a wealth of knowledge in security services. Janet is currently the Chair for ASIS International Puget Sound Chapter, and former Committee Chair for Women in Security. She is Chair Emeritus for the Pacific Coast Analyst Roundtable and a former Board Member for the American Red Cross. She is also a member of InfraGard, the United States Secret Service Cyber Fraud Task Force and the Washington State Fusion Center.

  • speaker photo
    Aryan Taheri
    Certified Ethical Hacker & Principal Architect, Cybersecurity

    Aryan is highly unorthodox and has been a key contributor on multiple disruptive efforts at T-Mobile USA, including BI Retail Dashboards, Managing & Security Mobile Point of Sale Tablets, and SLT devices. He's created T-Mobile's Zero Trust Strategy, and more recently has been tapped to join a select tiger team to deliver MFA Everywhere for Retail.

  • speaker photo
    Barbara Endicott-Popovsky
    Executive Director, Center for Information Assurance and Cybersecurity, University of Washington

    Barbara Endicott-Popovsky, Ph.D., is Executive Director of the Center for Information Assurance and Cybersecurity at the University of Washington, recently re-designated by NSA/DHS as a Center of Academic Excellence in Cyber Defense Education, headquartered at UW Bothell, and a Center of Academic Excellence in Research, headquartered at the APL (Applied Physics Lab). She is a Principal Research Scientist at APL; an Affiliate Professor at UW Bothell’s Department of Computer Science and Systems and UW Seattle’s Department of Urban Planning and Management for the Master of Infrastructure Planning and Management, and adjunct faculty at University of Hawaii Manoa’s Department of Information and Computer Science. She was named Department Fellow at Aberyswyth University Wales (2012). Her academic career follows a 20-year career in industry marked by executive and consulting positions in IT architecture and project management.

  • speaker photo
    Ran Hinrichs
    Lead Instructor, Certificate in Risk Management, University of Washington
  • speaker photo
    Instructor Jordan Fischer
    Cyber Attorney, Global Leader of Privacy Practice Group, Octillo Law

    Jordan Fischer leads Octillo Law's Global Privacy Team, where she represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes