googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, November 6, 2024
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 4:15 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    [PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 1
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am

    Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

    In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.

    You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

    • What are the components of the framework?
    • Why is the framework is valuable?
    • What type of organizations can use the framework?

    Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

    You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

    Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

    We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

    7:30 am
    [PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 1
    • session level icon
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am

    Today’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.

    This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:

    1. How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
    2.  How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
    3. How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
    4. How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
    5. How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.

    The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 4:30 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    Advisory Council Roundtable Breakfast (VIP / Invite only)
    • session level icon
    The Surprising List of CISO Top Concerns
    speaker photo
    CISO, AAA Washington
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:45 am

    Taking a cross-section of recent surveys (ISC2 , Dark Reading, PwC), arguably the top CISO concerns—not “priorities” but “concerns”—are third-party security risks, data manipulation, and burnout. Together, these represent the true CISO-level risks, compared to what’s in the news on a daily basis: AI, ransomware, supply chain and insider risks, cyber warfare, nation-state actors, etc. In this private, closed-door discussion, we challenge whether these three concerns are a correct and complete list, and discuss how/why they differ from those other top CISO priorities. The goal is to walk away with a new-look “to-do list” for your job versus the one with which you walked in.

    This roundtable discussion is for our Advisory Council members only.

    8:00 am
    Engaging with and Driving Innovation in the Cybersecurity Startup Ecosystem
    • session level icon
    speaker photo
    Managing Partner, Holly Ventures
    Registration Level:
    • session level iconConference Pass
    8:00 am - 8:45 am

    Security buyers are often inundated with requests from startups to engage in a variety of ways, making it difficult to separate the signal from the noise. What are these startups really looking for from the security community, and how can security executives and practitioners best leverage their roles to mitigate risk within their organizations, contribute to the broader cybersecurity discussion, and further their careers in an ever-changing industry?

    This talk includes a survey of the cybersecurity venture capital world, as well as the variety of ways that security buyers can contribute to and benefit from the complex and innovative worlds of startups and venture capital.

    8:00 am
    WiCyS Western Washington Affiliate Meeting
    • session level icon
    speaker photo
    WiCyS BISO Affiliate
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:45 am
    8:00 am
    Puget Sound ISSA Chapter Meeting [open to all attendees]
    • session level icon
    Cybersecurity Trends and Lessons Learned from Recent Breaches
    speaker photo
    Outreach Director, Puget Sound ISSA Chapter
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:45 am
    8:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:45 am - 9:00 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    9:00 am
    [Opening Keynote] The Hidden Costs of Cybersecurity: Unveiling the True Price of Protection
    • session level icon
    speaker photo
    CISO, REI
    speaker photo
    Global Head of Cybersecurity, Expedia Group
    speaker photo
    SVP & Global CISO, Providence
    speaker photo
    Executive Director, National Cybersecurity Alliance
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    Location / Room: Keynote Theater

    With cyber threats evolving at an unprecedented pace, organizations are increasingly aware of the need for robust cybersecurity measures. However, the true cost of cybersecurity extends far beyond the visible expenses of software licenses and security personnel. This keynote panel delves into the often-overlooked aspects of cybersecurity that can significantly impact an organization’s bottom line and operational efficiency. The panel explores:

    • The multifaceted nature of cybersecurity costs, beginning with the critical yet often underestimated areas of incident response (IR) readiness and preparedness.
    • The importance of comprehensive business continuity planning, highlighting how inadequate planning can lead to substantial financial losses and reputational damage. The panel cites real-world examples, including the recent CrowdStrike outage, to illustrate the cascading effects of service disruptions on both providers and their clients.
    • The legal aspects of cybersecurity, exploring how regulatory compliance, potential liabilities, and the cost of legal counsel in the aftermath of a breach contribute to the hidden costs of security. Don’t forget the often-underestimated impact of third-party risk and the importance of robust vendor management practices.
    • How to challenge the conventional wisdom of relying heavily on a single security vendor, advocating for a diversified approach that can enhance resilience and reduce dependency risks. The panel also addresses the counterintuitive problem of implementing too many security controls, which can paradoxically slow recovery efforts after an incident and increase operational complexity.
    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:15 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    10:15 am
    1 + 1 = 3: Strengthening Security & Technology Post Acquisition
    • session level icon
    speaker photo
    CIO, KORE Software
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am

    Anyone in technology who has been through a merger or an acquisition, on either side, has experienced that weight of the deal closing and the reality setting in of truly combining companies. You start meeting people, learning about systems, discovering skeletons in the closet, putting together a plan and, before you know it, 6 months are gone – and nothing has gotten done. This presentation addresses some of the real-world challenges of post-merger integration, defines a framework and best practices for you to follow, and calls out some of the common pitfalls to avoid. Having been through multiple transactions (at one point 3 in a 12-month period), Hoffman hopes to be able to leave attendees with a foundation to not only have a successful integration but come out of the process with a team and technology landscape that is stronger than before.

    10:15 am
    [Panel] Beyond the Single Point of Failure
    • session level icon
    Lessons from Recent Vendor Incidents and Strategies for Resilience
    speaker photo
    Partner - Data Protection, Privacy & Security Group, K&L Gates
    speaker photo
    Board Member, Cybersecurity Leader, Angel Investor
    speaker photo
    CISO, DAT Freight & Analytics
    speaker photo
    Head of Security Engineering & Architecture, DAT Freight & Analytics
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am

    Recent incidents involving major cybersecurity vendors like CrowdStrike and Microsoft have highlighted the critical issue of single-point failures in our digital defense ecosystems. This panel session delves into the aftermath of these events and explores the broader implications for organizational cybersecurity strategies. Our expert panel discusses:

    • The dangers of over-reliance on single vendors: Exploring the risks associated with putting all your security eggs in one basket.
    • Developing a multi-vendor strategy: Balancing the benefits of integrated solutions with the need for redundancy and resilience.
    • Incident response planning: Preparing for vendor-related outages or failures as part of your overall cybersecurity strategy.
    • Future outlook: How the industry might evolve to address these challenges.

    Gain valuable insights into creating more resilient security architectures that can withstand vendor-specific incidents.

    10:15 am
    Unmasking Deception: Harnessing Data Analytics for Robust Fraud Detection and Prevention
    • session level icon
    speaker photo
    Security Advisor, Splunk
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am

    The anti-fraud effort continues to grow in complexity and it requires analytics-based insights. An optimized approach for identification and mitigation is needed. Learn to analyze data at the speed of the business.

    10:15 am
    A New Era of Microsegmentation: Starting Your Zero Trust Journey on the Right Foot
    • session level icon
    speaker photo
    VP, Customers, Zero Networks
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am

    In a traditional Zero Trust journey, microsegmentation is often seen as the final, critical line of defense against lateral movement and ransomware—yet it’s notorious for being daunting and complex. Legacy approaches have earned this reputation—costly, complex, labor-intensive, and slow to implement. However, modern microsegmentation flips this script, offering a powerful, streamlined solution that can be implemented in just 30 days.

    By starting your Zero Trust architecture with automated, agentless and MFA-enhanced microsegmentation, you sidestep the typical pitfalls of legacy methods and lay a strong, secure foundation for your entire security strategy. Discover how to accelerate your Zero Trust journey and avoid roadblocks with microsegmentation done right—right from the start.

    11:00 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:00 am - 11:10 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    11:10 am
    Exploiting People: Phishing, Social Engineering, and Con Artists
    • session level icon
    speaker photo
    BISO & Sr. Director of Security, Salesforce
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am

    We have all heard about Phishing, Spear Phishing, Social Engineering, and various new threats like deepfake videos, and AI voice / video fakes.  We all need to defend against them for sure, but what are they and why do they work?  What are the best ways to stop or reduce these threats and their impact on our lives and our businesses?  This talk discusses the human aspects of con jobs, and how we can catch them or reduce their impact on our businesses and lives.

    11:10 am
    Hacking the Boardroom: How to Secure Their Attention While Securing Your Org
    • session level icon
    speaker photo
    Sr. Director, Security GRC & Data Security, Docusign
    speaker photo
    VP, Head of Internal Audit, Docusign
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am

    Cybersecurity is no longer just an IT issue; it’s a boardroom buzzword. But how do you get the board to care about firewalls and phishing without their eyes glazing over? Enter this session, your crash course in translating cyber-speak into something the C-suite will actually understand (and maybe even enjoy).

    This session breaks down how to turn terrifying tactical tech talk into a blueprint for boardroom brilliance. Learn how to frame cyber threats as business risks, sell the ROI of that new security software, and align your pitch with corporate goals – all without triggering a “404: Audience Not Found” error.

    Prepare for some laughs, a lot of lightbulb moments, and the confidence to make your next boardroom chat a smash hit. Whether you’re a cybersecurity wizard or just trying to avoid a crash-and-burn presentation, this talk helps you bridge the gap between the server room and the boardroom.

    11:10 am
    Zero Trust Microsegmentation: It’s Easier Than You Think
    • session level icon
    speaker photo
    Principle Sales Engineer, CISSP, Illumio
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am

    Regardless of the sophistication of the ransomware, the end goal is always the same: get in through a vulnerability and move laterally through your network. Join this presentation as we help peel back the layers to provide you with simple steps to get started that include:

    • Gaining visibility to where you are the most vulnerable
    • Closing risky ports
    • Leveraging tools you already have in place without adding layers of complexity
    11:10 am
    [Panel] Unveiling the Hidden Threat Landscape and Unmasking Digital Villains
    • session level icon
    speaker photo
    Head of Global Solutions Architects, Google Threat Intelligence
    speaker photo
    Solutions Architect, CyberArk
    speaker photo
    Solutions Manager, West Region, Fortinet
    speaker photo
    COO, Emagined Security
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am

    In the shadows of our digital world, a clandestine battle is waged against our data, systems, and infrastructure. These hidden threats, much like the villains of comic books, lurk in the shadows, seeking to exploit vulnerabilities and disrupt our digital lives. Join us as we delve into the ever-evolving threat landscape, unmasking the villains of the digital realm and exploring their nefarious tactics.

    Our panel of cybersecurity experts unravel the intricate world of cyber threats, shedding light on the latest trends, emerging attack vectors, and the ever-expanding arsenal of malicious tools employed by cyber adversaries. Learn the motivations behind these threats, from profit-driven cybercriminals to state-sponsored actors wielding cyberweapons.

    Our panel provides a comprehensive overview of the current threat landscape.

    12:00 pm
    [Lunch Keynote] Drag Racing & Cybersecurity: The Crossover
    • session level icon
    speaker photo
    Associate CISO, St. Luke's University Health Network
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm
    Location / Room: Keynote Theater

    You’d be amazed what you can learn from everyday hobbies or obstacles to help you become a better practitioner. Krista Arndt shares a very personal story of survival after a bad drag racing accident in 2015. It was a life-altering experience and provided perspective on her personal and professional life that drives her every day as a loving mom and wife, volunteer, and successful CISO.

    12:00 pm
    Advisory Council Lunch Roundtable (VIP / Invite Only)
    • session level icon
    Unlocking the Future of Cybersecurity: Strengthening Identity Protection in a Rapidly Evolving Threat Landscape
    speaker photo
    Regional CISO, Okta
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 12:45 pm

    As the level of sophistication in cyberattacks has reached new heights, identity and access management has emerged as a key pillar in safeguarding organizations. This peer-to-peer discussion, moderated by Chris Niggel, Regional CISO at Okta, focuses on how evolving threats are reshaping identity protection and how innovative strategies and technologies are needed in response.

    Come ready to share and explore forward-looking approaches to securing identities and mitigating risks, as well as insights on how to fortify enterprise security in a rapidly changing cyber environment.

    12:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:45 pm - 1:15 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    1:15 pm
    The CISO-CFO-GC Relationship: Building Trust to Move the Business Forward
    • session level icon
    speaker photo
    COO & CFO
    speaker photo
    CISO & Chief Trust Officer
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:00 pm

    Ask any executive leader and they will underscore how important trust is in the go-to-market motion. Today, CISOs can move beyond traditional risk management to drive strategic value as trust owners and architects. As industries such as technology, healthcare, retail, and aerospace evolve, the ability to evidence and communicate trustworthiness is increasingly critical to sustaining market leadership. In this session, a CISO and Chief Trust Officer and an experienced global technology CFO discuss how data protection leaders can align their roles through strategic partnerships with CFOs and General Counsels. Together as the Trust Triad, they elevate trust from a compliance-focused program to a strategic advantage that supports and protects stakeholder, customer, and investor value. Whether your organization operates in sectors with inherited trust (e.g., finance, healthcare, or government), or where trust must be intentionally manufactured (e.g., technology, retail, or aerospace), this session provides practical strategies to align trust investments with strategic value outcomes.

    The discussion will also touch on quantifying value impact of trust, managing diverse value stakeholder, implementing trust culture, and positioning demonstrable trust as a catalyst for the acceleration of the value journey. Tailored for enterprise data protection leaders, this talk offers insights to enhance your influence within the organization and align your practice to the accountable business.

    1:15 pm
    AI-Driven Cybersecurity Education: The Education Game Changer
    • session level icon
    speaker photo
    Program Management Director, Academic Programs, UW Continuum College (UWC2), University of Washington
    speaker photo
    Curriculum Developer and Integrator, NCAE Co-Op, Norwich University
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:00 pm

    Get ready to dive into the future of cybersecurity education! Join us for an electrifying session that showcases how AI is revolutionizing the way we train the next generation of cybersecurity professionals. Alejandro Ayala and Lalitha Subramanian unveil the cutting-edge ‘CyberEd in a Box’ program – a dynamic blend of AI-driven personalization and ethical training that’s closing the gap between academia and industry.

    Discover how tools like ChatGPT are used to create tailored learning experiences that not only boost technical skills but also instill the moral integrity needed to tackle real-world cyber threats. With proven results in student performance and engagement, this innovative program is set to redefine the standards of cybersecurity education.

    Don’t miss out on this opportunity to see how AI is bridging the gap and shaping the future of the cybersecurity workforce. Be part of the conversation that’s turning heads and setting the stage for a new era in education.

    1:15 pm
    [Panel] Securing the Cloud Fortress: Revealing Defense Strategies for the Cloud
    • session level icon
    speaker photo
    Principal Research Scientist, Chainguard
    speaker photo
    Regional VP, Security Solution Sales, NORAM, Dynatrace
    speaker photo
    Technologist, Product Strategy Team, Veeam
    speaker photo
    CTO, Tufin
    speaker photo
    CTO, Washington State Department of Labor and Industries
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    In the ever-expanding digital universe, the cloud has emerged as a powerful tool, enabling organizations to store data, access applications, and operate their businesses with unprecedented agility. However, this vast digital fortress, like any other, is not without its vulnerabilities. Join us as we delve into the realm of cloud security, exploring the hidden defenses employed by cybersecurity superheroes to safeguard the cloud and its inhabitants.

    Our panel of cloud security experts shed light on the unique challenges and strategies involved in protecting cloud-based environments. They discuss the shared responsibility model, the role of cloud providers and customers, and the evolving tools and techniques employed to secure the cloud.

    Our panel provides a comprehensive overview of cloud security, empowering attendees to understand the hidden defenses of the cloud and strengthen their cloud security posture. Learn how to identify and mitigate cloud-based threats, implement robust access controls, and effectively manage cloud security risks.

    1:15 pm
    Preventing Leaks with Forensic Watermarking
    • session level icon
    speaker photo
    CEO & Co-Founder, EchoMark
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    Session description coming soon.

    2:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:10 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    2:10 pm
    CISO Liability After SolarWinds and Uber
    • session level icon
    speaker photo
    Senior Attorney, Clark Hill LLP
    Registration Level:
    • session level iconConference Pass
    2:10 pm - 2:55 pm

    A new era of government criminal prosecution of C-suite executives began in 2022. That year, Uber’s former Chief Security Officer was convicted of criminal obstruction of justice for failing to disclose a breach to the FTC during an ongoing investigation. In 2023, the SEC brought criminal charges against SolarWinds’ CISO for fraud and internal control failures for allegedly misleading investors about the company’s cybersecurity practices. In July 2024, a federal judge tossed most, but not all, of the SEC’s charges against SolarWinds and its CISO. This session discusses the prosecutions of the Uber and SolarWinds CISOs and examines the contours of CISO personal liability following those landmark (and likely more to come) prosecutions.

    2:10 pm
    How to Build Trustworthy and Secure AI Systems: Key Frameworks & Vulnerabilities You Need to Know
    • session level icon
    speaker photo
    Principal | ISO Practice Director | AI Assessment Leader, Schellman
    speaker photo
    Director, Penetration Testing Team, Schellman
    Registration Level:
    • session level iconConference Pass
    2:10 pm - 2:55 pm

    The advancements of artificial intelligence (AI) have taken both popular culture and almost every industry by storm, due to the technology’s far-reaching abilities to augment human skills and bring safety and efficiency to several areas of our everyday lives. But these systems also bring with them a wealth of challenges, from ethics to security. We must be just as concerned about an organizations’ use of AI in critical workflows as we should be about LLMs disclosing sensitive data. How we evaluate these systems security, resilience, and robustness will be driven by well-established bedrock principles in both audit and assessments.

    2:10 pm
    Managing AI Platform Risk: How Security and Engineering Partner to Deliver Trusted Models
    • session level icon
    speaker photo
    Director of Software Engineering, Salesforce
    speaker photo
    Lead Software Engineer, Salesforce
    speaker photo
    Lead Product Security Engineer, Salesforce
    speaker photo
    Director of Strategy & Operations, AI Platform, Salesforce
    Registration Level:
    • session level iconConference Pass
    2:10 pm - 2:55 pm

    This panel discusses why trust is so important to Salesforce and how we approach securing our Generative AI offerings for our customers. The panelists share best practices, tooling, and pitfalls to avoid along the way.

    2:10 pm
    ISC2 Seattle Chapter Meeting and Panel Discussion
    • session level icon
    Securing Success: The Impact of Networking, Education, and Certifications in Cybersecurity
    speaker photo
    Secretary & Webmaster, ISC2 Seattle Chapter
    speaker photo
    Vice President, ISC2 Seattle Chapter
    speaker photo
    Treasurer, ISC2 Seattle Chapter
    speaker photo
    Director at Large, ISC2 Seattle Chapter
    speaker photo
    President, ISC2 Seattle Chapter
    Registration Level:
    • session level iconOpen Sessions
    2:10 pm - 2:55 pm

    This panel discusses the challenges of breaking into cybersecurity and highlights new Certified in Cybersecurity opportunities from the ISC2 Global and how Seattle ISC2 Chapter supports this initiative. Our panelists further discuss the importance of networking, continuing professional development, seeking educational opportunities and being smart about the right certifications in the area of your expertise.

    Join us to learn more about how networking, continuous education, getting certifications and joining professional organization(s) can strengthen your position to secure your next professional role and advance your career.

    3:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:30 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    3:00 pm
    Happy Hour
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: Exhibitor Hall

    Join your peers for conversation and complimentary beverages. This is a great opportunity to network with other security professionals from the area and discuss the hot topics from the day.

     

    3:30 pm
    CLOSING KEYNOTE
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:30 pm - 4:15 pm
    Location / Room: Keynote Theater
    3:45 pm
    [PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 2
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm

    Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

    In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.

    You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

    • What are the components of the framework?
    • Why is the framework is valuable?
    • What type of organizations can use the framework?

    Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

    You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

    Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

    We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

    3:45 pm
    [PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 2
    • session level icon
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm

    Today’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.

    This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:

    1. How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
    2.  How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
    3. How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
    4. How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
    5. How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.

    The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.

  • Thursday, November 7, 2024
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 4:15 pm
    Location / Room: Registration Desk / Lobby

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    [PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 3
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am

    Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

    In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) to understand and actively manage their risk posture.

    You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

    • What are the components of the framework?
    • Why is the framework is valuable?
    • What type of organizations can use the framework?

    Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

    You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

    Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

    We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

    7:30 am
    [PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 3
    • session level icon
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am

    Today’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.

    This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:

    1. How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
    2.  How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
    3. How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
    4. How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
    5. How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.

    The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 4:30 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    Are You in a Dysfunctional Relationship with the HR Department?
    • session level icon
    speaker photo
    Executive Director, National Cybersecurity Alliance
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:45 am

    When HR and security teams understand their respective roles, value each other, and have an open, productive partnership, life is good. They can help each other be more effective and complement each other’s functions. Unfortunately, that symbiotic state can be hard to achieve. For security teams, HR folks can be hard to understand. Sometimes they seem like a great advocate for security, and at other times they can seem more like a blocker of our efforts to better secure the organization.

    For HR professionals, dealing with the security team can be a challenge. For example, the security team might send out an emotionally-triggering simulated phish to everyone in the organization, causing numerous employee complaints that HR has to manage. So what can you do if you don’t have the best relationship with the HR team?

    This talk, based on years of experience navigating the relationship between HR and security teams, will cover the issues that cause the biggest disconnects between HR and security. We’ll look at the issues from both sides and cover proposed solutions for each. Improving the relationships for both departments can lead to happier HR and security professionals who are more effective in their roles, and a company that’s better protected and prepared against cyber threats.

    8:00 am
    Advisory Council Roundtable Breakfast (VIP / Invite only)
    • session level icon
    The Washington State Strategic Threat Intel Center: A Public-Private Partnership
    speaker photo
    Information Security & Compliance Engineer, Costco Wholesale
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:45 am

    Developing meaningful professional relationships and strategically managing your career are vital for success and advancement in the fast-moving cybersecurity ecosystem. Connections are critical in our lives – we cannot do it alone. This closed-door, interactive session provides perspectives and frameworks for expanding your network both internally and across the industry. Come ready to share and hear proven approaches for becoming a trusted advisor to business leaders while raising the profile of your security team.

    We’ll discuss techniques to foster connections through conferences, media, and writing while aligning activities to your long-term career roadmap. Participants will leave ready to proactively network with purpose, find and become mentors and sponsors, and chart a fulfilling career trajectory in cybersecurity.

    8:00 am
    InfraGard Washington State Chapter Meeting [Open to all attendees]
    • session level icon
    Tabletop Exercises and Why I Should Do Them
    speaker photo
    President, Washington State InfraGard Chapter
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:45 am

    This topic is designed for business and technology professionals as well as governance, compliance and security professionals. We discuss the need for, and why it is important to execute, at least on tabletop exercise (TTX) a year. Learn how to run successful TTXs for business and technology teams in two different approaches. We review who should attend these exercises and why. We review real-world scenarios and give the audience a template of how to execute their own exercises in the future. This is an open conversation allowing for questions and answers throughout the presentation.

    8:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:45 am - 9:00 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    9:00 am
    [Opening Keynote] How CISOs Can Elevate Influence and Become a Business Driver
    • session level icon
    speaker photo
    Sr. Director, BISO, Salesforce
    speaker photo
    CISO, Pacific Blue Cross & PBC Solutions
    speaker photo
    CISO, AAA Washington
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    Location / Room: Keynote Theater

    For today’s CISOs, it’s no longer enough to be just technical experts. This panel of top-level cybersecurity professionals representing the regions of Vancouver, B.C., Bozeman, and Seattle, breaks away from talking about the tired mantra of “speaking the language of the business” and instead dives into practical, real-world examples of how security leaders have successfully navigated the business landscape.

    The discussion focuses on actionable strategies and tactics that have helped CISOs gain influence, secure funding, and elevate cybersecurity from a technical function to a critical business driver. Walk away with specific metrics, communication techniques, and actionable insights that have been proven to work in the real world—offering practical takeaways that can be implemented immediately. Get ready for a session that goes beyond the theory and delivers tangible answers to the challenges CISOs face today.

    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:15 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    10:15 am
    [Panel] ASPIRE Your Approach: Repay Engineering by Investing in Application Security
    • session level icon
    speaker photo
    CISO, Valon
    speaker photo
    Head of Security Assurance and Operations, DAT Freight & Analytics
    speaker photo
    CISO, DAT Freight & Analytics
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am

    Challenges with engineering moving faster with their CI/CD pipelines, releases, and environment updates still need security involved to adopt and scale. Security investments often increasingly create friction within the organization. This session helps security professionals look at their AppSec program with a “more investment is good” model. This mantra allows security and engineering—and the business—to scale with quality, speed, and innovation that improves security and fosters better engineering partnerships.

    10:15 am
    [Panel] Navigating the AI Frontier: Developing Robust Strategies and Governance Policies
    • session level icon
    speaker photo
    Director of Educational Technology, West Point Grey Academy, Vancouver BC
    speaker photo
    Director, Information Security, KP LLC
    speaker photo
    Former Deputy Chief Privacy Officer (CPO), Boeing
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am

    As AI continues to revolutionize the business landscape, organizations face the critical challenge of harnessing its potential while mitigating associated risks. This panel session brings together experts from varying industries to explore the intricacies of developing comprehensive AI strategies and governance policies.

    Our distinguished panelists will delve into:

    • The current state of AI adoption across various industries and its impact on cybersecurity
    • Key components of an effective AI strategy, including alignment with business objectives and ethical considerations
    • Designing governance frameworks that ensure responsible AI use while fostering innovation
    • Addressing AI-specific risks, including bias, privacy concerns, and potential security vulnerabilities
    • Regulatory landscape and compliance requirements for AI implementation
    • Best practices for data management and protection in AI-driven environments
    • Ethical considerations in AI development and deployment
    • Strategies for building AI literacy within organizations
    • Future trends and preparing for the evolving AI landscape

    Gain valuable insights into creating balanced, forward-thinking AI strategies that maximize benefits while maintaining robust security and ethical standards. The session provides practical guidance on navigating the complex intersection of AI, business objectives, and regulatory requirements.

    10:15 am
    Bouncing Back from Cyber Calamity: Crafting Watertight Business Continuity Plans
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am
    Business continuity and disaster recovery planning are crucial to help organizations prepare for and recover from cyberattacks or data breaches. This session provides an overview of key strategies and best practices for developing a robust cyber resilience plan. Topics will include conducting a business impact analysis to prioritize critical systems and data, implementing comprehensive backup solutions, formulating incident response procedures, assessing supply chain vulnerabilities, retaining talent, and testing existing plans. Whether preparing for widespread ransomware attacks or isolated system failures, organizations must architect cyber resilience to minimize disruption and bounce back better than before.
    11:00 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:00 am - 11:10 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    11:10 am
    Managing the Massive Changes to Privacy Law in the U.S.
    • session level icon
    speaker photo
    Partner - Data Protection, Privacy & Security Group, K&L Gates
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am

    Session description coming soon.

    11:10 am
    [Panel] Building Trusted Partnerships to Enable Secure Products
    • session level icon
    speaker photo
    Sr. Director, BISO, Salesforce
    speaker photo
    BISO & Sr. Director of Security, Salesforce
    speaker photo
    BISO & Sr. Director of Security, Salesforce
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am

    In today’s interconnected digital ecosystem, the security of any product is only as strong as its weakest link. This panel session explores the critical role of trusted partnerships in developing and maintaining secure products throughout their lifecycle.

    Our distinguished panel delves into the challenges and opportunities of fostering collaborative relationships between vendors, suppliers, and customers to enhance product security. They examine how these partnerships can lead to more robust security measures, improved threat intelligence sharing, and faster response times to emerging vulnerabilities. Key topics include:

    • Establishing trust in the supply chain
    • Collaborative approaches to secure software development
    • The role of transparency in building and maintaining trust
    • Balancing intellectual property concerns with security needs
    • Leveraging partnerships for more effective incident response
    • Case studies of successful security-focused partnerships
    11:10 am
    [Panel] Elevating Security and Incident Response Through Threat Intelligence, Cloud Resilience, and AI Innovations
    • session level icon
    speaker photo
    Sr. Security Operations Analyst, Blumira
    speaker photo
    Field CTO, Varonis
    speaker photo
    President, ISC2 Seattle Chapter
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am

    The battle between cybersecurity defenders and digital villains is an ongoing saga. This forward-looking session will explore the evolution of cyber threats, forecasting the next wave of challenges that organizations and individuals may face; and how to deal with them once. We aim to unmask the upcoming generation of digital villains, examining their sophisticated tactics and exploiting vulnerabilities that may become prevalent in the future.

    Our distinguished panel of cybersecurity experts will dissect the motivations driving these threats, from the ever-adapting strategies of profit-driven cybercriminals to the evolving techniques employed by state-sponsored actors wielding cyberweapons. As we peer into the future, we will also address the role of emerging technologies in reshaping the threat landscape, providing insights that empower organizations to proactively defend against tomorrow’s cyber challenges.

    And SHOULD a breach or ransomware attack occur, the response to an incident is as important as trying to keep the bad actors out in the first place.

    12:00 pm
    [Lunch Keynote] End Game First: A Leadership Strategy for Navigating a Crisis
    • session level icon
    speaker photo
    Mike Lefever, Member, U.S. Global Leadership Coalition's National Security Advisory Council; EVP of National Security, Concentric Advisors; Executive Chairman, Illuminate; Former Commander and Senior Military Representative, Office of the U.S. Defense; Representative to Pakistan, U.S. Embassy, Islamabad
    speaker photo
    Founder & President, AgeLight Advisory & Research Group
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm
    Location / Room: Keynote Theater

    The summer CrowdStrike-Microsoft outage was the first time many businesses were forced to navigate a crisis of epic proportions. Whether your business faced exceptional obstacles during this time or has endured adversity before, the reality is undeniable: crisis is inevitable.

    Like financial management and project planning, crisis navigation is a skill vital for survival, sustainability, and—most importantly—success. No one knows this better than Mike LeFever. He is a retired Vice Admiral with leadership experience in high-risk security environments and translates his unique experiences in military and corporate life into a framework for navigating crises and anticipating next steps before conflict becomes un-survivable.

    12:00 pm
    Advisory Council Roundtable Lunch (VIP / Invite only)
    • session level icon
    Building Your Cybersecurity Community: Connections and Career Growth
    speaker photo
    Information Security Officer, AstrumU
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 12:45 pm

    Moderated discussion for SecureWorld Advisory Council members. By invite only.

    Session description to come.

    12:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:45 pm - 1:15 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    1:15 pm
    Cybersecurity Challenges for Small and Medium Businesses
    • session level icon
    speaker photo
    Director of Cybersecurity and Infrastructure, Mud Bay, Inc.
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:00 pm

    Small and medium businesses (SMBs) are the backbone of the U.S. economy, generating over half of the annual GDP and employing millions of Americans. But they also face unique cybersecurity challenges that can threaten their survival and growth. In this talk, learn how to assess and mitigate the cyber risks that SMBs face, and how to implement a robust cybersecurity program with limited resources and expertise.

    We cover the following topics:

    • The state of SMB cybersecurity in the U.S.
    • The cost and impact of cyber breaches on SMBs
    • The main cyber threats and vulnerabilities that SMBs face
    • The best practices and frameworks for SMB cybersecurity
    • The steps to build or improve your cybersecurity program

    Whether you are an IT manager, a cybersecurity professional, or a business owner, this talk is informative and practical. Walk away with a better understanding of the cyber landscape and the tools and techniques to protect your SMB from cyberattacks.

    1:15 pm
    Building Out Information Security Programs: You're Hired as the CISO, Now What?
    • session level icon
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:00 pm

    New CISOs and experienced CISOs new to organizations face the challenge of building out new, or building upon existing, cybersecurity programs. This peer exchange among CISOs will dive into their approach to building foundational cybersecurity strategies.

    1:15 pm
    How TIAA Is Addressing the Cybersecurity Skill Shortage Internally
    • session level icon
    speaker photo
    Sr. Lead Information Security Business Manager, TIAA
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    This presentation will cover accelerating skill development and cross-department collaboration efficiently and economically. Key takeaway: How to build a cyber guild and utilize it for expanded upskilling and role development.

    1:15 pm
    [Panel] The Secret Potential of AI and ML: Empowering Cyber Superheroes with Artificial Intelligence
    • session level icon
    speaker photo
    Growth Technologies Evangelist, Check Point Software Technologies
    speaker photo
    Field CTO & Sr. Technical Evangelist, Radiant Logic
    speaker photo
    Sr. Sales Engineer, Netwrix
    speaker photo
    Business Information Security Officer (BISO), T-Mobile USA
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    Artificial intelligence (AI) and machine learning (ML) have emerged as powerful tools for cybersecurity professionals, offering the potential to revolutionize how organizations and individuals detect, analyze, and respond to cyber threats. Join us as we delve into the world of AI- and ML-powered cybersecurity, exploring the hidden potential of these technologies and their ability to transform cybersecurity superheroes into formidable defenders of the digital realm.

    Our panel of experts unravel the intricate world of AI and ML in cybersecurity, shedding light on the latest advancements, emerging applications, and the challenges involved in harnessing the power of these technologies effectively. They discuss the use of AI in threat detection and analysis, ML-powered threat prediction, and the potential of AI-driven automated response capabilities.

    Our panel provides a comprehensive overview of AI and ML in cybersecurity, empowering attendees to understand the hidden potential of these technologies and explore how they can be leveraged to enhance their organization’s cybersecurity posture. Learn how to identify and implement AI and ML solutions, overcome the challenges of data privacy and ethics, and embrace the future of AI-powered cybersecurity.

    2:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:10 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    2:10 pm
    [Panel] Cybersecurity Careers Secured: Women Excelling in the Field
    • session level icon
    speaker photo
    CISO, Valon
    speaker photo
    SVP, Global Risk Advisor & Insurance, Marsh
    speaker photo
    Associate Attorney - Data Protection, Privacy & Security Group, K&L Gates LLP
    speaker photo
    Cybersecurity Operations, Puget Sound Energy
    speaker photo
    Director, Advisory, KPMG; BISO, WiCyS
    Registration Level:
    • session level iconConference Pass
    2:10 pm - 2:55 pm

    Join us for an insightful panel discussion that delves into the diverse career positions within the cybersecurity industry, ranging from CISO to cyber law. This session features engaging stories from women who have excelled in their cybersecurity journey, sharing their unique experiences, insights, and career recommendations. Whether you are a seasoned professional or early career, this panel offers thought-provoking perspectives for everyone.

    2:10 pm
    Navigating the Future: Cognitive Computing in the New Age of AI
    • session level icon
    speaker photo
    Chief Technology Officer, Alma Mater Society of UBC, Vancouver
    Registration Level:
    • session level iconConference Pass
    2:10 pm - 2:55 pm

    Cognitive computing represents a revolutionary shift in artificial intelligence, aiming to create a universal algorithm that mirrors the human brain’s capabilities. This advancement enhances our ability to solve diverse problems and paves the way for unprecedented innovations. Imagine a future where humans and machines work in perfect harmony, combining their strengths to achieve remarkable feats. With cognitive computing, this future is not just a possibility; it’s an inevitability, ushering in a new era of intelligence and collaboration.

    2:10 pm
    A Journey Toward Zero Trust
    • session level icon
    speaker photo
    Solutions Architect, Washington Technology Solutions (WaTech)
    Registration Level:
    • session level iconConference Pass
    2:10 pm - 2:55 pm

    The State of Washington has developed and is implementing a roadmap that incorporates a Secure Access Service Edge framework, Secure Service Edge (SSE) capabilities, and zero trust practices to solve a multifaceted problem set driving the need to evolve towards zero-trust. This session will provide a comprehensive overview of how Washington State is converging network and security capabilities using SD-WAN, NGFWs, and SSE to secure its hybrid, multi-cloud, digital ecosystem. Come meet the technologists that have coined the term Cloud Government Network, referring to how the state intends to secure its virtual data centers across the three major Cloud Service Providers.

    2:10 pm
    Partnering with Industry to Protect Our Way of Life
    • session level icon
    speaker photo
    Director, Region 10, DHS CISA
    Registration Level:
    • session level iconOpen Sessions
    2:10 pm - 2:55 pm

    The cyber threats facing the United States are growing increasingly sophisticated. To combat these threats, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is partnering with industry on a range of priorities and products to bolster our cyber defenses.  By working together, we can defend U.S. cyberspace and protect our way of life.

    3:00 pm
    Networking Break and Dash for Prizes
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:30 pm
    Location / Room: Exhibitor Hall

    Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

    Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

    3:45 pm
    [PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 4
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm

    Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

    In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.

    You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

    • What are the components of the framework?
    • Why is the framework is valuable?
    • What type of organizations can use the framework?

    Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

    You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

    Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

    We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

    3:45 pm
    [PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 4
    • session level icon
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm

    Today’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.

    This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:

    1. How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
    2.  How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
    3. How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
    4. How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
    5. How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.

    The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.

Exhibitors
  • Akamai Technologies
    Booth: 200

    Akamai powers and protects life online. Leading companies choose Akamai to build, deliver, and secure digital experiences. With the most distributed compute platform—cloud to edge—customers can build modern apps while keeping experiences closer to users and threats farther away. Learn about Akamai’s security, compute, and delivery solutions at akamai.com.

  • Axonius
    Booth: 310

    Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy with solutions for both cyber asset attack surface management (CAASM) and SaaS management.

  • Blumira
    Booth: 440

    Blumira’s cloud SIEM platform offers both automated threat detection and response, enabling organizations of any size to more efficiently defend against cybersecurity threats in near real-time. It eases the burden of alert fatigue, complexity of log management and lack of IT visibility.

    Blumira’s cloud SIEM can be deployed in hours with broad integration coverage across cloud, endpoint protection, firewall and identity providers including Azure, Office 365, G Suite, Crowdstrike, Okta, Palo Alto, Cisco FTD and many others.

  • Cato Networks
    Booth: 450

    Cato Networks pioneered the convergence of networking and security into the cloud. Aligned with Gartner’s Secure Access Service Edge (SASE) and Security Service Edge (SSE) frameworks, Cato’s vision is to deliver a next generation secure network architecture that eliminates the complexity, costs, and risks associated with legacy IT approaches based on disjointed point solutions. With Cato, organizations securely and optimally connect any user to any application anywhere on the globe. Our cloud-native architecture enables Cato to rapidly deploy new capabilities and maintain optimum security posture, without any effort from the IT teams. With Cato, your IT organization and your business are ready for whatever comes next. For more information, visit https://www.catonetworks.com.

  • Chainguard
    Booth: 140

    Chainguard Images provide the building blocks for a secure software supply chain. Leverage container images that have cryptographic signatures, SBOMs, SLSA provenance, and more to help meet compliance and prevent supply chain attacks.

  • Check Point Software Technologies
    Booth: 230

    Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • Comcast Business
    Booth: 470

    Comcast Business offers a broad suite of technology solutions to keep businesses of all sizes ready for what’s next. With a range of offerings including connectivity, secure networking, advanced cybersecurity, and unified communications solutions, Comcast Business is partnering with business and technology leaders across industries and integrating Masergy, a leader in software defined networking, to help drive businesses forward. We also welcome our new followers from Masergy, who as of 6/30, are now part of the extended Comcast Business community.

  • Concentric AI
    Booth: 240

    Concentric AI delivers data risk assessment, monitoring, and protection for corporate data.

  • Cribl
    Booth: 200

    Cribl makes open observability a reality for today’s tech professionals. The Cribl product suite defies data gravity with radical levels of choice and control. Wherever the data comes from, wherever it needs to go, Cribl delivers the freedom and flexibility to make choices, not compromises. It’s enterprise software that doesn’t suck, enables techprofessionals to do what they need to do, and gives them the ability to say “Yes.” With Cribl, companies have the power to control their data, get more out of existing investments, and shape the observability future.

    Founded in 2018, Cribl is a remote-first company with an office in San Francisco, CA. For more information, visit www.cribl.io or our LinkedIn, Twitter, or Slack community.

  • CyberArk Software
    Booth: 350

    CyberArk (NASDAQ: CYBR) is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including 50 percent of the Fortune 500, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.

  • Cybereason
    Booth: 380

    Cybereason was founded in 2012 by a team of ex-military cybersecurity experts with the mission of detecting and responding to complex cyber-attacks in real time. Cybereason is the only Endpoint Detection and Response platform deployed in user space that detects both known and unknown attacks and connects isolated indicators of compromise to form a complete, contextual attack story. Cybereason’s behavioral analytics engine continuously hunts for adversaries and reveals the timeline, root cause, adversarial activity, related communication and affected endpoints and users of every attack. Cybereason provides security teams with actionable data, enabling fast decision making and proper response.

  • Cyera
    Booth: 195

    Cyera is the data security company that gives businesses context and control over their most valuable asset: data. As a pioneer in Data Security Posture Management, Cyera instantly provides companies visibility over their sensitive data, context over the risk it represents and their security exposure, and automated remediation to reduce the attack surface and ensure operational resilience. We are redefining the way companies secure their data. Learn more at cyera.io.

  • DHS Cybersecurity and Infrastructure Security Agency (CISA), Region 10
    Booth: TBD

    Through CISA’s efforts to understand and advise on cyber and physical risks to the Nation’s critical infrastructure, we help partners strengthen their own capabilities. We connect our stakeholders in industry and government to each other and to resources, analyses, and tools to help them build their own cyber, physical and communications security, and, in turn, strengthen national resilience.

    Led by Regional Director Patrick J. Massey, based in Seattle, Washington, CISA’s Region 10 staff provides cybersecurity, physical infrastructure security, chemical security, and sector outreach services to 271 Tribal Nations and the following states: Alaska, Idaho, Oregon, and Washington.

    Region 10 personnel carry out CISA’s five priorities:

    • Improve supply chain security against cyber threats from malicious actors and the rollout of 5G technologies;
    • Harden federal networks (the civilian .gov domain);
    • Reduce risk at soft targets;
    • Enhance election security; and
    • Protect critical infrastructure that includes industrial control systems and the processes that provide vital services in critical infrastructure.
  • Dynatrace
    Booth: 445

    Dynatrace (NYSE: DT) exists to make the world’s software work perfectly. Our unified software intelligence platform combines broad and deep observability and continuous runtime application security with the most advanced AIOps to provide answers and intelligent automation from data at enormous scale. This enables innovators to modernize and automate cloud operations, deliver software faster and more securely, and ensure flawless digital experiences. That is why the world’s largest organizations trust the Dynatrace® platform to accelerate digital transformation.

  • EchoMark
    Booth: 170

    Enterprise Software as a Service (SaaS) startup providing innovative information security and privacy products to enable the seamless flow of private information.

  • Endace
    Booth: 275

    Customers choose Endace products for one primary reason: they deliver, where competitor products fail. Whether it is capture accuracy, fidelity of time stamps, write-to-disk performance or speed of traffic retrieval, Endace is famous for delivering the very best performing products. Telcos, broadcasters, governments, defence departments, investment banks and many other large enterprises trust our products to help them manage their critical data networks.

  • Entrust
    Booth: 360

    Entrust keeps the world moving safely by enabling trusted identities, payments and data protection around the globe. Today more than ever, people demand seamless, secure experiences, whether they’re crossing borders, making a purchase, or accessing corporate networks. With our unmatched breadth of digital security and credential issuance solutions, it’s no wonder the world’s most entrusted organizations trust us.

  • F5
    Booth: 200

    F5 provides solutions for an application world. F5 helps organizations seamlessly scale cloud, data center, telecommunications, and software defined networking (SDN) deployments to successfully deliver applications and services to anyone, anywhere, at any time. F5 solutions broaden the reach of IT through an open, extensible framework and a rich partner ecosystem of leading technology and orchestration vendors. This approach lets customers pursue the infrastructure model that best fits their needs over time. The world’s largest businesses, service providers, government entities, and consumer brands rely on F5 to stay ahead of cloud, security, and mobility trends

  • Fastly
    Booth: 200

    Expectations for websites and apps are at an all-time high. If they aren’t fast, secure, and highly personalized, users take their business elsewhere. But today’s most innovative companies are thriving by meeting this challenge head on: they’re choosing Fastly and an investment in their developers.

    With Fastly’s powerful edge cloud platform, developers get the tools they need to build the most groundbreaking apps — all optimized for speed, security, and scale — so businesses can effectively transform to compete in today’s markets. Together, we’re building the future of the web.

  • ForeScout Technologies, Inc.
    Booth: 200

    ForeScout Technologies, Inc. has pioneered an agentless approach to network security to address the explosive growth of the Internet of Things (IoT), cloud computing and operational technologies (OT). We offer a highly scalable, heterogeneous platform that provides Global 2000 enterprises and government agencies with agentless visibility and control of today’s vast array of physical and virtual devices the instant they connect to the network. Our technology continuously assesses, remediates and monitors devices and works with disparate security tools to help accelerate incident response, break down silos, automate workflows and optimize existing investments. As of June 30, 2018, more than 2,900 customers in over 80 countries improve their network security and compliance posture with ForeScout solutions.

  • Fortinet
    Booth: 420

    Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.

  • Google Cloud
    Booth: 130

    Google Cloud Security provides organizations with leading infrastructure, platform capabilities and industry solutions to help them solve their most critical business problems. Google Cloud Security helps customers protect their global operations with solutions such as zero trust security, application and data protection, fraud prevention, and threat detection and response.

  • Illumio
    Booth: 160

    We built the Illumio Adaptive Security Platform (ASP)™ to provide unprecedented visualization and control of enterprise applications. Our system constantly inspects and adapts to the computing environment it is protecting, without pause.
    Moreover, since 75 percent of computing interactions never leave the data center, our customers can now have complete visibility behind the firewall, whether it is running in their data center or the vibrant public cloud services of Amazon Web Services, Microsoft Azure, Google Compute Engine, Rackspace, and many others.

  • Immersive Labs
    Booth: 120

    The leader in people-centric cyber resilience.

  • Washington State InfraGard
    Booth: TBD

    InfraGard is a partnership of individuals representing businesses, academic institutions, state and local law enforcement agencies, and communities who are dedicated to collaborating and sharing information to prevent hostile acts against the United States.

    The Evergreen InfraGard Members Alliance area of operation is Washington State and over 600 members. As part of the Western Region, we work closely with the IMAs in Los Angeles, San Diego, Oregon, and Idaho. Our chapter’s mission is, “To protect Washington State’s Infrastructure and critical services by providing a secure platform and trusted community to share experiences and information.”

  • ISC2 Seattle Chapter
    Booth: TBD

    Bringing like-minded professionals together in the Greater Puget Sound region to discuss current tactics, techniques, and procedures within cybersecurity.

  • ISSA Puget Sound Chapter
    Booth: TBD

    ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. Join today.

  • Keysight
    Booth: 225

    Keysight’s portfolio of network security solutions simulate threats, eliminate blind spots, taking control of a rapidly-changing attack surface. Be a hero, not a headline, by proving your network is secure simulating attacks, exposing gaps early, and course correct with step-by-step fixes; protecting users and applications with increased the efficiency, performance, and reliability of your security systems;  patrolling every packet eliminating vulnerable blind spots and decrypt threats hiding in SSL traffic; and practice your cyber skills enhancing your security and attack response skills against real-world threats.

  • Menlo Security
    Booth: 280

    The Menlo Security approach delivers 100% safety via isolation — stopping the never-ending search for risky content, while delivering a seamless end-user experience. Deployed in a public or private cloud, the Menlo Security Isolation Platform reduces security complexity and increases scale by eliminating end-point software and out-dated appliances.

  • National Cybersecurity Alliance
    Booth: TBD

    Our alliance stands for the safe and secure use of all technology. We encourage everyone to do their part to prevent digital wrongdoing of any kind. We build strong partnerships, educate and inspire all to take action to protect ourselves, our families, organizations and nations. Only together can we realize a more secure, interconnected world.

  • Netwrix
    Booth: 100

    Netwrix makes data security easy. Since 2006, Netwrix solutions have been simplifying the lives of security professionals by enabling them to identify and protect sensitive data to reduce the risk of a breach, and to detect, respond to and recover from attacks, limiting their impact.
    More than 13,000 organizations worldwide rely on Netwrix solutions to strengthen their security and compliance posture across all three primary attack vectors: data, identity and infrastructure.

  • Optiv
    Booth: 200

    Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.

  • MySQL
    Booth: 235

    MySQL Enterprise Edition includes the most comprehensive set of advanced features, management tools and technical support to achieve the highest levels of MySQL scalability, security, reliability, and uptime. It reduces the risk, cost, and complexity in developing, deploying, and managing business-critical MySQL applications.

  • Observo.ai
    Booth: 460

    Stop overspending on observability. Observo.ai is an AI-based Observability pipeline that helps you save more than 50% on log management costs and reduce issue resolution time by over 40% without any rip and replace.

  • Ordr
    Booth: 330

    In the hyper-connected enterprise, in which everything from simple IoT devices to complex multi-million-dollar systems are connected, traditional agent-based and human-generated security models simply cannot scale. Ordr solves this problem, providing enterprises with complete visibility and exhaustive control over every class of network-connected device and system. The Ordr Systems Control Engine is the only purpose-built solution to fully map the device flow genome at massive scale, using machine learning to completely and continuously inspect, classify and baseline the behavior of every device. Ordr’s software architecture is unique in its ability to process enormous quantities of data in real-time, using sophisticated AI to deliver closed loop security, automatically generating policies for each class of device and implementing those policies directly through the organization’s existing multi-vendor network and security infrastructure.

  • Radiant Logic, Inc
    Booth: 315

    Radiant Logic is the only solution delivering enterprise-wide identity hygiene at scale, reducing risk and accelerating time to value.

    Our central intelligence hub unifies 100% of an organization’s identity data, delivers 360º observability into your fully harmonized data, and leverages AI powered by deep learning and real-time processing, turning analytics into actionable business intelligence with unmatched precision.

    We make identity work so your business doesn’t just keep up—it outperforms in every way.

  • Robert Half
    Booth: 270

    Robert Half, the world’s first and largest specialized talent solutions firm, connects opportunities at great companies with highly skilled job seekers. We offer contract, temporary and permanent placement solutions for roles in finance and accounting, technology, marketing and creative, legal, and administrative and customer support. Named to Fortune’s World’s Most Admired Companies and 100 Best Companies to Work For® lists and a Forbes Best Employer for Diversity, Robert Half is the parent company of Protiviti®. Robert Half is traded on the New York Stock Exchange (symbol: RHI) and is a member of the S&P 500 index.

  • Rubrik
    Booth: 370

    Rubrik, the Zero Trust Data Security Company, delivers data security and operational resilience for enterprises. Rubrik’s big idea is to provide data security and data protection on a single platform, including Zero Trust Data Protection, ransomware investigation, incident containment, sensitive data discovery and orchestrated application recovery. This means data is ready at all times so you can recover the data you need and avoid paying a ransom. Because when you secure your data, you secure your applications, and you secure your business.

  • SailPoint
    Booth: 375

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • Silverfort
    Booth: 410

    Silverfort protects enterprises from data breaches, cyber attacks and insider threats, by preventing credential compromise and misuse across the entire corporate network and cloud infrastructure. Silverfort leverages patent-pending technology to seamlessly harden the basic authentication and access mechanisms used by all client devices and services, instantly equipping them with the latest authentication and access protection technology without any change or integration.

  • Snyk
    Booth: 210

    Snyk is a developer-first security company that helps organizations use open source and stay secure. Snyk is the only solution that seamlessly and proactively finds and fixes vulnerabilities and license violations in open source dependencies and container images. Founded in 2015, Snyk is based in London, England.

  • Sophos
    Booth: 335

    Sophos delivers superior cybersecurity outcomes by providing cybersecurity as a service to protect companies of all sizes from the most advanced cyberthreats. Our cybersecurity products and services include managed detection and response (MDR), firewall, email, endpoint (XDR), and cloud native security protection. Sophos products and services defend against ransomware, phishing, malware, and more. They connect through the cloud-based Sophos Central management console and are powered by Sophos X-Ops, our cross-domain threat intelligence unit. We provide fully managed security solutions so you can manage your cybersecurity directly with our security operations platform. Or, you can supplement your in-house team with Sophos’ products and services.

  • Splunk
    Booth: 220

    Splunk helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application incidents from becoming major issues, absorb shocks from digital disruptions and accelerate digital transformation.

  • Strike Graph
    Booth: 245

    We provide businesses with a compliance operation and certification platform that empowers them to build trust and unlock revenue at a fraction of the cost and time of traditional solutions.

  • Synopsys
    Booth: 325

    Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

  • Tenable
    Booth: 200

    Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

  • Tevora
    Booth: 320

    Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats. For more information visit https://www.tevora.com.com/.

  • Tufin
    Booth: 260

    As the market leader of award-winning Security Policy Orchestration solutions, Tufin provides enterprises with the ability to streamline the management of security policies across complex, heterogeneous environments. With more than 2,000 customers, Tufin automatically designs, provisions, analyzes and audits network security configuration changes – from the application layer down to the network layer – accurately and securely. It assures business continuity with a tight security posture, rapid service delivery and regulatory compliance across physical, private, public and hybrid cloud environments.

  • Varonis
    Booth: 180

    Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • Veeam Software
    Booth: 365

    Veeam provides a single platform for modernizing backup, accelerating hybrid cloud and securing data. Veeam has 400,000+ customers worldwide, including 82% of the Fortune 500 and 69% of the Global 2,000. Veeam’s 100% channel ecosystem includes global partners, as well as HPE, NetApp, Cisco and Lenovo as exclusive resellers, and boasts more than 35K transacting partners worldwide.

    With offices in more than 30 countries and over 200 industry awards, Veeam is unquestionably the leader in data protection across all environments. In fact, Veeam has been positioned by Gartner, Inc. in the Leaders quadrant of the 2022 Magic Quadrant for Enterprise Backup and Recovery Solutions. Not only does this mark the sixth consecutive time Gartner has recognized Veeam as a Magic Quadrant Leader, but it is the third consecutive year Veeam is positioned highest overall in ability to execute.

  • Wiz
    Booth: 430

    We’re on a mission to help organizations effectively reduce risks in their Cloud environments. Purpose-built for the unique complexities of multi-environment, multi-workload, and multi-project cloud estates, Wiz automatically correlates the critical risk factors to deliver actionable insights  that don’t waste time.

    Wiz connects in minutes using a 100% API-based approach that scans both platform configurations and inside every workload. Our full security stack context surfaces the toxic combinations that show the attackers’ view to a breach. Security and DevOps teams use Wiz workflows to proactively remove risks and prevent them from becoming breaches. For more information, visit www.wiz.io.

  • WiCyS Western Washington Affiliate
    Booth: TBD
  • ZeroFox
    Booth: 190

    Using diverse data sources and artificial intelligence-based analysis, the ZeroFox Platform identifies and remediates targeted phishing attacks, credential compromise, data exfiltration, brand hijacking, executive and location threats and more. The patented ZeroFox SaaS technology processes and protects millions of posts, messages and accounts daily across the social and digital landscape, spanning LinkedIn, Facebook, Slack, Twitter, Instagram, Pastebin, YouTube, mobile app stores, the deep & dark web, domains, email and more.

    Led by a team of information security and high-growth company veterans, ZeroFox has raised funding from NEA, Highland Capital, Intel Capital, Hercules Capital and others, and has collected top industry awards such as Red Herring Top 100 North America, the SINET16 Champion, Dark Reading’s Top Security Startups to Watch, Tech Council of Maryland’s Technology Company of the Year and the Security Tech Trailblazer of the Year.

  • Zero Networks
    Booth: 150

    Zero Networks fixes the root cause of most successful cyberattacks—overly open networks and excessive logon permissions—with a simple, fully automated platform for zero trust segmentation and remote access. Zero Networks learns and automatically restricts network and user access to what’s strictly essential, leveraging multi-factor authentication to stop attacks from spreading.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Kip Boyle, Instructor
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    William Lidster, Moderator
    CISO, AAA Washington

    William serves as the leader of AAA Washington’s information security and compliance efforts. He is responsible to establish a responsive, dynamic, and flexible cybersecurity program to meet continually changing information security, regulatory, and compliance needs in the organization.  William has been with AAA Washington since August of 2017. Other roles that William serves in the company include coordinating business continuity program activities and leading the company through emerging privacy legislation management.

    In the evenings, William instructs graduate and undergraduate cybersecurity courses at the University of Washington and The Penn State University. William completed his Bachelor of Science in Computer Science from the U.S. Military Academy at West Point. He subsequently earned a Masters in Management Information Systems and an MBA from the University of Maryland. In December of 2018, he completed his Doctorate of Philosophy in Cybersecurity and Information Assurance from Capella University.

    Prior to William starting at AAA Washington, he served five years as the Manager of IT Security Engineering at Puget Sound Energy. Prior to that, he also served as the regional CISO for Providence Health and Services. He has also served in similar positions with Alaska USA Federal Credit Union, Chugach Electric Association, and the State of Alaska, Department of Public Safety.

    William served in the U.S. Army from 1990 to 1996 as an officer in the Infantry and is a combat veteran for Operation Desert Storm.

  • speaker photo
    John Brennan
    Managing Partner, Holly Ventures

    John Brennan is the Managing Partner of Holly Ventures, a seed stage venture capital fund that exclusively invests in and supports cybersecurity entrepreneurs at their earliest stages. John has invested in over twenty security startups, with a focus on supporting founders from day one. Having previously served as a Senior Partner at YL Ventures, John's past portfolio work includes Axonius, Orca Security, Medigate, Hunters, Cycode, Vulcan Cyber, Spera, and many others. John holds an MBA from the University of Chicago and a Bachelor of Science from Trinity College in Connecticut.

  • speaker photo
    Zabrina McIntyre, Host
    WiCyS BISO Affiliate

    Zabrina McIntyre is a Director with KPMG focusing on large scale cybersecurity transformations for clients with a focus on compliance. She holds the CISSP and PMP certifications and is working on her PCI QSA. She is a dedicated supporter of Women in Cybersecurity (WiCyS) and is currently on the leadership board for the Business Information Security Officer (BISO) Affiliate.

  • speaker photo
    Andy Stewart, Host
    Outreach Director, Puget Sound ISSA Chapter
  • speaker photo
    Mike Hughes
    CISO, REI

    As the Chief Information Security Officer at REI, I lead a team of cybersecurity professionals who are passionate about protecting the company's data, systems, and customers. I have over 10 years of experience in cybersecurity, spanning various domains such as incident response, forensics, malware analysis, network security, and data protection.

    My mission is to bring honesty, transparency, and integrity to the cybersecurity function, and to partner with other technology and business teams to ensure a balanced and pragmatic approach to our common goals. I leverage my expertise in cybersecurity strategy, policy, governance, and risk management to enable REI's growth and innovation. I also foster a culture of security awareness, education, and empowerment across the organization.

  • speaker photo
    Ambrish Srivastava
    Global Head of Cybersecurity, Expedia Group

    Highly experienced & technically proficient leader with extensive experience in security engineering, product development, operations and compliance. Laser focused on Security architecture, design & implementation, risk reduction, compliance & business orientation. Strong cross-functional skills due to extensive experience in Information Security, Production Support, Software Security and Compliance, Infrastructure and Project Management. Experienced in Cloud Security, System Administration, Networking, Project Management, Process Re- engineering. Result oriented, with a demonstrated ability to effectively respond to changing demands

  • speaker photo
    Adam Zoller
    SVP & Global CISO, Providence

    Adam Zoller is the Chief Information Security Officer for Providence, a system of passionate providers focused on partnering with people to simplify health care. With 50+ hospitals, 1000+ clinics, and hundreds of locally driven programs administered by over 120,000+ caregivers, Providence is improving the health of communities, especially the poor and vulnerable. In this role, Adam is responsible for driving information security strategy and execution across the organization's information ecosystem

  • speaker photo
    Lisa Plaggemier, Moderator
    Executive Director, National Cybersecurity Alliance

    Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.

  • speaker photo
    Matt Hoffmann
    CIO, KORE Software

    Matt Hoffmann is a technology executive with 20+ years in the industry working across development, privacy. security, IT, infrastructure and devops. Throughout his career he has primarily worked with private-equity backed SaaS companies and has been the point person on multiple mergers and acquisitions on both the buy and sell side. In his current role as CIO of KORE Software, he manages engineering, devops, IT and security for a market leading product suite that serves professional sports and entertainment organizations. Working with some of the largest sports and entertainment teams and venues in the world has given him the opportunity to be hands-on with real-world data privacy challenges, large scale infrastructure projects and high-consequence security deployments.

  • speaker photo
    Jake Bernstein, Esq.
    Partner - Data Protection, Privacy & Security Group, K&L Gates

    Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.

  • speaker photo
    Vanessa Pegueros
    Board Member, Cybersecurity Leader, Angel Investor

    Vanessa is an accomplished technology executive with over 30 years of experience. Currently she serves as a Corporate Board Director of the public company Liveperson (NASDAQ: LPSN), Boeing Employee Credit Union, and Prisidio. Formerly she was on the board of Carbon Black (NASDAQ: CBLK) and was part of the transaction to sell Carbon Black to VMware. Vanessa is also very active in angel investing and is a venture partner for Flying Fish Partners.

    Vanessa has held senior leadership positions at organizations such as DocuSign, Expedia, U.S. Bank, and AT&T Wireless. Her expertise spans various domains, including technology architecture and engineering, risk management, cybersecurity, and compliance. Vanessa has a proven track record of successfully building and leading high-performance cybersecurity teams, implementing robust security frameworks and controls, and driving cultural change to foster a strong security mindset within organizations.

    Vanessa's educational background includes a MBA from Stanford University, MS in Telecommunication from the University of Colorado, Boulder and a BS in Engineering from UC Berkeley. She also holds various cybersecurity certifications including CISSP, CRISC, CISM, and GSEC. Relative to her board work, she holds the National Association of Corporate Directors (NACD) Director Professionalism certification.

  • speaker photo
    Erika Voss
    CISO, DAT Freight & Analytics

    Erika Voss offers two decades of extraordinary success in a series of high level roles at top tier companies that include Capital One,
    Salesforce, Oracle Public Cloud, Microsoft Corporation and Amazon Web Services.

    Erika’s invaluable expertise and broad business range have powered a history of developing successful process improvements that
    drive productivity, reliability, and client satisfaction. Such traits have consistently enabled Erika to achieve an impressive command
    of the skills needed to manage ongoing business planning processes while developing strategies to meet future challenges.

    Upon being named as Vice President of Information Security for DAT Freight & Analytics, Erika will lead vision, strategy, and
    execution for all facets of security for this Fortune 500 Supply Chain Logistics corporation, while defining and revising policies,
    procedures, and best practices for security, including application security, access control, authentication, third party risk management,
    and intrusion detection. Dr.. Voss has dedicated herself and her vision as a leader who engages in projects with an “All-In” attitude.

    With a forte for successfully building strong teams and holding a key role leading all facets of finance and strategy, Dr. Voss has
    successfully positioned companies, as a leading expert in its field with respect foundational security basics, fraud, identity, and cloud
    security practices contributing to the following successes:

    ● Effectively manages a team of product and application security engineers, architects, and DevSecOps personnel, continually
    identifying opportunities to reinforce the company’s security posture.
    ● Engages directly with customers, providing information and guidance on the company’s security posture.
    ● Served as the CISO of the company’s cybersecurity program in line with all industry standards and regulatory requirements,
    including SOC2, PCI, SOX, and other industry regulations.

    Combining her proven business instinct with an unprecedented disciplinary work ethic, Erika has continuously exceeded expectations
    in high stake environments throughout her career positioning herself as a key member of each company and a driving force for growth.
    Erika holds a Ph.D. in Cybersecurity from Northcentral University, as well as a Master of Science Degree in Security Administration
    and a Bachelor of Science Degree in Computer Operations Technology from Southwestern College.

  • speaker photo
    Jake Rasko, Moderator
    Head of Security Engineering & Architecture, DAT Freight & Analytics

    Jake Rasko is a passionate technology leader with an unwavering belief in the transformative power of technology to change the world. With a diverse career spanning both IT and Security, he has honed his expertise in building, running, and maintaining critical infrastructure securely at a global scale.

    Over the course of Jake’s professional journey, he has been a part of notable organizations such as Cruise, Salesforce, and most recently, HashiCorp. Now, as the Head of Security Engineering and Architecture at DAT Freight & Analytics, he is dedicated to building a more secure future for the nation’s supply chain.

    With a career that began at the help desk and has since soared to leadership positions in global technology companies, Jake exemplifies the power of continuous growth and learning in the technology industry. His journey is a testament to his adaptability, vision, and unwavering commitment to leveraging technology for positive change.

  • speaker photo
    Elizabeth Schaedler
    Security Advisor, Splunk

    Elizabeth Schaedler is a Splunk Security Advisor and works with customers to develop strategies aligning security and business risks, and how to use risk-based-alerting to address fraud. Elizabeth has an expansive 20-year data center and security background and has spent time in the HPC world in senior positions at Cray Research, HP, RSA, Sun Microsystems, and IBM. She lives in Portland, Oregon, and she and her husband are currently spending their free time clearing out Legos and Barbies left behind by two adult children.

  • speaker photo
    Nicholas DiCola
    VP, Customers, Zero Networks

    Nicholas DiCola is a Security Jedi and the VP of Customers where he leads a global team. Before joining Zero Networks, Nicholas led the Cloud Security Customer Experience Engineering team helping customers unblock deployments and improving products. He also spent 22 years with the United States Marine Corps and retired as a Defensive Cyberspace Weapons Officer after 22 years of total service. He received a Bachelor of Science in Computer Networking and Master of Business Administration from Strayer University. He is a co-author of several books and holds many certifications such as CISSP and CEH. You can follow him on Twitter @MasterSecJedi, GitHub (https://github.com/dicolanl), and LinkedIn (https://www.linkedin.com/in/ndicola/).

  • speaker photo
    Brian Shea
    BISO & Sr. Director of Security, Salesforce

    Brian is an IT Executive with 29 years of experience from Security Operations and Support, Compliance, Risk Management, Technology Innovation, IT Operations and Supportand. Currently, Brian is a Business Information Security Officer (BISO) supporting multiple business units at Salesforce, delivering security and compliance across our people, process, technology, and data. In addition to this, he has worked in Security and GRC at Starbucks, Microsoft, and Bank of America as well as served as a Cybersecurity Advisor for CREATE.ORG, sat on the Board of Technical Advisors for NODUS technologies, served as an alternate to the PCI-DSS Customer Advisory Council, held CISSP and CISM certifications, and has published 2 books and 3 industry papers on security.

  • speaker photo
    Adedolapo (Ade) Gonzalez
    Sr. Director, Security GRC & Data Security, Docusign

    Ade Gonzalez is a Senior Director of Security GRC and Data Security in Docusign. With over 15 years of experience, her expertise spans across building/managing high-performing teams and delivering board-critical programs around Security Governance, Strategy, Risk, Compliance, Data Protection and Cloud Security across various industries (financial services, technology, insurance and so on).

    She also has experience working in different regions across the globe with established presence in South Africa, Ireland, UK and US. She holds a Masters (Cum Laude) in Computer Engineering, majoring in Artificial Intelligence. During her spare time, she enjoys travelling, food, exercising/fitness-related activities and spending quality time with her family, especially with her 3-year-old daughter and miniature-schnauzer.

  • speaker photo
    Michelle Linders Wagner
    VP, Head of Internal Audit, Docusign

    Michelle Linders Wagner, a seasoned risk management executive, brings 25+ years of experience in enhancing compliance and risk posture for Fortune 500 firms. With cyber, compliance, and audit expertise, she builds high performing teams, swiftly identifying fit for purpose solutions that align with business strategy. While she is currently loving her job as the Head of Internal Audit at Docusign, Michelle has loved her prior positions, as well. At Deloitte, she transformed the global risk function; as an executive at Costco, she ran the second line of defense where she matured the global governance, risk, and compliance function; and at SAP, she drove high-priority risk and governance initiatives. Committed to excellence, Michelle excels in leading teams to solve intricate risk challenges.

  • speaker photo
    Tony Steffe
    Principle Sales Engineer, CISSP, Illumio

    Tony is a knowledgeable technical professional with 25+ years of experience developing, integrating, and leading technology projects for enterprise customers. He is effective in sales engineering, Internet security, project management, and computer networking. A skilled life-long student of managing the personal and technical challenges that arise from building something new.

  • speaker photo
    Tim Gallo
    Head of Global Solutions Architects, Google Threat Intelligence

    Tim Gallo is the Head of Global Solutions Architects at Google, he specializes in Cyber Threat Intelligence and Risk everything from Intelligence Operations and Cyber Threat Profile development to risk based analytic approaches to Security Operations. He Joined Google Cloud through the acquisition of Mandiant by Google in 2022, he had spent 5 years at Mandiant prior to the acquisition in a variety of field facing roles covering the aforementioned topics. Before joining Mandiant, Tim leveraged his over 20 years’ experience in information security and intelligence operations to aid in the development and deployment of a number of solutions. Including building client and organizational expertise in Intelligence Led Security and Business Operations. This included the development and product management of some of the first cyber intelligence solutions ever brought to market. These solutions have included threat and vulnerability management tools, IOC prediction algorithms, intelligence services, and strategic intelligence consulting. Today he spends his days helping clients understand the importance of Intelligence as a guiding principle for building out effective security processes and operations and helping clients and vendors find ways to leverage technologies responsibly to build their cyber defense centers and security operations practices. Every once in a while he can be found out in the desert, sometimes on his Harley with a flamethrower, sometimes with just a flamethrower

  • speaker photo
    Dennis Mastin
    Solutions Architect, CyberArk

    Dennis Mastin, CISSP, is a security professional focused on securing the identities of humans and automated workloads. He has been in industry for over 30 years as a software engineer, field sales specialist, and consultant. The past two decades, Dennis focused on Identity and Access Management while at Netscape, Sun Microsystems, and Oracle. Currently, Dennis helps CyberArk customers realize the benefits of securing identities across a wide range of industries.

  • speaker photo
    Dan Migliore
    Solutions Manager, West Region, Fortinet

    Dan Migliore brings over 25 years of experience in the cybersecurity space, with an extensive security related background contributing to industry leaders such as VeriSign, Varonis, Accellion, and Verint. Currently, he serves as a Regional Manager at Fortinet, where he has dedicated the last six years to advancing enhanced security technologies.

    Founded over 20 years ago in Sunnyvale, California, Fortinet is a leader in the evolution of cybersecurity and the convergence of networking and security. With a mission to secure people, devices, and data everywhere, Fortinet boasts the largest integrated portfolio of over 50 enterprise-grade products. Trusted by more than 755,000 customers, Fortinet’s solutions are among the most deployed, patented, and validated in the industry, reflecting Dan’s commitment to delivering proven cybersecurity everywhere it’s needed.

  • speaker photo
    Paul Underwood
    COO, Emagined Security

    Paul Underwood is currently the Chief Operating officer at Emagined Security. Paul has over 30 years of experience working in the Information Security space including 8 years with the US Air Force. Paul was a principal at Digital Signature Trust back in the 90’s working on Public Key Cryptography utilizing Hardware Security Modules to create Root certificates for the Browsers for trusted Root Certificates including the first Entrust Root Certificate to be published in a browser. His experiences have led him to be a knowledgeable and experienced Trusted Security advisor for many fortune 500 customers over the years.

  • speaker photo
    Krista Arndt
    Associate CISO, St. Luke's University Health Network

    Krista Arndt is the Associate CISO at SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day to day operational effectiveness. Krista has been working in information security in various capacities for more than 15 years. In her previous roles, Krista assisted with developing and leading security programs in national healthcare, crypto, finance, and the Department of Defense. She currently holds her CISM and CRISC certifications and NHRA competition driver's license.

    Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council, and is Marketing Committee Chair for Women in CyberSecurity (WiCyS) Delaware Valley Affiliate. Through this service, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.

    When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.

  • speaker photo
    Chris Niggel, Moderator
    Regional CISO, Okta

    Chris is the Regional CISO, Americas at Okta, where he is responsible for corporate security compliance, third-party risk, and responding to customer security inquiries. Prior to Okta, Chris spent 6 years leading the adoption of Cloud Technologies at LinkedIn, helping them grow from 350 to over 6,800 employees. He started his career designing, developing, and delivering content management, system administration, and messaging solutions for customers such as Nestle, Cisco, AMD, Telus, and the US Department of Defense. During the winters, Chris has almost 15 years experience as a Ski Patroller, search & rescue, and teaching ski mountaineering & outdoor survival.

  • speaker photo
    John Gardiner
    COO & CFO

    Winning in the software industry doesn’t come from faking it or even making it. Instead, it takes being great at it, because being exceptional results in a sustainable competitive advantage. Having been a part of great companies that have been honored with awards from Inc. 5000 Fastest Growing Companies, Deloitte Fast 500, Top 50 Best Places to Work in America, and Inc. Best Workplaces, as well as being named the #7 on Glassdoor’s Best Places to Work in America, John Gardiner knows what it takes to be great. His strategic leadership includes serving in numerous high growth software companies as the President, Chief Operating Officer, Chief Strategy Officer, and CFO, including the most successful investment in TA Associates’ 56-year history, earning a stunning 6013% ROI. A strong proponent of the Trust Product Practice, he knows the value it brings to an organizations’ business practices, culture, competitive differentiation, brand, and growth.

  • speaker photo
    Sabino Marquez
    CISO & Chief Trust Officer

    Sabino Marquez' approach to leading cybersecurity as a ‘Trust Product Practice’ has led to substantial returns on security investments, higher value-generation velocity, and enhanced equity valuations. Sabino leads the Trust Product organization as a go-to-market leader, working alongside the productive business to enable and defend value, and transforming stakeholder Trust into a powerful tool for competitive differentiation. Within his key areas of focus, Sabino ensures robust protection mechanisms are in place for stakeholder interests while also leveraging organizational Trust as a distinct advantage in a competitive market landscape. His work has not only brought him recognition as ‘2023 C100 Winner’, but he is also an esteemed thought leader who frequently shares insights in Security Magazine, The Wall Street Journal, and Cyber Security Tribe.

  • speaker photo
    Lalitha Subramanian
    Program Management Director, Academic Programs, UW Continuum College (UWC2), University of Washington

    Lalitha Subramanian, Program Management Director at University of Washington Continuum College, has over a couple of decades of experience designing, developing, and delivering large-scale learning and development strategies and certification programs that empower working professionals build the right strengths, skills, and behaviors for organizational success and career progression. She has proven success coaching industry experts, university instructors, and private company leaders to evolve educational offerings, in the adoption of new technologies with accessibility standards, and has designed exemplary learner-driven digital education offerings to meet the needs of a dynamic global marketplace. Her expertise in educational pedagogical practices incorporating DEIBJ best practices for both in-class and virtual/online environments have been recognized at unit, university and at a national level.

  • speaker photo
    Alejandro Ayala
    Curriculum Developer and Integrator, NCAE Co-Op, Norwich University

    Alejandro Ayala is a rising professional in the field of cybersecurity, pursuing a PhD in 2025 through an NSF Fellowship. Alejandro currently serves as a technical lead, ensuring program integration across multiple universities and industry. Alejandro contributes to the University of Washington’s Certificate in Risk Management in multiple roles. He is the co-founder and President of CyberAlumni, a community of practice focused on continuous professional cybersecurity education across the NCAE Schools. Alejandro has published in the Colloquium for Information Systems Security Education (CISSE), Springer Journal, Future Technologies Conference, and the Human Computer Interaction International Conference innovations in cybersecurity education.

  • speaker photo
    Trevor Dunlap
    Principal Research Scientist, Chainguard

    Trevor Dunlap is a Principal Research Scientist at Chainguard. Trevor obtained a Ph.D. in Computer Science focusing on automatically enhancing vulnerability data to help provide richer information. He has been involved in research ranging from access control, robocalls, and the use of large language models in security domains. Beyond his technical expertise, he is a passionate advocate for securing open source software.

  • speaker photo
    Shaun Stalker
    Regional VP, Security Solution Sales, NORAM, Dynatrace

    Shaun M Stalker, a seasoned professional in the technology sector for over 28 years, has dedicated the last 19 years to the field of cyber-security. He has collaborated with CISOs and security teams, aiding them in enhancing their security posture and mitigating evolving threats. His expertise spans across application security, threat hunting, Zero Day Threats, DLP, Insider Threats, and Zero Trust. Presently, he holds the position of one of the two RVPs for Dynatrace’s Security Solutions team in North America. Outside of his professional life, Shaun is a proud father of five children and a doting grandfather to a four-year-old granddaughter.

  • speaker photo
    Kirsten Stoner
    Technologist, Product Strategy Team, Veeam

    Kirsten Stoner is a Technologist on the Product Strategy team at Veeam Software. With 10 years of software experience, Kirsten has a specialized focus in all things data management including storage, cloud, cybersecurity, and analytics. Through her years working at Veeam, she leads the creation of technical content for product demonstrations, webinars and digital written collateral, engaging audiences globally. Kirsten holds the Veeam Certified Engineer (VMCE) credential with a drive to continuously learn more about customer pain points and the technologies they use to overcome them.

  • speaker photo
    Erez Tadmor
    CTO, Tufin

    Erez Tadmor holds a two-decade career in the ever-evolving information security field, marked by his diverse background in managing various product portfolios and verticals. His expertise spans cloud and network security, automation & orchestration, IAM, fraud detection and prevention. As Tufin's Field CTO, he bridges the gap between customers, marketing, and product teams, educating stakeholders on network security technologies, cybersecurity best practices and Tufin's solutions. Erez holds a track record of strong leadership in both enterprise and startups cybersecurity product management and strategy development.

  • speaker photo
    Mukesh Dixit, Moderator
    CTO, Washington State Department of Labor and Industries

    Chief Technology Officer at Washington State Department of Labor and Industries. Expert level grasp on IT Security governance and management of security in application, infrastructure and cloud domains. Spearheaded teams to do FedRAMP assessments of major cloud service provider giants in the industry. Certifications include CISSP, CCSP, CISA, PCIP, PMP, and AWS-SAA. Formerly PCI-QSA certified with a PCI assessor.

  • speaker photo
    Troy Batterberry
    CEO & Co-Founder, EchoMark
  • speaker photo
    Chirag Patel
    Senior Attorney, Clark Hill LLP

    Chirag H. Patel is a solution-oriented technology and commercial attorney with extensive experience in emerging technologies, artificial intelligence (AI), data privacy, cybersecurity, contracts, e-commerce, and trade secrets. His multi-channel experience encompasses compliance, transactional review, and litigation.

    Chirag’s practice spans diverse industries, including software, e-commerce, cryptocurrency, healthcare, financial services (traditional and FinTech), cannabis, commercial construction, and hospitality sectors.

    His litigation practice includes multimillion-dollar contract disputes, high-stakes consumer class actions, and novel technology issues. Recent cases include national data breach class actions, privacy and wiretapping claims (CIPA), AI discrimination claims, software service (SaaS) and implementation contract disputes, business email compromise, cryptocurrency injunctions, and right of publicity of cases.

    Chirag’s compliance practice focuses on AI, data privacy, and e-commerce. This includes development and advising on AU Acceptable Use Policies (AUPs), AI Audits, data privacy laws, and ecommerce laws. Among other regulatory regimes, Chirag has advised clients on compliance with the HIPPA Privacy Rule, the California Restore Online Shoppers Confidence Act (ROSCA), California Consumer Privacy Act (CCPA), California Automatic Renewal Law (CARL), and Federal Trade Commission (FTC) regulations.

    Chirag has experience with commercial contract review and transactions. He conducts master contract reviews in various industry settings covering issues such as intellectual property rights, data ownership, and terms of service. He also has full-cycle M&A experience, including conducting privacy and cybersecurity due diligence.

  • speaker photo
    Danny Manimbo
    Principal | ISO Practice Director | AI Assessment Leader, Schellman

    Danny Manimbo is a Principal with Schellman based in Denver, Colorado. As a member of Schellman’s West Coast / Mountain region management team, Danny is primarily responsible for leading Schellman's AI and ISO practices as well as the development and oversight of Schellman's attestation services. Danny has been with Schellman for 10 years and has over 13 years of experience in providing information security and data privacy audit and compliance services. Danny has achieved the following certifications relevant to the fields of accounting, auditing, and information systems security and privacy: • Certified Public Accountant (CPA) • Certified Information Systems Security Professional (CISSP) • Certified Information Systems Auditor (CISA) • Certified Internal Auditor (CIA) • Certificate of Cloud Security Knowledge (CCSK) • Certified Information Privacy Professional – United States (CIPP/US)

  • speaker photo
    Kent Blackwell
    Director, Penetration Testing Team, Schellman

    Kent Blackwell is a Director at Schellman, helping lead their penetration testing and offensive security practice. Kent has over fifteen years of experience serving clients in a multitude of industries, including the Department of Defense and top cloud service providers. He got his start in penetration testing evaluating systems as a civilian with the Air Force before later joining Schellman to help build the security practice. A security and privacy enthusiast, Kent is passionate about ensuring people can have confidence in the platforms to which they entrust their data.

  • speaker photo
    Karim Fanadka
    Director of Software Engineering, Salesforce

    As the Director of AI Infrastructure at Salesforce, Karim leads a key team responsible for designing and implementing cloud-based infrastructure and platform tools for the Salesforce AI Platform. Karim and his team focus on architecture, scaling, performance optimization, and infrastructure development to enhance system performance and scalability. They also create methodologies, tools, and frameworks that play a significant role in the 'go-to-production' process for an auto-scaled cloud system.

  • speaker photo
    Milosz Goralczyk
    Lead Software Engineer, Salesforce

    Milosz Goralczyk is a Lead Software Engineer, Scrum Master, Security Champion, and VTO rockstar for the AI Platform team at Salesforce. He owns services in model training areas for Generative AI and Predictive AI, expanding Salesforce Einstein AI impact in cutting-edge AI products. With a deep passion for ML, experimentation, and security, he plays a pivotal role in driving innovation and ensuring robust security standards within his team. Prior to his role at Salesforce, he contributed to Microsoft's Bing and Azure Active Directory, as well as several CRM-focused companies. An entrepreneur at heart, Milosz has founded and successfully managed two companies. He earned his master’s degree with honors from the Military University of Technology, where he published research papers from his work on object-oriented databases.

  • speaker photo
    Kaustubh Sarkar
    Lead Product Security Engineer, Salesforce
  • speaker photo
    Eric Warfel, Moderator
    Director of Strategy & Operations, AI Platform, Salesforce

    Eric is the Director of Strategy & Operations for Salesforce's AI Cloud, where he works on the company’s Trust commitments and leads strategic cross-functional initiatives. He is privileged to work with an exceptional team dedicated to delivering the most trusted AI CRM software on the market.

    Before joining Salesforce, Eric built and led teams in the payments and Fintech industries, focusing on product innovation, business operations, and program management. His career includes roles at Visa, Citi Ventures, PayPal, Gap, and more.

    A Silicon Valley native, Eric has lived and worked across Europe, earning his MBA from the Grenoble Graduate School of Business in France. He now resides in Silicon Valley with his family.

  • speaker photo
    Stephen Bellville
    Secretary & Webmaster, ISC2 Seattle Chapter
  • speaker photo
    Jake Bernstein, Esq.
    Vice President, ISC2 Seattle Chapter

    Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.

  • speaker photo
    Agnieszka (Agnes) Goss
    Treasurer, ISC2 Seattle Chapter
  • speaker photo
    Jean Pawluk
    Director at Large, ISC2 Seattle Chapter

    Jean is an Executive Consultant, ISSA Distinguished Fellow, and honored as a 2015 SC Magazine “Woman of Influence”. With a global focus on strategy, architecture, and technology in the high tech and financial industries, she alternates between technical and executive leadership roles. Once focused on security and cryptography for the financial industry, her current focus is on the use and abuse of blockchains, augmented reality, and the Internet of Things (IoT).

  • speaker photo
    Frank Simorjay, Moderator
    President, ISC2 Seattle Chapter

    Frank Simorjay (CISSP, ISSA Distinguished Fellow) is a cloud security and compliance subject matter expert. Frank works for Microsoft Azure global ecosystem organization as the Lead PM of the Azure automation Blueprint program, that includes the PCI automation blueprint. Frank has written an extensive library of papers, and blogs (http://cloudntech.blogspot.com/)

  • speaker photo
    Happy Hour
  • speaker photo
    Kip Boyle, Instructor
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Kip Boyle, Instructor
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Lisa Plaggemier
    Executive Director, National Cybersecurity Alliance

    Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.

  • speaker photo
    Jenifer Clark
    Information Security & Compliance Engineer, Costco Wholesale

    Experienced Information Security Professional with a demonstrated history of working in the retail industry. Skilled in Operations Management, Sales, Management, Point of Sale (POS) / Fuel Systems, and Inventory Control. Strive to find ways information security can enable and support business and operations teams with solutions. Actively support public/private partnerships with local and federal agencies with emphases on infrastructure, cyber security and community outreach.

  • speaker photo
    Jerry Petru, CISSP, CISM, FBCS, CITP
    President, Washington State InfraGard Chapter

    Mr. Petru is the President of the Washington State InfraGard Chapter and a Fellow of the British Computer Society, The Chartered Institute for IT. He is an innovative, and technically sophisticated professional, offering substantial years of broad-based experience in evaluating large corporate systems. Powered with a comprehensive background in development and implementation, he has authored more than forty-seven different courses based on AIX, Encryption, Linux, Networking, Security, and Virtualization technologies, teaching to an audience of tens of thousands around the world for the past twenty-five years. Mr. Petru has spent more than two years in Ukraine over the past 20 years and has seen much change. Equipped with a proven track record of success in designing and implementing system and policy based on Confidentiality, Integrity, and Availability, to meet business continuity and disaster recovery for long-range strategic plans of Fortune 100 Companies. Mr. Petru is armed with stellar qualifications in all facets of project lifecycle development, from initial analysis and conceptual design to implementation, quality review, and enhancement to optimize operational efficiencies that improve business and IT operations.

  • speaker photo
    Maggie Amato
    Sr. Director, BISO, Salesforce

    Maggie Amato is a dynamic cybersecurity leader with deep expertise in cloud security, AI security, and risk management across technology, healthcare, and federal sectors. As the Business Information Security Officer (BISO) for AI Cloud + CRM Apps at Salesforce, she plays an integral role in advising two Chief Technology Officers on holistic risk management strategies that align with the evolving demands of cutting-edge technologies. Throughout her career, Maggie has been at the forefront of innovation, leading the development of AI-specific security programs, advancing cloud security initiatives at Aetna, and forging impactful public-private partnerships in healthcare. Her leadership and strategic vision have consistently driven transformative security solutions that strengthen organizational resilience.

  • speaker photo
    Rob Davidson
    CISO, Pacific Blue Cross & PBC Solutions

    Rob Davidson brings many years of experience to his role as Chief Information Security Officer at Pacific Blue Cross and Pacific Blue Cross Solutions. His career started with Dell Canada and has progressed though several senior strategic and leadership positions at industry-defining organizations such as Microsoft and Hootsuite. Prior to his recent return to Vancouver, Rob worked through an extended tenure at Microsoft, from the original basics of networking through the launch of the Global Azure Cloud services.

    Rob holds an Executive MBA and maintains his original CISSP certification. He enjoys the opportunity to share with and learn from others who are like-minded in his passion for the Security of People, Information, and Technology.

    In addition to his core work, you will also find him engaged in Board of Directors (and Board advisory) positions, volunteer opportunities, and working to mentor and assist the next generation of security professionals.

  • speaker photo
    William Lidster, Moderator
    CISO, AAA Washington

    William serves as the leader of AAA Washington’s information security and compliance efforts. He is responsible to establish a responsive, dynamic, and flexible cybersecurity program to meet continually changing information security, regulatory, and compliance needs in the organization.  William has been with AAA Washington since August of 2017. Other roles that William serves in the company include coordinating business continuity program activities and leading the company through emerging privacy legislation management.

    In the evenings, William instructs graduate and undergraduate cybersecurity courses at the University of Washington and The Penn State University. William completed his Bachelor of Science in Computer Science from the U.S. Military Academy at West Point. He subsequently earned a Masters in Management Information Systems and an MBA from the University of Maryland. In December of 2018, he completed his Doctorate of Philosophy in Cybersecurity and Information Assurance from Capella University.

    Prior to William starting at AAA Washington, he served five years as the Manager of IT Security Engineering at Puget Sound Energy. Prior to that, he also served as the regional CISO for Providence Health and Services. He has also served in similar positions with Alaska USA Federal Credit Union, Chugach Electric Association, and the State of Alaska, Department of Public Safety.

    William served in the U.S. Army from 1990 to 1996 as an officer in the Infantry and is a combat veteran for Operation Desert Storm.

  • speaker photo
    Nazira Carlage
    CISO, LTK

    A proven senior security leader that drives business-centric innovation through strategy, empowering independence, and inspiring the next generation of enterprise growth from small to large enterprise. Experienced security strategist from Cloud to Enterprise Architecture, change/transitional management, application security, product development, vulnerability assessment, security operations, security engineering, process improvement, and enterprise transformation. A visionary who serves as a catalyst for sustainable change by empowering organizations and people in achieving breakthrough results as they travel to secure digital transformations. A leader that nurtures and empowers teams through communication in fostering cross-functional collaboration and achieving the organization’s goals. A driver of continuous improvement who eliminates single points of failure, transforming complex obstacles into tangible solutions.

  • speaker photo
    Cynthia Damian
    CISO, Valon

    Cynthia Damian is the Chief Information Security Officer at Valon Technologies, an up and coming fintech company innovating the financial and homeowner industry through technology. Cynthia has over 20 years of experience in cybersecurity and risk management holding security leadership and practitioner roles across small to large scale, global organizations including top Fortune companies. She is a mission-driven, people-centric security leader focused on making an impact through building, maturing and innovating cybersecurity and risk organizations with a track record of effectively managing risk and driving high-value outcomes for the business – protecting companies, employees and customers.

    Cynthia has worked across diverse industries including companies such as Twitter/X, Salesforce, T-Mobile, and Starbucks. She also serves as a Board member, advisor, and mentor for various professional organizations in the security and tech community and is passionate about enabling diversity, equity and inclusion in the field one step at a time.

  • speaker photo
    Becky Fricker
    Head of Security Assurance and Operations, DAT Freight & Analytics

    Becky Fricker is the Director of Information Security at DAT Freight & Analytics, where she plays a pivotal role in protecting the company’s digital infrastructure. She oversees Security Operations and Product Security, including areas such as Endpoint Protection and Response, Continuous Threat Exposure Management, Incident Response, and Network Security. Becky holds a Certified Information Systems Security Professional (CISSP) certification, a globally recognized credential that demonstrates her ability to design, implement, and manage a robust cybersecurity program.

    Her extensive background in cybersecurity began with 13 years of service in the NJ Air National Guard, where she held critical roles such as Installation Spectrum Manager and Installation Security Systems Manager. After transitioning to the civilian sector, Becky continued to build her expertise as a Network Security Engineer at Cooper University Health Care. She later took on senior roles in the financial sector and at one of Southern California’s largest utility companies, focusing on information security within critical infrastructure.

    Her academic credentials include an Associate of Science in Electronic Systems Technology, a Bachelor of Arts in Communication and Media Studies, and a Master of Science in Information Technology, specializing in Cybersecurity. Known for her adaptability, mentorship, and strong communication skills, Becky is an invaluable member of the DAT team, continuously driving improvements in the company’s information security programs.

  • speaker photo
    Erika Voss, Moderator
    CISO, DAT Freight & Analytics

    Erika Voss offers two decades of extraordinary success in a series of high level roles at top tier companies that include Capital One,
    Salesforce, Oracle Public Cloud, Microsoft Corporation and Amazon Web Services.

    Erika’s invaluable expertise and broad business range have powered a history of developing successful process improvements that
    drive productivity, reliability, and client satisfaction. Such traits have consistently enabled Erika to achieve an impressive command
    of the skills needed to manage ongoing business planning processes while developing strategies to meet future challenges.

    Upon being named as Vice President of Information Security for DAT Freight & Analytics, Erika will lead vision, strategy, and
    execution for all facets of security for this Fortune 500 Supply Chain Logistics corporation, while defining and revising policies,
    procedures, and best practices for security, including application security, access control, authentication, third party risk management,
    and intrusion detection. Dr.. Voss has dedicated herself and her vision as a leader who engages in projects with an “All-In” attitude.

    With a forte for successfully building strong teams and holding a key role leading all facets of finance and strategy, Dr. Voss has
    successfully positioned companies, as a leading expert in its field with respect foundational security basics, fraud, identity, and cloud
    security practices contributing to the following successes:

    ● Effectively manages a team of product and application security engineers, architects, and DevSecOps personnel, continually
    identifying opportunities to reinforce the company’s security posture.
    ● Engages directly with customers, providing information and guidance on the company’s security posture.
    ● Served as the CISO of the company’s cybersecurity program in line with all industry standards and regulatory requirements,
    including SOC2, PCI, SOX, and other industry regulations.

    Combining her proven business instinct with an unprecedented disciplinary work ethic, Erika has continuously exceeded expectations
    in high stake environments throughout her career positioning herself as a key member of each company and a driving force for growth.
    Erika holds a Ph.D. in Cybersecurity from Northcentral University, as well as a Master of Science Degree in Security Administration
    and a Bachelor of Science Degree in Computer Operations Technology from Southwestern College.

  • speaker photo
    Panel Discussion
  • speaker photo
    Dr. Peter Holowka
    Director of Educational Technology, West Point Grey Academy, Vancouver BC

    Dr. Peter Holowka is passionate about digital transformation and technology leadership, particularly in education. His doctoral research was in cloud computing adoption and organizational leadership. His professional work and academic research centre on the digital transformation journey, particularly the journey from legacy systems towards the cloud. He has received multiple awards for leadership and academic excellence. He was recognized as Member of the Year by the CIO Association of Canada, and currently serves as the Past President of the Vancouver Chapter. Beginning his career as a network and web design specialist, Dr. Holowka also advises a number of businesses, educational institutions, and not-for-profit organizations.

  • speaker photo
    Aaron Hunt
    Director, Information Security, KP LLC

    An Information Security leader with experience establishing resilient security strategies and procedures enhancing the corporate security posture, through evaluation of risk, promoting security awareness and privacy training, management of incident response, managing relationships with customers and business partners, and ensuring continued compliance through internal, customer and certification security audits.

    A proven leader, skilled in managing network and application operations, knowledgeable in many collaboration and web environments and successfully managed services and large scale projects. Experienced in several security frameworks, including ISO 27001, PCI DSS, HITRUST, NIST 800-53, HIPAA, GDPR and SOC.

  • speaker photo
    Marie Olson
    Former Deputy Chief Privacy Officer (CPO), Boeing
  • speaker photo
    Jake Bernstein, Esq.
    Partner - Data Protection, Privacy & Security Group, K&L Gates

    Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.

  • speaker photo
    Maggie Amato
    Sr. Director, BISO, Salesforce

    Maggie Amato is a dynamic cybersecurity leader with deep expertise in cloud security, AI security, and risk management across technology, healthcare, and federal sectors. As the Business Information Security Officer (BISO) for AI Cloud + CRM Apps at Salesforce, she plays an integral role in advising two Chief Technology Officers on holistic risk management strategies that align with the evolving demands of cutting-edge technologies. Throughout her career, Maggie has been at the forefront of innovation, leading the development of AI-specific security programs, advancing cloud security initiatives at Aetna, and forging impactful public-private partnerships in healthcare. Her leadership and strategic vision have consistently driven transformative security solutions that strengthen organizational resilience.

  • speaker photo
    Gowri Quick
    BISO & Sr. Director of Security, Salesforce

    Gowri is a mission-driven, people-centric senior cybersecurity leader with 15 years of experience in Threat Intelligence, Security Operations, Risk Management, and Compliance. As a former FBI agent, Gowri proudly served her country and has also worked in Corporate Security. She holds a Master's Degree in Information Science from the University at Buffalo. Currently, Gowri serves as a Business Information Security Officer (BISO) at Salesforce, advising the President of the Customer Success Group on information security matters. In this role, she represents the Chief Trust Officer when partnering with executive leadership to promote cybersecurity across the Enterprise units.

  • speaker photo
    Brian Shea, Moderator
    BISO & Sr. Director of Security, Salesforce

    Brian is an IT Executive with 29 years of experience from Security Operations and Support, Compliance, Risk Management, Technology Innovation, IT Operations and Supportand. Currently, Brian is a Business Information Security Officer (BISO) supporting multiple business units at Salesforce, delivering security and compliance across our people, process, technology, and data. In addition to this, he has worked in Security and GRC at Starbucks, Microsoft, and Bank of America as well as served as a Cybersecurity Advisor for CREATE.ORG, sat on the Board of Technical Advisors for NODUS technologies, served as an alternate to the PCI-DSS Customer Advisory Council, held CISSP and CISM certifications, and has published 2 books and 3 industry papers on security.

  • speaker photo
    Ian Riley
    Sr. Security Operations Analyst, Blumira

    Ian Riley is a seasoned cybersecurity professional with over a decade of experience in the IT world, including more than six years specifically focused on cyber security. His career highlights include roles as a Senior Security Operations Analyst at Blumira and Cloud Ops at Amazon Web Services (AWS). Ian's expertise lies in security incident response and system hardening, approaching cybersecurity from a defensive standpoint. With a strong background in both cloud operations and security analysis, Ian brings a wealth of knowledge and practical experience to the field of information security.

  • speaker photo
    Brian Vecci
    Field CTO, Varonis

    As Field CTO at Varonis, Brian supports a wide range of security and technology initiatives by helping Varonis’ customers and partner get the most out of the company’s products. In his 20-year technical career, Brian served as a developer, tech architect, engineer and product manager for companies in financial services, legal, and cybersecurity. Brian joined Varonis in 2010 in technical marketing, led education and development, and now serves as the company’s Field CTO. He holds a CISSP certification and frequently speaks on topics related to security and technology. He has been quoted in news sources ranging from The Financial Times to Dark Reading and has made multiple appearances on CNBC. Brian holds a Bachelor’s Degree from The New School in New York City and graduated from The Lakeside School in Seattle, Washington.

  • speaker photo
    Observo.ai Representative
  • speaker photo
    Frank Simorjay, Moderator
    President, ISC2 Seattle Chapter

    Frank Simorjay (CISSP, ISSA Distinguished Fellow) is a cloud security and compliance subject matter expert. Frank works for Microsoft Azure global ecosystem organization as the Lead PM of the Azure automation Blueprint program, that includes the PCI automation blueprint. Frank has written an extensive library of papers, and blogs (http://cloudntech.blogspot.com/)

  • speaker photo
    Mike LeFever
    Mike Lefever, Member, U.S. Global Leadership Coalition's National Security Advisory Council; EVP of National Security, Concentric Advisors; Executive Chairman, Illuminate; Former Commander and Senior Military Representative, Office of the U.S. Defense; Representative to Pakistan, U.S. Embassy, Islamabad

    Vice Admiral (Ret.) Mike LeFever, USN, currently serves as Chief Executive Officer for Concentric. Concentric is a risk management consultancy that specializes in delivering strategic security and intelligence services. In
    addition, he is a member of the network of national security experts for “The Cipher Brief,” a digital based conversation platform to connect the private sector with leading security experts.

    Previously, Mike was the Chief Operating Officer for IOMAXIS, a US technology company specializing in cyber, communications, and computing solutions, and services. He also worked as a senior advisor, mentor, and
    speaker at the McChrystal Group, a leadership and management firm, engaging with senior executives across multinational companies on leadership, strategy, and change management.

    Reflecting his deep experience with and commitment to developing high performance leaders and teams, Mike also served as a Performance Ambassador and Speaker for Liminal Collective and Arena Labs and as a
    senior advisor and mentor for leaders in private industry; the USG’s National Defense University senior level national strategy, leadership, and warfighting courses; and USG Joint Forces. He is also a member of the
    board of advisors at the National Security Institute at George Mason University, Antonin Scalia Law School and a participant on the Atlantic Council Counterterrorism Study Group.

    Mike retired from the United States Navy after over 38 years of service, finishing his military career as the Director of Strategic Operational Planning at the National Counterterrorism Center, within the Office of the
    Director of National Intelligence. He also served as both the Commander of the Office of Defense Representative in Pakistan and the Commander of the Joint Task Force in Pakistan, leading all US Armed Forces in Pakistan between 2008-2011.

    Throughout his career, Mike served in Navy and Joint leadership and command positions at every level. He led disaster relief and humanitarian efforts, the full spectrum of warfare operations, and counterterrorism and
    counterinsurgency operations. Renowned for his effectiveness in navigating cross-cultural, complex, and international environments and building high performance teams, his leadership was directly responsible for
    numerous significant achievements that protected and enhanced the national security of the United States. The hallmark of LeFever’s leadership was his commitment to build and promote lasting partnerships between
    the US and its key allies and coalition partners.

  • speaker photo
    Craig Spiezle, Moderator
    Founder & President, AgeLight Advisory & Research Group

    Craig Spiezle is the Founder and President of AgeLight Advisory & Research Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.

  • speaker photo
    Marc Menninger, Moderator
    Information Security Officer, AstrumU

    Marc Menninger is a seasoned corporate information security and risk management
    professional with more than twenty years of experience. He has held the Certified
    Information Security Systems Professional (CISSP) certification since 2000 and the Certified
    in Risk and Information System Controls (CRISC) certification since 2016.
    Marc’s career started with his service as a Computer and Communications Officer in the
    U.S. Air Force from 1992 to 1997. During his tenure, he led a team of 19 UNIX
    administrators, managing mobile Top Secret fiber optic networks. He was stationed at
    Langley Air Force Base in Virginia and Barksdale Air Force Base in Shreveport, LA, and served
    a short tour in the Persian Gulf during Operation Desert Shield.

    Transitioning to civilian roles, Marc has navigated through several technical and leadership
    positions, building his expertise across the United States—from Dallas to San Francisco and,
    ultimately, Seattle. His roles have included Vice President of Corporate Information Security
    at Washington Mutual Bank, Security Manager at PEMCO Corporation, Senior Security
    Manager at Lighthouse eDiscovery, and Director of Cybersecurity at A Place for Mom.
    Presently, he serves as the Information Security Officer at AstrumU.

    Marc's specialty areas encompass Enterprise Risk Assessment, Information Security
    Program Management, Governance, Risk and Compliance, and more. He lives near Seattle,
    WA, with his family.

  • speaker photo
    Scott Benson
    Director of Cybersecurity and Infrastructure, Mud Bay, Inc.

    Scott Benson is the Director of Cybersecurity and Infrastructure at Mud Bay, with over 25 years of experience in the field. He holds certifications such as CISSP, CEH, and PCIP. Scott leads a team responsible for cybersecurity, infrastructure, and help desk services, ensuring successful business outcomes and compliance with industry standards. He has a strong background in risk management, cloud security, and cybersecurity strategies.

  • speaker photo
    Kathryn Patterson
    Sr. Lead Information Security Business Manager, TIAA

    Kathryn Patterson supports the Global Cybersecurity & Fraud Management organization at TIAA. In prior roles, she managed 3rd Pty Assessment, Regulatory Exam Mgmt and Audit support, and RCSA. Her career spans three industries: healthcare, telecommunications, and financial services, with additional background in program management, business resiliency and internal investigations. She prioritizes collaboration with business partners on best practices, communications, training, and development. Kathryn holds a BA in Organizational Leadership from the University of Oklahoma with a concentration in Criminal Investigations and Intelligence Analysis.

  • speaker photo
    Grant Asplund
    Growth Technologies Evangelist, Check Point Software Technologies

    For more than 20 years, Grant Asplund has been sharing his insights on how businesses can best protect themselves from sophisticated cyber-attacks in an increasingly complex world. As Check Point’s chief evangelist, he travels the world enthralling audiences with his passionate and relational storytelling at conferences like RSA and Next100 CIOs and numerous media interviews. Grant’s wide range of cyber security experience informs his talks, having served in diverse roles ranging from sales, marketing, business development, and senior management for Dome 9, Blue Coat Systems, Neustar, and Altor Networks. As CEO of MetaInfo, he led its acquisition by Neustar. Grant is the host of the CISO Secrets podcast (cp.buzzsprout.com) and the Talking Cloud Podcast (www.talkingcloudpodcast.com) on Cloud security.

  • speaker photo
    Wade Ellery
    Field CTO & Sr. Technical Evangelist, Radiant Logic

    Wade Ellery, Field Chief Technology Officer and Senior Technical Evangelist with Radiant Logic. Wade has extensive experience in enterprise IT direct and channel software, and services, sales and management. He has in-depth knowledge and experience in enterprise IAM, IGA, PAM, ZTA, risk and compliance and IT security challenges. Wade has consulted on some of the largest identity management solutions deployed across Federal and Commercial clients.

  • speaker photo
    Nicholas Matta
    Sr. Sales Engineer, Netwrix
  • speaker photo
    Kevin Murphy, Moderator
    Business Information Security Officer (BISO), T-Mobile USA

    Kevin has more than 25 years of experience in threat intelligence and information security. He was the VP of cybersecurity operations and governance at IOActive.com, a retired NSA intelligence officer, the former director of Windows security architecture at Microsoft, and shipped Windows 10 (not by myself). He holds the CISM, CISSP, CGEIT security certifications.

  • speaker photo
    Cynthia Damian
    CISO, Valon

    Cynthia Damian is the Chief Information Security Officer at Valon Technologies, an up and coming fintech company innovating the financial and homeowner industry through technology. Cynthia has over 20 years of experience in cybersecurity and risk management holding security leadership and practitioner roles across small to large scale, global organizations including top Fortune companies. She is a mission-driven, people-centric security leader focused on making an impact through building, maturing and innovating cybersecurity and risk organizations with a track record of effectively managing risk and driving high-value outcomes for the business – protecting companies, employees and customers.

    Cynthia has worked across diverse industries including companies such as Twitter/X, Salesforce, T-Mobile, and Starbucks. She also serves as a Board member, advisor, and mentor for various professional organizations in the security and tech community and is passionate about enabling diversity, equity and inclusion in the field one step at a time.

  • speaker photo
    Jaki Ferenz
    SVP, Global Risk Advisor & Insurance, Marsh

    Jaki Ferenz is a client risk advisor in the risk and insurance industry with over two decades of experience. She helps clients navigate operational and organizational risks to empower strategic business initiatives. Jaki has extensive experience and knowledge regarding privacy and security (cyber), errors & omissions, directors & officers, property & casualty, and workers' compensation risks, as well as insurance coverage needs. She ensures that her clients are well-prepared to navigate the ever-evolving landscape of cyber threats and protect their valuable assets.

  • speaker photo
    Jane E. Petoskey, Esq.
    Associate Attorney - Data Protection, Privacy & Security Group, K&L Gates LLP

    Jane E. Petoskey is an associate at the firm's Seattle office. She is a member of the Technology Transactions practice group, and primarily services clients under the Data Protection, Privacy, and Security focus area. Jane is also a Certified Information Privacy Professional in the United States (CIPP/US) and Certified Information Privacy Manager (CIPM), and is a Fellow of Information Privacy (FIP).

    Prior to joining the firm, Jane served as a technology transactions and data privacy associate attorney at the Seattle office of an AmLaw 100 firm. Through this role, Jane regularly advised clients of all sizes and industries through privacy and data security matters, including counseling on compliance with domestic and international privacy and data security laws and regulations, including the CCPA, COPPA, GLBA, HIPAA and HITECH, and GDPR.

  • speaker photo
    Jennifer Womack
    Cybersecurity Operations, Puget Sound Energy

    Jennifer Womack has worked for Puget Sound Energy since 2008. She has held various roles within Infrastructure Security, Compliance and Security & Risk. She currently is the Manager of Cyber Security Operations.

  • speaker photo
    Zabrina McIntyre, Moderator
    Director, Advisory, KPMG; BISO, WiCyS

    Zabrina McIntyre is a Director with KPMG focusing on large scale cybersecurity transformations for clients with a focus on compliance. She holds the CISSP and PMP certifications and is working on her PCI QSA. She is a dedicated supporter of Women in Cybersecurity (WiCyS) and is currently on the leadership board for the Business Information Security Officer (BISO) Affiliate.

  • speaker photo
    Hong-Lok Li
    Chief Technology Officer, Alma Mater Society of UBC, Vancouver

    Hong-Lok Li is the Chief Technology Officer at the Alma Mater Society of UBC Vancouver (representing 60,000+ UBC students). He has a strong technical background and 20+ years of experience in large organizations in a multi-platform, integrated computing environment. Hong is a Chartered Engineer (CEng) who earned his Master of Science (MSc.) in AI and Networking at the University of Essex in the United Kingdom. He is also a BCS (British Computer Society) assessor for the Chartered Engineer (CEng) Assessment. Hong believes in fostering a culture of innovation and collaboration and is always passionate about deploying technology to ensure resource optimization and operational excellence.

  • speaker photo
    Andrew Johnson
    Solutions Architect, Washington Technology Solutions (WaTech)

    Andrew Johnson is a Solutions Architect based in Olympia, WA. Andrew serves as the Principal Architect overseeing the state’s adoption of zero trust, Secure Access Service Edge, SD-WAN, and Secure Service Edge. Andrew is responsible to interconnect state government with cloud-based resources and external business partners. Andrew spearheads the state's adoption of new technologies enabling state government to leverage cutting-edge technology in serving the residents of Washington State. Additionally, Andrew modernized the state's DNS system, transitioning it to a hybrid DNS solution that handles both on-premise and cloud-based queries. Andrew is a retired Army Signal Warrant Officer.

  • speaker photo
    Patrick Massey
    Director, Region 10, DHS CISA

    Patrick Massey serves as the Regional Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Region 10 office in Seattle. CISA is committed to improving the security and resiliency of our nation’s infrastructure through collaboration with critical infrastructure owner/operators, governments, industry, and other stakeholders.

  • speaker photo
    Kip Boyle, Instructor
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Best practices & solutions, straight from the source

Join your local cybersecurity community for learning and professional growth!