- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, November 6, 20247:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 4:15 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 1vCISO, Cyber Risk Opportunities LLCRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amHave you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
7:30 am[PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 1Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amToday’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.
This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:
- How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
- How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
- How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
- How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
- How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.
The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.
8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 4:30 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amAdvisory Council Roundtable Breakfast (VIP / Invite only)The Surprising List of CISO Top ConcernsCISO, AAA WashingtonRegistration Level:- VIP / Exclusive
8:00 am - 8:45 amTaking a cross-section of recent surveys (ISC2 , Dark Reading, PwC), arguably the top CISO concerns—not “priorities” but “concerns”—are third-party security risks, data manipulation, and burnout. Together, these represent the true CISO-level risks, compared to what’s in the news on a daily basis: AI, ransomware, supply chain and insider risks, cyber warfare, nation-state actors, etc. In this private, closed-door discussion, we challenge whether these three concerns are a correct and complete list, and discuss how/why they differ from those other top CISO priorities. The goal is to walk away with a new-look “to-do list” for your job versus the one with which you walked in.
This roundtable discussion is for our Advisory Council members only.
8:00 amEngaging with and Driving Innovation in the Cybersecurity Startup EcosystemManaging Partner, Holly VenturesRegistration Level:- Conference Pass
8:00 am - 8:45 amSecurity buyers are often inundated with requests from startups to engage in a variety of ways, making it difficult to separate the signal from the noise. What are these startups really looking for from the security community, and how can security executives and practitioners best leverage their roles to mitigate risk within their organizations, contribute to the broader cybersecurity discussion, and further their careers in an ever-changing industry?
This talk includes a survey of the cybersecurity venture capital world, as well as the variety of ways that security buyers can contribute to and benefit from the complex and innovative worlds of startups and venture capital.
8:00 amWiCyS Western Washington Affiliate MeetingWiCyS BISO AffiliateRegistration Level:- Open Sessions
8:00 am - 8:45 am8:00 amPuget Sound ISSA Chapter Meeting [open to all attendees]Cybersecurity Trends and Lessons Learned from Recent BreachesOutreach Director, Puget Sound ISSA ChapterRegistration Level:- Open Sessions
8:00 am - 8:45 am8:45 amNetworking BreakRegistration Level:- Open Sessions
8:45 am - 9:00 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
9:00 am[Opening Keynote] The Hidden Costs of Cybersecurity: Unveiling the True Price of ProtectionCISO, REIGlobal Head of Cybersecurity, Expedia GroupSVP & Global CISO, ProvidenceExecutive Director, National Cybersecurity AllianceRegistration Level:- Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterWith cyber threats evolving at an unprecedented pace, organizations are increasingly aware of the need for robust cybersecurity measures. However, the true cost of cybersecurity extends far beyond the visible expenses of software licenses and security personnel. This keynote panel delves into the often-overlooked aspects of cybersecurity that can significantly impact an organization’s bottom line and operational efficiency. The panel explores:
- The multifaceted nature of cybersecurity costs, beginning with the critical yet often underestimated areas of incident response (IR) readiness and preparedness.
- The importance of comprehensive business continuity planning, highlighting how inadequate planning can lead to substantial financial losses and reputational damage. The panel cites real-world examples, including the recent CrowdStrike outage, to illustrate the cascading effects of service disruptions on both providers and their clients.
- The legal aspects of cybersecurity, exploring how regulatory compliance, potential liabilities, and the cost of legal counsel in the aftermath of a breach contribute to the hidden costs of security. Don’t forget the often-underestimated impact of third-party risk and the importance of robust vendor management practices.
- How to challenge the conventional wisdom of relying heavily on a single security vendor, advocating for a diversified approach that can enhance resilience and reduce dependency risks. The panel also addresses the counterintuitive problem of implementing too many security controls, which can paradoxically slow recovery efforts after an incident and increase operational complexity.
9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:15 am1 + 1 = 3: Strengthening Security & Technology Post AcquisitionCIO, KORE SoftwareRegistration Level:- Conference Pass
10:15 am - 11:00 amAnyone in technology who has been through a merger or an acquisition, on either side, has experienced that weight of the deal closing and the reality setting in of truly combining companies. You start meeting people, learning about systems, discovering skeletons in the closet, putting together a plan and, before you know it, 6 months are gone – and nothing has gotten done. This presentation addresses some of the real-world challenges of post-merger integration, defines a framework and best practices for you to follow, and calls out some of the common pitfalls to avoid. Having been through multiple transactions (at one point 3 in a 12-month period), Hoffman hopes to be able to leave attendees with a foundation to not only have a successful integration but come out of the process with a team and technology landscape that is stronger than before.
10:15 am[Panel] Beyond the Single Point of FailureLessons from Recent Vendor Incidents and Strategies for ResiliencePartner - Data Protection, Privacy & Security Group, K&L GatesBoard Member, Cybersecurity Leader, Angel InvestorCISO, DAT Freight & AnalyticsHead of Security Engineering & Architecture, DAT Freight & AnalyticsRegistration Level:- Conference Pass
10:15 am - 11:00 amRecent incidents involving major cybersecurity vendors like CrowdStrike and Microsoft have highlighted the critical issue of single-point failures in our digital defense ecosystems. This panel session delves into the aftermath of these events and explores the broader implications for organizational cybersecurity strategies. Our expert panel discusses:
- The dangers of over-reliance on single vendors: Exploring the risks associated with putting all your security eggs in one basket.
- Developing a multi-vendor strategy: Balancing the benefits of integrated solutions with the need for redundancy and resilience.
- Incident response planning: Preparing for vendor-related outages or failures as part of your overall cybersecurity strategy.
- Future outlook: How the industry might evolve to address these challenges.
Gain valuable insights into creating more resilient security architectures that can withstand vendor-specific incidents.
10:15 amUnmasking Deception: Harnessing Data Analytics for Robust Fraud Detection and PreventionSecurity Advisor, SplunkRegistration Level:- Open Sessions
10:15 am - 11:00 amThe anti-fraud effort continues to grow in complexity and it requires analytics-based insights. An optimized approach for identification and mitigation is needed. Learn to analyze data at the speed of the business.
10:15 amA New Era of Microsegmentation: Starting Your Zero Trust Journey on the Right FootVP, Customers, Zero NetworksRegistration Level:- Open Sessions
10:15 am - 11:00 amIn a traditional Zero Trust journey, microsegmentation is often seen as the final, critical line of defense against lateral movement and ransomware—yet it’s notorious for being daunting and complex. Legacy approaches have earned this reputation—costly, complex, labor-intensive, and slow to implement. However, modern microsegmentation flips this script, offering a powerful, streamlined solution that can be implemented in just 30 days.
By starting your Zero Trust architecture with automated, agentless and MFA-enhanced microsegmentation, you sidestep the typical pitfalls of legacy methods and lay a strong, secure foundation for your entire security strategy. Discover how to accelerate your Zero Trust journey and avoid roadblocks with microsegmentation done right—right from the start.
11:00 amNetworking BreakRegistration Level:- Open Sessions
11:00 am - 11:10 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
11:10 amExploiting People: Phishing, Social Engineering, and Con ArtistsBISO & Sr. Director of Security, SalesforceRegistration Level:- Conference Pass
11:10 am - 11:55 amWe have all heard about Phishing, Spear Phishing, Social Engineering, and various new threats like deepfake videos, and AI voice / video fakes. We all need to defend against them for sure, but what are they and why do they work? What are the best ways to stop or reduce these threats and their impact on our lives and our businesses? This talk discusses the human aspects of con jobs, and how we can catch them or reduce their impact on our businesses and lives.
11:10 amHacking the Boardroom: How to Secure Their Attention While Securing Your OrgSr. Director, Security GRC & Data Security, DocusignVP, Head of Internal Audit, DocusignRegistration Level:- Conference Pass
11:10 am - 11:55 amCybersecurity is no longer just an IT issue; it’s a boardroom buzzword. But how do you get the board to care about firewalls and phishing without their eyes glazing over? Enter this session, your crash course in translating cyber-speak into something the C-suite will actually understand (and maybe even enjoy).
This session breaks down how to turn terrifying tactical tech talk into a blueprint for boardroom brilliance. Learn how to frame cyber threats as business risks, sell the ROI of that new security software, and align your pitch with corporate goals – all without triggering a “404: Audience Not Found” error.
Prepare for some laughs, a lot of lightbulb moments, and the confidence to make your next boardroom chat a smash hit. Whether you’re a cybersecurity wizard or just trying to avoid a crash-and-burn presentation, this talk helps you bridge the gap between the server room and the boardroom.
11:10 amZero Trust Microsegmentation: It’s Easier Than You ThinkPrinciple Sales Engineer, CISSP, IllumioRegistration Level:- Open Sessions
11:10 am - 11:55 amRegardless of the sophistication of the ransomware, the end goal is always the same: get in through a vulnerability and move laterally through your network. Join this presentation as we help peel back the layers to provide you with simple steps to get started that include:
- Gaining visibility to where you are the most vulnerable
- Closing risky ports
- Leveraging tools you already have in place without adding layers of complexity
11:10 am[Panel] Unveiling the Hidden Threat Landscape and Unmasking Digital VillainsHead of Global Solutions Architects, Google Threat IntelligenceSolutions Architect, CyberArkSolutions Manager, West Region, FortinetCOO, Emagined SecurityRegistration Level:- Open Sessions
11:10 am - 11:55 amIn the shadows of our digital world, a clandestine battle is waged against our data, systems, and infrastructure. These hidden threats, much like the villains of comic books, lurk in the shadows, seeking to exploit vulnerabilities and disrupt our digital lives. Join us as we delve into the ever-evolving threat landscape, unmasking the villains of the digital realm and exploring their nefarious tactics.
Our panel of cybersecurity experts unravel the intricate world of cyber threats, shedding light on the latest trends, emerging attack vectors, and the ever-expanding arsenal of malicious tools employed by cyber adversaries. Learn the motivations behind these threats, from profit-driven cybercriminals to state-sponsored actors wielding cyberweapons.
Our panel provides a comprehensive overview of the current threat landscape.
12:00 pm[Lunch Keynote] Drag Racing & Cybersecurity: The CrossoverAssociate CISO, St. Luke's University Health NetworkRegistration Level:- Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterYou’d be amazed what you can learn from everyday hobbies or obstacles to help you become a better practitioner. Krista Arndt shares a very personal story of survival after a bad drag racing accident in 2015. It was a life-altering experience and provided perspective on her personal and professional life that drives her every day as a loving mom and wife, volunteer, and successful CISO.
12:00 pmAdvisory Council Lunch Roundtable (VIP / Invite Only)Unlocking the Future of Cybersecurity: Strengthening Identity Protection in a Rapidly Evolving Threat LandscapeRegional CISO, OktaRegistration Level:- VIP / Exclusive
12:00 pm - 12:45 pmAs the level of sophistication in cyberattacks has reached new heights, identity and access management has emerged as a key pillar in safeguarding organizations. This peer-to-peer discussion, moderated by Chris Niggel, Regional CISO at Okta, focuses on how evolving threats are reshaping identity protection and how innovative strategies and technologies are needed in response.
Come ready to share and explore forward-looking approaches to securing identities and mitigating risks, as well as insights on how to fortify enterprise security in a rapidly changing cyber environment.
12:45 pmNetworking BreakRegistration Level:- Open Sessions
12:45 pm - 1:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pmThe CISO-CFO-GC Relationship: Building Trust to Move the Business ForwardCOO & CFOCISO & Chief Trust OfficerRegistration Level:- Conference Pass
1:15 pm - 2:00 pmAsk any executive leader and they will underscore how important trust is in the go-to-market motion. Today, CISOs can move beyond traditional risk management to drive strategic value as trust owners and architects. As industries such as technology, healthcare, retail, and aerospace evolve, the ability to evidence and communicate trustworthiness is increasingly critical to sustaining market leadership. In this session, a CISO and Chief Trust Officer and an experienced global technology CFO discuss how data protection leaders can align their roles through strategic partnerships with CFOs and General Counsels. Together as the Trust Triad, they elevate trust from a compliance-focused program to a strategic advantage that supports and protects stakeholder, customer, and investor value. Whether your organization operates in sectors with inherited trust (e.g., finance, healthcare, or government), or where trust must be intentionally manufactured (e.g., technology, retail, or aerospace), this session provides practical strategies to align trust investments with strategic value outcomes.
The discussion will also touch on quantifying value impact of trust, managing diverse value stakeholder, implementing trust culture, and positioning demonstrable trust as a catalyst for the acceleration of the value journey. Tailored for enterprise data protection leaders, this talk offers insights to enhance your influence within the organization and align your practice to the accountable business.
1:15 pmAI-Driven Cybersecurity Education: The Education Game ChangerProgram Management Director, Academic Programs, UW Continuum College (UWC2), University of WashingtonCurriculum Developer and Integrator, NCAE Co-Op, Norwich UniversityRegistration Level:- Conference Pass
1:15 pm - 2:00 pmGet ready to dive into the future of cybersecurity education! Join us for an electrifying session that showcases how AI is revolutionizing the way we train the next generation of cybersecurity professionals. Alejandro Ayala and Lalitha Subramanian unveil the cutting-edge ‘CyberEd in a Box’ program – a dynamic blend of AI-driven personalization and ethical training that’s closing the gap between academia and industry.
Discover how tools like ChatGPT are used to create tailored learning experiences that not only boost technical skills but also instill the moral integrity needed to tackle real-world cyber threats. With proven results in student performance and engagement, this innovative program is set to redefine the standards of cybersecurity education.
Don’t miss out on this opportunity to see how AI is bridging the gap and shaping the future of the cybersecurity workforce. Be part of the conversation that’s turning heads and setting the stage for a new era in education.
1:15 pm[Panel] Securing the Cloud Fortress: Revealing Defense Strategies for the CloudPrincipal Research Scientist, ChainguardRegional VP, Security Solution Sales, NORAM, DynatraceTechnologist, Product Strategy Team, VeeamCTO, TufinCTO, Washington State Department of Labor and IndustriesRegistration Level:- Open Sessions
1:15 pm - 2:00 pmIn the ever-expanding digital universe, the cloud has emerged as a powerful tool, enabling organizations to store data, access applications, and operate their businesses with unprecedented agility. However, this vast digital fortress, like any other, is not without its vulnerabilities. Join us as we delve into the realm of cloud security, exploring the hidden defenses employed by cybersecurity superheroes to safeguard the cloud and its inhabitants.
Our panel of cloud security experts shed light on the unique challenges and strategies involved in protecting cloud-based environments. They discuss the shared responsibility model, the role of cloud providers and customers, and the evolving tools and techniques employed to secure the cloud.
Our panel provides a comprehensive overview of cloud security, empowering attendees to understand the hidden defenses of the cloud and strengthen their cloud security posture. Learn how to identify and mitigate cloud-based threats, implement robust access controls, and effectively manage cloud security risks.
1:15 pmPreventing Leaks with Forensic WatermarkingCEO & Co-Founder, EchoMarkRegistration Level:- Open Sessions
1:15 pm - 2:00 pmSession description coming soon.
2:00 pmNetworking BreakRegistration Level:- Open Sessions
2:00 pm - 2:10 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:10 pmCISO Liability After SolarWinds and UberSenior Attorney, Clark Hill LLPRegistration Level:- Conference Pass
2:10 pm - 2:55 pmA new era of government criminal prosecution of C-suite executives began in 2022. That year, Uber’s former Chief Security Officer was convicted of criminal obstruction of justice for failing to disclose a breach to the FTC during an ongoing investigation. In 2023, the SEC brought criminal charges against SolarWinds’ CISO for fraud and internal control failures for allegedly misleading investors about the company’s cybersecurity practices. In July 2024, a federal judge tossed most, but not all, of the SEC’s charges against SolarWinds and its CISO. This session discusses the prosecutions of the Uber and SolarWinds CISOs and examines the contours of CISO personal liability following those landmark (and likely more to come) prosecutions.
2:10 pmHow to Build Trustworthy and Secure AI Systems: Key Frameworks & Vulnerabilities You Need to KnowPrincipal | ISO Practice Director | AI Assessment Leader, SchellmanDirector, Penetration Testing Team, SchellmanRegistration Level:- Conference Pass
2:10 pm - 2:55 pmThe advancements of artificial intelligence (AI) have taken both popular culture and almost every industry by storm, due to the technology’s far-reaching abilities to augment human skills and bring safety and efficiency to several areas of our everyday lives. But these systems also bring with them a wealth of challenges, from ethics to security. We must be just as concerned about an organizations’ use of AI in critical workflows as we should be about LLMs disclosing sensitive data. How we evaluate these systems security, resilience, and robustness will be driven by well-established bedrock principles in both audit and assessments.
2:10 pmManaging AI Platform Risk: How Security and Engineering Partner to Deliver Trusted ModelsDirector of Software Engineering, SalesforceLead Software Engineer, SalesforceLead Product Security Engineer, SalesforceDirector of Strategy & Operations, AI Platform, SalesforceRegistration Level:- Conference Pass
2:10 pm - 2:55 pmThis panel discusses why trust is so important to Salesforce and how we approach securing our Generative AI offerings for our customers. The panelists share best practices, tooling, and pitfalls to avoid along the way.
2:10 pmISC2 Seattle Chapter Meeting and Panel DiscussionSecuring Success: The Impact of Networking, Education, and Certifications in CybersecuritySecretary & Webmaster, ISC2 Seattle ChapterVice President, ISC2 Seattle ChapterTreasurer, ISC2 Seattle ChapterDirector at Large, ISC2 Seattle ChapterPresident, ISC2 Seattle ChapterRegistration Level:- Open Sessions
2:10 pm - 2:55 pmThis panel discusses the challenges of breaking into cybersecurity and highlights new Certified in Cybersecurity opportunities from the ISC2 Global and how Seattle ISC2 Chapter supports this initiative. Our panelists further discuss the importance of networking, continuing professional development, seeking educational opportunities and being smart about the right certifications in the area of your expertise.
Join us to learn more about how networking, continuous education, getting certifications and joining professional organization(s) can strengthen your position to secure your next professional role and advance your career.
3:00 pmNetworking BreakRegistration Level:- Open Sessions
3:00 pm - 3:30 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
3:00 pmHappy HourRegistration Level:- Open Sessions
3:00 pm - 3:45 pmLocation / Room: Exhibitor HallJoin your peers for conversation and complimentary beverages. This is a great opportunity to network with other security professionals from the area and discuss the hot topics from the day.
3:30 pmCLOSING KEYNOTERegistration Level:- Open Sessions
3:30 pm - 4:15 pmLocation / Room: Keynote Theater3:45 pm[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 2vCISO, Cyber Risk Opportunities LLCRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmHave you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
3:45 pm[PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 2Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmToday’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.
This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:
- How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
- How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
- How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
- How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
- How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.
The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.
- Thursday, November 7, 20247:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 4:15 pmLocation / Room: Registration Desk / LobbyCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 3vCISO, Cyber Risk Opportunities LLCRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amHave you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
7:30 am[PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 3Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amToday’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.
This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:
- How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
- How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
- How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
- How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
- How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.
The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.
8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 4:30 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amAre You in a Dysfunctional Relationship with the HR Department?Executive Director, National Cybersecurity AllianceRegistration Level:- Open Sessions
8:00 am - 8:45 amWhen HR and security teams understand their respective roles, value each other, and have an open, productive partnership, life is good. They can help each other be more effective and complement each other’s functions. Unfortunately, that symbiotic state can be hard to achieve. For security teams, HR folks can be hard to understand. Sometimes they seem like a great advocate for security, and at other times they can seem more like a blocker of our efforts to better secure the organization.
For HR professionals, dealing with the security team can be a challenge. For example, the security team might send out an emotionally-triggering simulated phish to everyone in the organization, causing numerous employee complaints that HR has to manage. So what can you do if you don’t have the best relationship with the HR team?
This talk, based on years of experience navigating the relationship between HR and security teams, will cover the issues that cause the biggest disconnects between HR and security. We’ll look at the issues from both sides and cover proposed solutions for each. Improving the relationships for both departments can lead to happier HR and security professionals who are more effective in their roles, and a company that’s better protected and prepared against cyber threats.
8:00 amAdvisory Council Roundtable Breakfast (VIP / Invite only)The Washington State Strategic Threat Intel Center: A Public-Private PartnershipInformation Security & Compliance Engineer, Costco WholesaleRegistration Level:- VIP / Exclusive
8:00 am - 8:45 amDeveloping meaningful professional relationships and strategically managing your career are vital for success and advancement in the fast-moving cybersecurity ecosystem. Connections are critical in our lives – we cannot do it alone. This closed-door, interactive session provides perspectives and frameworks for expanding your network both internally and across the industry. Come ready to share and hear proven approaches for becoming a trusted advisor to business leaders while raising the profile of your security team.
We’ll discuss techniques to foster connections through conferences, media, and writing while aligning activities to your long-term career roadmap. Participants will leave ready to proactively network with purpose, find and become mentors and sponsors, and chart a fulfilling career trajectory in cybersecurity.
8:00 amInfraGard Washington State Chapter Meeting [Open to all attendees]Tabletop Exercises and Why I Should Do ThemPresident, Washington State InfraGard ChapterRegistration Level:- Open Sessions
8:00 am - 8:45 amThis topic is designed for business and technology professionals as well as governance, compliance and security professionals. We discuss the need for, and why it is important to execute, at least on tabletop exercise (TTX) a year. Learn how to run successful TTXs for business and technology teams in two different approaches. We review who should attend these exercises and why. We review real-world scenarios and give the audience a template of how to execute their own exercises in the future. This is an open conversation allowing for questions and answers throughout the presentation.
8:45 amNetworking BreakRegistration Level:- Open Sessions
8:45 am - 9:00 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
9:00 am[Opening Keynote] How CISOs Can Elevate Influence and Become a Business DriverSr. Director, BISO, SalesforceCISO, Pacific Blue Cross & PBC SolutionsCISO, AAA WashingtonRegistration Level:- Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterFor today’s CISOs, it’s no longer enough to be just technical experts. This panel of top-level cybersecurity professionals representing the regions of Vancouver, B.C., Bozeman, and Seattle, breaks away from talking about the tired mantra of “speaking the language of the business” and instead dives into practical, real-world examples of how security leaders have successfully navigated the business landscape.
The discussion focuses on actionable strategies and tactics that have helped CISOs gain influence, secure funding, and elevate cybersecurity from a technical function to a critical business driver. Walk away with specific metrics, communication techniques, and actionable insights that have been proven to work in the real world—offering practical takeaways that can be implemented immediately. Get ready for a session that goes beyond the theory and delivers tangible answers to the challenges CISOs face today.
9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:15 am[Panel] ASPIRE Your Approach: Repay Engineering by Investing in Application SecurityCISO, LTKCISO, ValonHead of Security Assurance and Operations, DAT Freight & AnalyticsCISO, DAT Freight & AnalyticsRegistration Level:- Conference Pass
10:15 am - 11:00 amChallenges with engineering moving faster with their CI/CD pipelines, releases, and environment updates still need security involved to adopt and scale. Security investments often increasingly create friction within the organization. This session helps security professionals look at their AppSec program with a “more investment is good” model. This mantra allows security and engineering—and the business—to scale with quality, speed, and innovation that improves security and fosters better engineering partnerships.
10:15 am[Panel] Navigating the AI Frontier: Developing Robust Strategies and Governance PoliciesDirector of Educational Technology, West Point Grey Academy, Vancouver BCDirector, Information Security, KP LLCFormer Deputy Chief Privacy Officer (CPO), BoeingRegistration Level:- Conference Pass
10:15 am - 11:00 amAs AI continues to revolutionize the business landscape, organizations face the critical challenge of harnessing its potential while mitigating associated risks. This panel session brings together experts from varying industries to explore the intricacies of developing comprehensive AI strategies and governance policies.
Our distinguished panelists will delve into:
- The current state of AI adoption across various industries and its impact on cybersecurity
- Key components of an effective AI strategy, including alignment with business objectives and ethical considerations
- Designing governance frameworks that ensure responsible AI use while fostering innovation
- Addressing AI-specific risks, including bias, privacy concerns, and potential security vulnerabilities
- Regulatory landscape and compliance requirements for AI implementation
- Best practices for data management and protection in AI-driven environments
- Ethical considerations in AI development and deployment
- Strategies for building AI literacy within organizations
- Future trends and preparing for the evolving AI landscape
Gain valuable insights into creating balanced, forward-thinking AI strategies that maximize benefits while maintaining robust security and ethical standards. The session provides practical guidance on navigating the complex intersection of AI, business objectives, and regulatory requirements.
10:15 amBouncing Back from Cyber Calamity: Crafting Watertight Business Continuity PlansRegistration Level:- Open Sessions
10:15 am - 11:00 amBusiness continuity and disaster recovery planning are crucial to help organizations prepare for and recover from cyberattacks or data breaches. This session provides an overview of key strategies and best practices for developing a robust cyber resilience plan. Topics will include conducting a business impact analysis to prioritize critical systems and data, implementing comprehensive backup solutions, formulating incident response procedures, assessing supply chain vulnerabilities, retaining talent, and testing existing plans. Whether preparing for widespread ransomware attacks or isolated system failures, organizations must architect cyber resilience to minimize disruption and bounce back better than before.11:00 amNetworking BreakRegistration Level:- Open Sessions
11:00 am - 11:10 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
11:10 amManaging the Massive Changes to Privacy Law in the U.S.Partner - Data Protection, Privacy & Security Group, K&L GatesRegistration Level:- Conference Pass
11:10 am - 11:55 amSession description coming soon.
11:10 am[Panel] Building Trusted Partnerships to Enable Secure ProductsSr. Director, BISO, SalesforceBISO & Sr. Director of Security, SalesforceBISO & Sr. Director of Security, SalesforceRegistration Level:- Conference Pass
11:10 am - 11:55 amIn today’s interconnected digital ecosystem, the security of any product is only as strong as its weakest link. This panel session explores the critical role of trusted partnerships in developing and maintaining secure products throughout their lifecycle.
Our distinguished panel delves into the challenges and opportunities of fostering collaborative relationships between vendors, suppliers, and customers to enhance product security. They examine how these partnerships can lead to more robust security measures, improved threat intelligence sharing, and faster response times to emerging vulnerabilities. Key topics include:
- Establishing trust in the supply chain
- Collaborative approaches to secure software development
- The role of transparency in building and maintaining trust
- Balancing intellectual property concerns with security needs
- Leveraging partnerships for more effective incident response
- Case studies of successful security-focused partnerships
11:10 am[Panel] Elevating Security and Incident Response Through Threat Intelligence, Cloud Resilience, and AI InnovationsSr. Security Operations Analyst, BlumiraField CTO, VaronisPresident, ISC2 Seattle ChapterRegistration Level:- Open Sessions
11:10 am - 11:55 amThe battle between cybersecurity defenders and digital villains is an ongoing saga. This forward-looking session will explore the evolution of cyber threats, forecasting the next wave of challenges that organizations and individuals may face; and how to deal with them once. We aim to unmask the upcoming generation of digital villains, examining their sophisticated tactics and exploiting vulnerabilities that may become prevalent in the future.
Our distinguished panel of cybersecurity experts will dissect the motivations driving these threats, from the ever-adapting strategies of profit-driven cybercriminals to the evolving techniques employed by state-sponsored actors wielding cyberweapons. As we peer into the future, we will also address the role of emerging technologies in reshaping the threat landscape, providing insights that empower organizations to proactively defend against tomorrow’s cyber challenges.
And SHOULD a breach or ransomware attack occur, the response to an incident is as important as trying to keep the bad actors out in the first place.
12:00 pm[Lunch Keynote] End Game First: A Leadership Strategy for Navigating a CrisisMike Lefever, Member, U.S. Global Leadership Coalition's National Security Advisory Council; EVP of National Security, Concentric Advisors; Executive Chairman, Illuminate; Former Commander and Senior Military Representative, Office of the U.S. Defense; Representative to Pakistan, U.S. Embassy, IslamabadFounder & President, AgeLight Advisory & Research GroupRegistration Level:- Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterThe summer CrowdStrike-Microsoft outage was the first time many businesses were forced to navigate a crisis of epic proportions. Whether your business faced exceptional obstacles during this time or has endured adversity before, the reality is undeniable: crisis is inevitable.
Like financial management and project planning, crisis navigation is a skill vital for survival, sustainability, and—most importantly—success. No one knows this better than Mike LeFever. He is a retired Vice Admiral with leadership experience in high-risk security environments and translates his unique experiences in military and corporate life into a framework for navigating crises and anticipating next steps before conflict becomes un-survivable.
12:00 pmAdvisory Council Roundtable Lunch (VIP / Invite only)Building Your Cybersecurity Community: Connections and Career GrowthInformation Security Officer, AstrumURegistration Level:- VIP / Exclusive
12:00 pm - 12:45 pmModerated discussion for SecureWorld Advisory Council members. By invite only.
Session description to come.
12:45 pmNetworking BreakRegistration Level:- Open Sessions
12:45 pm - 1:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pmCybersecurity Challenges for Small and Medium BusinessesDirector of Cybersecurity and Infrastructure, Mud Bay, Inc.Registration Level:- Conference Pass
1:15 pm - 2:00 pmSmall and medium businesses (SMBs) are the backbone of the U.S. economy, generating over half of the annual GDP and employing millions of Americans. But they also face unique cybersecurity challenges that can threaten their survival and growth. In this talk, learn how to assess and mitigate the cyber risks that SMBs face, and how to implement a robust cybersecurity program with limited resources and expertise.
We cover the following topics:
- The state of SMB cybersecurity in the U.S.
- The cost and impact of cyber breaches on SMBs
- The main cyber threats and vulnerabilities that SMBs face
- The best practices and frameworks for SMB cybersecurity
- The steps to build or improve your cybersecurity program
Whether you are an IT manager, a cybersecurity professional, or a business owner, this talk is informative and practical. Walk away with a better understanding of the cyber landscape and the tools and techniques to protect your SMB from cyberattacks.
1:15 pmBuilding Out Information Security Programs: You're Hired as the CISO, Now What?Registration Level:- Conference Pass
1:15 pm - 2:00 pmNew CISOs and experienced CISOs new to organizations face the challenge of building out new, or building upon existing, cybersecurity programs. This peer exchange among CISOs will dive into their approach to building foundational cybersecurity strategies.
1:15 pmHow TIAA Is Addressing the Cybersecurity Skill Shortage InternallySr. Lead Information Security Business Manager, TIAARegistration Level:- Open Sessions
1:15 pm - 2:00 pmThis presentation will cover accelerating skill development and cross-department collaboration efficiently and economically. Key takeaway: How to build a cyber guild and utilize it for expanded upskilling and role development.
1:15 pm[Panel] The Secret Potential of AI and ML: Empowering Cyber Superheroes with Artificial IntelligenceGrowth Technologies Evangelist, Check Point Software TechnologiesField CTO & Sr. Technical Evangelist, Radiant LogicSr. Sales Engineer, NetwrixBusiness Information Security Officer (BISO), T-Mobile USARegistration Level:- Open Sessions
1:15 pm - 2:00 pmArtificial intelligence (AI) and machine learning (ML) have emerged as powerful tools for cybersecurity professionals, offering the potential to revolutionize how organizations and individuals detect, analyze, and respond to cyber threats. Join us as we delve into the world of AI- and ML-powered cybersecurity, exploring the hidden potential of these technologies and their ability to transform cybersecurity superheroes into formidable defenders of the digital realm.
Our panel of experts unravel the intricate world of AI and ML in cybersecurity, shedding light on the latest advancements, emerging applications, and the challenges involved in harnessing the power of these technologies effectively. They discuss the use of AI in threat detection and analysis, ML-powered threat prediction, and the potential of AI-driven automated response capabilities.
Our panel provides a comprehensive overview of AI and ML in cybersecurity, empowering attendees to understand the hidden potential of these technologies and explore how they can be leveraged to enhance their organization’s cybersecurity posture. Learn how to identify and implement AI and ML solutions, overcome the challenges of data privacy and ethics, and embrace the future of AI-powered cybersecurity.
2:00 pmNetworking BreakRegistration Level:- Open Sessions
2:00 pm - 2:10 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:10 pm[Panel] Cybersecurity Careers Secured: Women Excelling in the FieldCISO, ValonSVP, Global Risk Advisor & Insurance, MarshAssociate Attorney - Data Protection, Privacy & Security Group, K&L Gates LLPCybersecurity Operations, Puget Sound EnergyDirector, Advisory, KPMG; BISO, WiCySRegistration Level:- Conference Pass
2:10 pm - 2:55 pmJoin us for an insightful panel discussion that delves into the diverse career positions within the cybersecurity industry, ranging from CISO to cyber law. This session features engaging stories from women who have excelled in their cybersecurity journey, sharing their unique experiences, insights, and career recommendations. Whether you are a seasoned professional or early career, this panel offers thought-provoking perspectives for everyone.
2:10 pmNavigating the Future: Cognitive Computing in the New Age of AIChief Technology Officer, Alma Mater Society of UBC, VancouverRegistration Level:- Conference Pass
2:10 pm - 2:55 pmCognitive computing represents a revolutionary shift in artificial intelligence, aiming to create a universal algorithm that mirrors the human brain’s capabilities. This advancement enhances our ability to solve diverse problems and paves the way for unprecedented innovations. Imagine a future where humans and machines work in perfect harmony, combining their strengths to achieve remarkable feats. With cognitive computing, this future is not just a possibility; it’s an inevitability, ushering in a new era of intelligence and collaboration.
2:10 pmA Journey Toward Zero TrustSolutions Architect, Washington Technology Solutions (WaTech)Registration Level:- Conference Pass
2:10 pm - 2:55 pmThe State of Washington has developed and is implementing a roadmap that incorporates a Secure Access Service Edge framework, Secure Service Edge (SSE) capabilities, and zero trust practices to solve a multifaceted problem set driving the need to evolve towards zero-trust. This session will provide a comprehensive overview of how Washington State is converging network and security capabilities using SD-WAN, NGFWs, and SSE to secure its hybrid, multi-cloud, digital ecosystem. Come meet the technologists that have coined the term Cloud Government Network, referring to how the state intends to secure its virtual data centers across the three major Cloud Service Providers.
2:10 pmPartnering with Industry to Protect Our Way of LifeDirector, Region 10, DHS CISARegistration Level:- Open Sessions
2:10 pm - 2:55 pmThe cyber threats facing the United States are growing increasingly sophisticated. To combat these threats, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is partnering with industry on a range of priorities and products to bolster our cyber defenses. By working together, we can defend U.S. cyberspace and protect our way of life.
3:00 pmNetworking Break and Dash for PrizesRegistration Level:- Open Sessions
3:00 pm - 3:30 pmLocation / Room: Exhibitor HallVisit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.
Participating sponsors will announce their Dash for Prizes winners. Must be present to win.
3:45 pm[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 4vCISO, Cyber Risk Opportunities LLCRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmHave you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
3:45 pm[PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 4Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmToday’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.
This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:
- How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
- How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
- How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
- How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
- How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.
The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.
- Akamai TechnologiesBooth: 200
Akamai powers and protects life online. Leading companies choose Akamai to build, deliver, and secure digital experiences. With the most distributed compute platform—cloud to edge—customers can build modern apps while keeping experiences closer to users and threats farther away. Learn about Akamai’s security, compute, and delivery solutions at akamai.com.
- AxoniusBooth: 310
Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy with solutions for both cyber asset attack surface management (CAASM) and SaaS management.
- BlumiraBooth: 440
Blumira’s cloud SIEM platform offers both automated threat detection and response, enabling organizations of any size to more efficiently defend against cybersecurity threats in near real-time. It eases the burden of alert fatigue, complexity of log management and lack of IT visibility.
Blumira’s cloud SIEM can be deployed in hours with broad integration coverage across cloud, endpoint protection, firewall and identity providers including Azure, Office 365, G Suite, Crowdstrike, Okta, Palo Alto, Cisco FTD and many others.
- Cato NetworksBooth: 450
Cato Networks pioneered the convergence of networking and security into the cloud. Aligned with Gartner’s Secure Access Service Edge (SASE) and Security Service Edge (SSE) frameworks, Cato’s vision is to deliver a next generation secure network architecture that eliminates the complexity, costs, and risks associated with legacy IT approaches based on disjointed point solutions. With Cato, organizations securely and optimally connect any user to any application anywhere on the globe. Our cloud-native architecture enables Cato to rapidly deploy new capabilities and maintain optimum security posture, without any effort from the IT teams. With Cato, your IT organization and your business are ready for whatever comes next. For more information, visit https://www.catonetworks.com.
- ChainguardBooth: 140
Chainguard Images provide the building blocks for a secure software supply chain. Leverage container images that have cryptographic signatures, SBOMs, SLSA provenance, and more to help meet compliance and prevent supply chain attacks.
- Check Point Software TechnologiesBooth: 230
Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.
- Comcast BusinessBooth: 470
Comcast Business offers a broad suite of technology solutions to keep businesses of all sizes ready for what’s next. With a range of offerings including connectivity, secure networking, advanced cybersecurity, and unified communications solutions, Comcast Business is partnering with business and technology leaders across industries and integrating Masergy, a leader in software defined networking, to help drive businesses forward. We also welcome our new followers from Masergy, who as of 6/30, are now part of the extended Comcast Business community.
- Concentric AIBooth: 240
Concentric AI delivers data risk assessment, monitoring, and protection for corporate data.
- CriblBooth: 200
Cribl makes open observability a reality for today’s tech professionals. The Cribl product suite defies data gravity with radical levels of choice and control. Wherever the data comes from, wherever it needs to go, Cribl delivers the freedom and flexibility to make choices, not compromises. It’s enterprise software that doesn’t suck, enables techprofessionals to do what they need to do, and gives them the ability to say “Yes.” With Cribl, companies have the power to control their data, get more out of existing investments, and shape the observability future.
Founded in 2018, Cribl is a remote-first company with an office in San Francisco, CA. For more information, visit www.cribl.io or our LinkedIn, Twitter, or Slack community.
- CyberArk SoftwareBooth: 350
CyberArk (NASDAQ: CYBR) is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including 50 percent of the Fortune 500, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.
- CybereasonBooth: 380
Cybereason was founded in 2012 by a team of ex-military cybersecurity experts with the mission of detecting and responding to complex cyber-attacks in real time. Cybereason is the only Endpoint Detection and Response platform deployed in user space that detects both known and unknown attacks and connects isolated indicators of compromise to form a complete, contextual attack story. Cybereason’s behavioral analytics engine continuously hunts for adversaries and reveals the timeline, root cause, adversarial activity, related communication and affected endpoints and users of every attack. Cybereason provides security teams with actionable data, enabling fast decision making and proper response.
- CyeraBooth: 195
Cyera is the data security company that gives businesses context and control over their most valuable asset: data. As a pioneer in Data Security Posture Management, Cyera instantly provides companies visibility over their sensitive data, context over the risk it represents and their security exposure, and automated remediation to reduce the attack surface and ensure operational resilience. We are redefining the way companies secure their data. Learn more at cyera.io.
- DHS Cybersecurity and Infrastructure Security Agency (CISA), Region 10Booth: TBD
Through CISA’s efforts to understand and advise on cyber and physical risks to the Nation’s critical infrastructure, we help partners strengthen their own capabilities. We connect our stakeholders in industry and government to each other and to resources, analyses, and tools to help them build their own cyber, physical and communications security, and, in turn, strengthen national resilience.
Led by Regional Director Patrick J. Massey, based in Seattle, Washington, CISA’s Region 10 staff provides cybersecurity, physical infrastructure security, chemical security, and sector outreach services to 271 Tribal Nations and the following states: Alaska, Idaho, Oregon, and Washington.
Region 10 personnel carry out CISA’s five priorities:
- Improve supply chain security against cyber threats from malicious actors and the rollout of 5G technologies;
- Harden federal networks (the civilian .gov domain);
- Reduce risk at soft targets;
- Enhance election security; and
- Protect critical infrastructure that includes industrial control systems and the processes that provide vital services in critical infrastructure.
- DynatraceBooth: 445
Dynatrace (NYSE: DT) exists to make the world’s software work perfectly. Our unified software intelligence platform combines broad and deep observability and continuous runtime application security with the most advanced AIOps to provide answers and intelligent automation from data at enormous scale. This enables innovators to modernize and automate cloud operations, deliver software faster and more securely, and ensure flawless digital experiences. That is why the world’s largest organizations trust the Dynatrace® platform to accelerate digital transformation.
- EchoMarkBooth: 170
Enterprise Software as a Service (SaaS) startup providing innovative information security and privacy products to enable the seamless flow of private information.
- EndaceBooth: 275
Customers choose Endace products for one primary reason: they deliver, where competitor products fail. Whether it is capture accuracy, fidelity of time stamps, write-to-disk performance or speed of traffic retrieval, Endace is famous for delivering the very best performing products. Telcos, broadcasters, governments, defence departments, investment banks and many other large enterprises trust our products to help them manage their critical data networks.
- EntrustBooth: 360
Entrust keeps the world moving safely by enabling trusted identities, payments and data protection around the globe. Today more than ever, people demand seamless, secure experiences, whether they’re crossing borders, making a purchase, or accessing corporate networks. With our unmatched breadth of digital security and credential issuance solutions, it’s no wonder the world’s most entrusted organizations trust us.
- F5Booth: 200
F5 provides solutions for an application world. F5 helps organizations seamlessly scale cloud, data center, telecommunications, and software defined networking (SDN) deployments to successfully deliver applications and services to anyone, anywhere, at any time. F5 solutions broaden the reach of IT through an open, extensible framework and a rich partner ecosystem of leading technology and orchestration vendors. This approach lets customers pursue the infrastructure model that best fits their needs over time. The world’s largest businesses, service providers, government entities, and consumer brands rely on F5 to stay ahead of cloud, security, and mobility trends
- FastlyBooth: 200
Expectations for websites and apps are at an all-time high. If they aren’t fast, secure, and highly personalized, users take their business elsewhere. But today’s most innovative companies are thriving by meeting this challenge head on: they’re choosing Fastly and an investment in their developers.
With Fastly’s powerful edge cloud platform, developers get the tools they need to build the most groundbreaking apps — all optimized for speed, security, and scale — so businesses can effectively transform to compete in today’s markets. Together, we’re building the future of the web.
- ForeScout Technologies, Inc.Booth: 200
ForeScout Technologies, Inc. has pioneered an agentless approach to network security to address the explosive growth of the Internet of Things (IoT), cloud computing and operational technologies (OT). We offer a highly scalable, heterogeneous platform that provides Global 2000 enterprises and government agencies with agentless visibility and control of today’s vast array of physical and virtual devices the instant they connect to the network. Our technology continuously assesses, remediates and monitors devices and works with disparate security tools to help accelerate incident response, break down silos, automate workflows and optimize existing investments. As of June 30, 2018, more than 2,900 customers in over 80 countries improve their network security and compliance posture with ForeScout solutions.
- FortinetBooth: 420
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.
- Google CloudBooth: 130
Google Cloud Security provides organizations with leading infrastructure, platform capabilities and industry solutions to help them solve their most critical business problems. Google Cloud Security helps customers protect their global operations with solutions such as zero trust security, application and data protection, fraud prevention, and threat detection and response.
- IllumioBooth: 160
We built the Illumio Adaptive Security Platform (ASP)™ to provide unprecedented visualization and control of enterprise applications. Our system constantly inspects and adapts to the computing environment it is protecting, without pause.
Moreover, since 75 percent of computing interactions never leave the data center, our customers can now have complete visibility behind the firewall, whether it is running in their data center or the vibrant public cloud services of Amazon Web Services, Microsoft Azure, Google Compute Engine, Rackspace, and many others. - Immersive LabsBooth: 120
The leader in people-centric cyber resilience.
- Washington State InfraGardBooth: TBD
InfraGard is a partnership of individuals representing businesses, academic institutions, state and local law enforcement agencies, and communities who are dedicated to collaborating and sharing information to prevent hostile acts against the United States.
The Evergreen InfraGard Members Alliance area of operation is Washington State and over 600 members. As part of the Western Region, we work closely with the IMAs in Los Angeles, San Diego, Oregon, and Idaho. Our chapter’s mission is, “To protect Washington State’s Infrastructure and critical services by providing a secure platform and trusted community to share experiences and information.”
- ISC2 Seattle ChapterBooth: TBD
Bringing like-minded professionals together in the Greater Puget Sound region to discuss current tactics, techniques, and procedures within cybersecurity.
- ISSA Puget Sound ChapterBooth: TBD
ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.
The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. Join today.
- KeysightBooth: 225
Keysight’s portfolio of network security solutions simulate threats, eliminate blind spots, taking control of a rapidly-changing attack surface. Be a hero, not a headline, by proving your network is secure simulating attacks, exposing gaps early, and course correct with step-by-step fixes; protecting users and applications with increased the efficiency, performance, and reliability of your security systems; patrolling every packet eliminating vulnerable blind spots and decrypt threats hiding in SSL traffic; and practice your cyber skills enhancing your security and attack response skills against real-world threats.
- Menlo SecurityBooth: 280
The Menlo Security approach delivers 100% safety via isolation — stopping the never-ending search for risky content, while delivering a seamless end-user experience. Deployed in a public or private cloud, the Menlo Security Isolation Platform reduces security complexity and increases scale by eliminating end-point software and out-dated appliances.
- National Cybersecurity AllianceBooth: TBD
Our alliance stands for the safe and secure use of all technology. We encourage everyone to do their part to prevent digital wrongdoing of any kind. We build strong partnerships, educate and inspire all to take action to protect ourselves, our families, organizations and nations. Only together can we realize a more secure, interconnected world.
- NetwrixBooth: 100
Netwrix makes data security easy. Since 2006, Netwrix solutions have been simplifying the lives of security professionals by enabling them to identify and protect sensitive data to reduce the risk of a breach, and to detect, respond to and recover from attacks, limiting their impact.
More than 13,000 organizations worldwide rely on Netwrix solutions to strengthen their security and compliance posture across all three primary attack vectors: data, identity and infrastructure. - OptivBooth: 200
Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.
- MySQLBooth: 235
MySQL Enterprise Edition includes the most comprehensive set of advanced features, management tools and technical support to achieve the highest levels of MySQL scalability, security, reliability, and uptime. It reduces the risk, cost, and complexity in developing, deploying, and managing business-critical MySQL applications.
- Observo.aiBooth: 460
Stop overspending on observability. Observo.ai is an AI-based Observability pipeline that helps you save more than 50% on log management costs and reduce issue resolution time by over 40% without any rip and replace.
- OrdrBooth: 330
In the hyper-connected enterprise, in which everything from simple IoT devices to complex multi-million-dollar systems are connected, traditional agent-based and human-generated security models simply cannot scale. Ordr solves this problem, providing enterprises with complete visibility and exhaustive control over every class of network-connected device and system. The Ordr Systems Control Engine is the only purpose-built solution to fully map the device flow genome at massive scale, using machine learning to completely and continuously inspect, classify and baseline the behavior of every device. Ordr’s software architecture is unique in its ability to process enormous quantities of data in real-time, using sophisticated AI to deliver closed loop security, automatically generating policies for each class of device and implementing those policies directly through the organization’s existing multi-vendor network and security infrastructure.
- Radiant Logic, IncBooth: 315
Radiant Logic is the only solution delivering enterprise-wide identity hygiene at scale, reducing risk and accelerating time to value.
Our central intelligence hub unifies 100% of an organization’s identity data, delivers 360º observability into your fully harmonized data, and leverages AI powered by deep learning and real-time processing, turning analytics into actionable business intelligence with unmatched precision.
We make identity work so your business doesn’t just keep up—it outperforms in every way.
- Robert HalfBooth: 270
Robert Half, the world’s first and largest specialized talent solutions firm, connects opportunities at great companies with highly skilled job seekers. We offer contract, temporary and permanent placement solutions for roles in finance and accounting, technology, marketing and creative, legal, and administrative and customer support. Named to Fortune’s World’s Most Admired Companies and 100 Best Companies to Work For® lists and a Forbes Best Employer for Diversity, Robert Half is the parent company of Protiviti®. Robert Half is traded on the New York Stock Exchange (symbol: RHI) and is a member of the S&P 500 index.
- RubrikBooth: 370
Rubrik, the Zero Trust Data Security Company, delivers data security and operational resilience for enterprises. Rubrik’s big idea is to provide data security and data protection on a single platform, including Zero Trust Data Protection, ransomware investigation, incident containment, sensitive data discovery and orchestrated application recovery. This means data is ready at all times so you can recover the data you need and avoid paying a ransom. Because when you secure your data, you secure your applications, and you secure your business.
- SailPointBooth: 375
SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.
- SilverfortBooth: 410
Silverfort protects enterprises from data breaches, cyber attacks and insider threats, by preventing credential compromise and misuse across the entire corporate network and cloud infrastructure. Silverfort leverages patent-pending technology to seamlessly harden the basic authentication and access mechanisms used by all client devices and services, instantly equipping them with the latest authentication and access protection technology without any change or integration.
- SnykBooth: 210
Snyk is a developer-first security company that helps organizations use open source and stay secure. Snyk is the only solution that seamlessly and proactively finds and fixes vulnerabilities and license violations in open source dependencies and container images. Founded in 2015, Snyk is based in London, England.
- SophosBooth: 335
Sophos delivers superior cybersecurity outcomes by providing cybersecurity as a service to protect companies of all sizes from the most advanced cyberthreats. Our cybersecurity products and services include managed detection and response (MDR), firewall, email, endpoint (XDR), and cloud native security protection. Sophos products and services defend against ransomware, phishing, malware, and more. They connect through the cloud-based Sophos Central management console and are powered by Sophos X-Ops, our cross-domain threat intelligence unit. We provide fully managed security solutions so you can manage your cybersecurity directly with our security operations platform. Or, you can supplement your in-house team with Sophos’ products and services.
- SplunkBooth: 220
Splunk helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application incidents from becoming major issues, absorb shocks from digital disruptions and accelerate digital transformation.
- Strike GraphBooth: 245
We provide businesses with a compliance operation and certification platform that empowers them to build trust and unlock revenue at a fraction of the cost and time of traditional solutions.
- SynopsysBooth: 325
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
- TenableBooth: 200
Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.
- TevoraBooth: 320
Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats. For more information visit https://www.tevora.com.com/.
- TufinBooth: 260
As the market leader of award-winning Security Policy Orchestration solutions, Tufin provides enterprises with the ability to streamline the management of security policies across complex, heterogeneous environments. With more than 2,000 customers, Tufin automatically designs, provisions, analyzes and audits network security configuration changes – from the application layer down to the network layer – accurately and securely. It assures business continuity with a tight security posture, rapid service delivery and regulatory compliance across physical, private, public and hybrid cloud environments.
- VaronisBooth: 180
Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.
- Veeam SoftwareBooth: 365
Veeam provides a single platform for modernizing backup, accelerating hybrid cloud and securing data. Veeam has 400,000+ customers worldwide, including 82% of the Fortune 500 and 69% of the Global 2,000. Veeam’s 100% channel ecosystem includes global partners, as well as HPE, NetApp, Cisco and Lenovo as exclusive resellers, and boasts more than 35K transacting partners worldwide.
With offices in more than 30 countries and over 200 industry awards, Veeam is unquestionably the leader in data protection across all environments. In fact, Veeam has been positioned by Gartner, Inc. in the Leaders quadrant of the 2022 Magic Quadrant for Enterprise Backup and Recovery Solutions. Not only does this mark the sixth consecutive time Gartner has recognized Veeam as a Magic Quadrant Leader, but it is the third consecutive year Veeam is positioned highest overall in ability to execute.
- WizBooth: 430
We’re on a mission to help organizations effectively reduce risks in their Cloud environments. Purpose-built for the unique complexities of multi-environment, multi-workload, and multi-project cloud estates, Wiz automatically correlates the critical risk factors to deliver actionable insights that don’t waste time.
Wiz connects in minutes using a 100% API-based approach that scans both platform configurations and inside every workload. Our full security stack context surfaces the toxic combinations that show the attackers’ view to a breach. Security and DevOps teams use Wiz workflows to proactively remove risks and prevent them from becoming breaches. For more information, visit www.wiz.io.
- WiCyS Western Washington AffiliateBooth: TBD
- ZeroFoxBooth: 190
Using diverse data sources and artificial intelligence-based analysis, the ZeroFox Platform identifies and remediates targeted phishing attacks, credential compromise, data exfiltration, brand hijacking, executive and location threats and more. The patented ZeroFox SaaS technology processes and protects millions of posts, messages and accounts daily across the social and digital landscape, spanning LinkedIn, Facebook, Slack, Twitter, Instagram, Pastebin, YouTube, mobile app stores, the deep & dark web, domains, email and more.
Led by a team of information security and high-growth company veterans, ZeroFox has raised funding from NEA, Highland Capital, Intel Capital, Hercules Capital and others, and has collected top industry awards such as Red Herring Top 100 North America, the SINET16 Champion, Dark Reading’s Top Security Startups to Watch, Tech Council of Maryland’s Technology Company of the Year and the Security Tech Trailblazer of the Year.
- Zero NetworksBooth: 150
Zero Networks fixes the root cause of most successful cyberattacks—overly open networks and excessive logon permissions—with a simple, fully automated platform for zero trust segmentation and remote access. Zero Networks learns and automatically restricts network and user access to what’s strictly essential, leveraging multi-factor authentication to stop attacks from spreading.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- William Lidster, ModeratorCISO, AAA Washington
William serves as the leader of AAA Washington’s information security and compliance efforts. He is responsible to establish a responsive, dynamic, and flexible cybersecurity program to meet continually changing information security, regulatory, and compliance needs in the organization. William has been with AAA Washington since August of 2017. Other roles that William serves in the company include coordinating business continuity program activities and leading the company through emerging privacy legislation management.
In the evenings, William instructs graduate and undergraduate cybersecurity courses at the University of Washington and The Penn State University. William completed his Bachelor of Science in Computer Science from the U.S. Military Academy at West Point. He subsequently earned a Masters in Management Information Systems and an MBA from the University of Maryland. In December of 2018, he completed his Doctorate of Philosophy in Cybersecurity and Information Assurance from Capella University.
Prior to William starting at AAA Washington, he served five years as the Manager of IT Security Engineering at Puget Sound Energy. Prior to that, he also served as the regional CISO for Providence Health and Services. He has also served in similar positions with Alaska USA Federal Credit Union, Chugach Electric Association, and the State of Alaska, Department of Public Safety.
William served in the U.S. Army from 1990 to 1996 as an officer in the Infantry and is a combat veteran for Operation Desert Storm.
- John BrennanManaging Partner, Holly Ventures
John Brennan is the Managing Partner of Holly Ventures, a seed stage venture capital fund that exclusively invests in and supports cybersecurity entrepreneurs at their earliest stages. John has invested in over twenty security startups, with a focus on supporting founders from day one. Having previously served as a Senior Partner at YL Ventures, John's past portfolio work includes Axonius, Orca Security, Medigate, Hunters, Cycode, Vulcan Cyber, Spera, and many others. John holds an MBA from the University of Chicago and a Bachelor of Science from Trinity College in Connecticut.
- Zabrina McIntyre, HostWiCyS BISO Affiliate
Zabrina McIntyre is a Director with KPMG focusing on large scale cybersecurity transformations for clients with a focus on compliance. She holds the CISSP and PMP certifications and is working on her PCI QSA. She is a dedicated supporter of Women in Cybersecurity (WiCyS) and is currently on the leadership board for the Business Information Security Officer (BISO) Affiliate.
- Mike HughesCISO, REI
As the Chief Information Security Officer at REI, I lead a team of cybersecurity professionals who are passionate about protecting the company's data, systems, and customers. I have over 10 years of experience in cybersecurity, spanning various domains such as incident response, forensics, malware analysis, network security, and data protection.
My mission is to bring honesty, transparency, and integrity to the cybersecurity function, and to partner with other technology and business teams to ensure a balanced and pragmatic approach to our common goals. I leverage my expertise in cybersecurity strategy, policy, governance, and risk management to enable REI's growth and innovation. I also foster a culture of security awareness, education, and empowerment across the organization.
- Ambrish SrivastavaGlobal Head of Cybersecurity, Expedia Group
Highly experienced & technically proficient leader with extensive experience in security engineering, product development, operations and compliance. Laser focused on Security architecture, design & implementation, risk reduction, compliance & business orientation. Strong cross-functional skills due to extensive experience in Information Security, Production Support, Software Security and Compliance, Infrastructure and Project Management. Experienced in Cloud Security, System Administration, Networking, Project Management, Process Re- engineering. Result oriented, with a demonstrated ability to effectively respond to changing demands
- Adam ZollerSVP & Global CISO, Providence
Adam Zoller is the Chief Information Security Officer for Providence, a system of passionate providers focused on partnering with people to simplify health care. With 50+ hospitals, 1000+ clinics, and hundreds of locally driven programs administered by over 120,000+ caregivers, Providence is improving the health of communities, especially the poor and vulnerable. In this role, Adam is responsible for driving information security strategy and execution across the organization's information ecosystem
- Lisa Plaggemier, ModeratorExecutive Director, National Cybersecurity Alliance
Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.
- Matt HoffmannCIO, KORE Software
Matt Hoffmann is a technology executive with 20+ years in the industry working across development, privacy. security, IT, infrastructure and devops. Throughout his career he has primarily worked with private-equity backed SaaS companies and has been the point person on multiple mergers and acquisitions on both the buy and sell side. In his current role as CIO of KORE Software, he manages engineering, devops, IT and security for a market leading product suite that serves professional sports and entertainment organizations. Working with some of the largest sports and entertainment teams and venues in the world has given him the opportunity to be hands-on with real-world data privacy challenges, large scale infrastructure projects and high-consequence security deployments.
- Jake Bernstein, Esq.Partner - Data Protection, Privacy & Security Group, K&L Gates
Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.
- Vanessa PeguerosBoard Member, Cybersecurity Leader, Angel Investor
Vanessa is an accomplished technology executive with over 30 years of experience. Currently she serves as a Corporate Board Director of the public company Liveperson (NASDAQ: LPSN), Boeing Employee Credit Union, and Prisidio. Formerly she was on the board of Carbon Black (NASDAQ: CBLK) and was part of the transaction to sell Carbon Black to VMware. Vanessa is also very active in angel investing and is a venture partner for Flying Fish Partners.
Vanessa has held senior leadership positions at organizations such as DocuSign, Expedia, U.S. Bank, and AT&T Wireless. Her expertise spans various domains, including technology architecture and engineering, risk management, cybersecurity, and compliance. Vanessa has a proven track record of successfully building and leading high-performance cybersecurity teams, implementing robust security frameworks and controls, and driving cultural change to foster a strong security mindset within organizations.
Vanessa's educational background includes a MBA from Stanford University, MS in Telecommunication from the University of Colorado, Boulder and a BS in Engineering from UC Berkeley. She also holds various cybersecurity certifications including CISSP, CRISC, CISM, and GSEC. Relative to her board work, she holds the National Association of Corporate Directors (NACD) Director Professionalism certification.
- Erika VossCISO, DAT Freight & Analytics
Erika Voss offers two decades of extraordinary success in a series of high level roles at top tier companies that include Capital One,
Salesforce, Oracle Public Cloud, Microsoft Corporation and Amazon Web Services.Erika’s invaluable expertise and broad business range have powered a history of developing successful process improvements that
drive productivity, reliability, and client satisfaction. Such traits have consistently enabled Erika to achieve an impressive command
of the skills needed to manage ongoing business planning processes while developing strategies to meet future challenges.Upon being named as Vice President of Information Security for DAT Freight & Analytics, Erika will lead vision, strategy, and
execution for all facets of security for this Fortune 500 Supply Chain Logistics corporation, while defining and revising policies,
procedures, and best practices for security, including application security, access control, authentication, third party risk management,
and intrusion detection. Dr.. Voss has dedicated herself and her vision as a leader who engages in projects with an “All-In” attitude.With a forte for successfully building strong teams and holding a key role leading all facets of finance and strategy, Dr. Voss has
successfully positioned companies, as a leading expert in its field with respect foundational security basics, fraud, identity, and cloud
security practices contributing to the following successes:● Effectively manages a team of product and application security engineers, architects, and DevSecOps personnel, continually
identifying opportunities to reinforce the company’s security posture.
● Engages directly with customers, providing information and guidance on the company’s security posture.
● Served as the CISO of the company’s cybersecurity program in line with all industry standards and regulatory requirements,
including SOC2, PCI, SOX, and other industry regulations.Combining her proven business instinct with an unprecedented disciplinary work ethic, Erika has continuously exceeded expectations
in high stake environments throughout her career positioning herself as a key member of each company and a driving force for growth.
Erika holds a Ph.D. in Cybersecurity from Northcentral University, as well as a Master of Science Degree in Security Administration
and a Bachelor of Science Degree in Computer Operations Technology from Southwestern College. - Jake Rasko, ModeratorHead of Security Engineering & Architecture, DAT Freight & Analytics
Jake Rasko is a passionate technology leader with an unwavering belief in the transformative power of technology to change the world. With a diverse career spanning both IT and Security, he has honed his expertise in building, running, and maintaining critical infrastructure securely at a global scale.
Over the course of Jake’s professional journey, he has been a part of notable organizations such as Cruise, Salesforce, and most recently, HashiCorp. Now, as the Head of Security Engineering and Architecture at DAT Freight & Analytics, he is dedicated to building a more secure future for the nation’s supply chain.
With a career that began at the help desk and has since soared to leadership positions in global technology companies, Jake exemplifies the power of continuous growth and learning in the technology industry. His journey is a testament to his adaptability, vision, and unwavering commitment to leveraging technology for positive change.
- Elizabeth SchaedlerSecurity Advisor, Splunk
Elizabeth Schaedler is a Splunk Security Advisor and works with customers to develop strategies aligning security and business risks, and how to use risk-based-alerting to address fraud. Elizabeth has an expansive 20-year data center and security background and has spent time in the HPC world in senior positions at Cray Research, HP, RSA, Sun Microsystems, and IBM. She lives in Portland, Oregon, and she and her husband are currently spending their free time clearing out Legos and Barbies left behind by two adult children.
- Nicholas DiColaVP, Customers, Zero Networks
Nicholas DiCola is a Security Jedi and the VP of Customers where he leads a global team. Before joining Zero Networks, Nicholas led the Cloud Security Customer Experience Engineering team helping customers unblock deployments and improving products. He also spent 22 years with the United States Marine Corps and retired as a Defensive Cyberspace Weapons Officer after 22 years of total service. He received a Bachelor of Science in Computer Networking and Master of Business Administration from Strayer University. He is a co-author of several books and holds many certifications such as CISSP and CEH. You can follow him on Twitter @MasterSecJedi, GitHub (https://github.com/dicolanl), and LinkedIn (https://www.linkedin.com/in/ndicola/).
- Brian SheaBISO & Sr. Director of Security, Salesforce
Brian is an IT Executive with 29 years of experience from Security Operations and Support, Compliance, Risk Management, Technology Innovation, IT Operations and Supportand. Currently, Brian is a Business Information Security Officer (BISO) supporting multiple business units at Salesforce, delivering security and compliance across our people, process, technology, and data. In addition to this, he has worked in Security and GRC at Starbucks, Microsoft, and Bank of America as well as served as a Cybersecurity Advisor for CREATE.ORG, sat on the Board of Technical Advisors for NODUS technologies, served as an alternate to the PCI-DSS Customer Advisory Council, held CISSP and CISM certifications, and has published 2 books and 3 industry papers on security.
- Adedolapo (Ade) GonzalezSr. Director, Security GRC & Data Security, Docusign
Ade Gonzalez is a Senior Director of Security GRC and Data Security in Docusign. With over 15 years of experience, her expertise spans across building/managing high-performing teams and delivering board-critical programs around Security Governance, Strategy, Risk, Compliance, Data Protection and Cloud Security across various industries (financial services, technology, insurance and so on).
She also has experience working in different regions across the globe with established presence in South Africa, Ireland, UK and US. She holds a Masters (Cum Laude) in Computer Engineering, majoring in Artificial Intelligence. During her spare time, she enjoys travelling, food, exercising/fitness-related activities and spending quality time with her family, especially with her 3-year-old daughter and miniature-schnauzer.
- Michelle Linders WagnerVP, Head of Internal Audit, Docusign
Michelle Linders Wagner, a seasoned risk management executive, brings 25+ years of experience in enhancing compliance and risk posture for Fortune 500 firms. With cyber, compliance, and audit expertise, she builds high performing teams, swiftly identifying fit for purpose solutions that align with business strategy. While she is currently loving her job as the Head of Internal Audit at Docusign, Michelle has loved her prior positions, as well. At Deloitte, she transformed the global risk function; as an executive at Costco, she ran the second line of defense where she matured the global governance, risk, and compliance function; and at SAP, she drove high-priority risk and governance initiatives. Committed to excellence, Michelle excels in leading teams to solve intricate risk challenges.
- Tony SteffePrinciple Sales Engineer, CISSP, Illumio
Tony is a knowledgeable technical professional with 25+ years of experience developing, integrating, and leading technology projects for enterprise customers. He is effective in sales engineering, Internet security, project management, and computer networking. A skilled life-long student of managing the personal and technical challenges that arise from building something new.
- Tim GalloHead of Global Solutions Architects, Google Threat Intelligence
Tim Gallo is the Head of Global Solutions Architects at Google, he specializes in Cyber Threat Intelligence and Risk everything from Intelligence Operations and Cyber Threat Profile development to risk based analytic approaches to Security Operations. He Joined Google Cloud through the acquisition of Mandiant by Google in 2022, he had spent 5 years at Mandiant prior to the acquisition in a variety of field facing roles covering the aforementioned topics. Before joining Mandiant, Tim leveraged his over 20 years’ experience in information security and intelligence operations to aid in the development and deployment of a number of solutions. Including building client and organizational expertise in Intelligence Led Security and Business Operations. This included the development and product management of some of the first cyber intelligence solutions ever brought to market. These solutions have included threat and vulnerability management tools, IOC prediction algorithms, intelligence services, and strategic intelligence consulting. Today he spends his days helping clients understand the importance of Intelligence as a guiding principle for building out effective security processes and operations and helping clients and vendors find ways to leverage technologies responsibly to build their cyber defense centers and security operations practices. Every once in a while he can be found out in the desert, sometimes on his Harley with a flamethrower, sometimes with just a flamethrower
- Dennis MastinSolutions Architect, CyberArk
Dennis Mastin, CISSP, is a security professional focused on securing the identities of humans and automated workloads. He has been in industry for over 30 years as a software engineer, field sales specialist, and consultant. The past two decades, Dennis focused on Identity and Access Management while at Netscape, Sun Microsystems, and Oracle. Currently, Dennis helps CyberArk customers realize the benefits of securing identities across a wide range of industries.
- Dan MiglioreSolutions Manager, West Region, Fortinet
Dan Migliore brings over 25 years of experience in the cybersecurity space, with an extensive security related background contributing to industry leaders such as VeriSign, Varonis, Accellion, and Verint. Currently, he serves as a Regional Manager at Fortinet, where he has dedicated the last six years to advancing enhanced security technologies.
Founded over 20 years ago in Sunnyvale, California, Fortinet is a leader in the evolution of cybersecurity and the convergence of networking and security. With a mission to secure people, devices, and data everywhere, Fortinet boasts the largest integrated portfolio of over 50 enterprise-grade products. Trusted by more than 755,000 customers, Fortinet’s solutions are among the most deployed, patented, and validated in the industry, reflecting Dan’s commitment to delivering proven cybersecurity everywhere it’s needed.
- Paul UnderwoodCOO, Emagined Security
Paul Underwood is currently the Chief Operating officer at Emagined Security. Paul has over 30 years of experience working in the Information Security space including 8 years with the US Air Force. Paul was a principal at Digital Signature Trust back in the 90’s working on Public Key Cryptography utilizing Hardware Security Modules to create Root certificates for the Browsers for trusted Root Certificates including the first Entrust Root Certificate to be published in a browser. His experiences have led him to be a knowledgeable and experienced Trusted Security advisor for many fortune 500 customers over the years.
- Krista ArndtAssociate CISO, St. Luke's University Health Network
Krista Arndt is the Associate CISO at SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day to day operational effectiveness. Krista has been working in information security in various capacities for more than 15 years. In her previous roles, Krista assisted with developing and leading security programs in national healthcare, crypto, finance, and the Department of Defense. She currently holds her CISM and CRISC certifications and NHRA competition driver's license.
Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council, and is Marketing Committee Chair for Women in CyberSecurity (WiCyS) Delaware Valley Affiliate. Through this service, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.
When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.
- Chris Niggel, ModeratorRegional CISO, Okta
Chris is the Regional CISO, Americas at Okta, where he is responsible for corporate security compliance, third-party risk, and responding to customer security inquiries. Prior to Okta, Chris spent 6 years leading the adoption of Cloud Technologies at LinkedIn, helping them grow from 350 to over 6,800 employees. He started his career designing, developing, and delivering content management, system administration, and messaging solutions for customers such as Nestle, Cisco, AMD, Telus, and the US Department of Defense. During the winters, Chris has almost 15 years experience as a Ski Patroller, search & rescue, and teaching ski mountaineering & outdoor survival.
- John GardinerCOO & CFO
Winning in the software industry doesn’t come from faking it or even making it. Instead, it takes being great at it, because being exceptional results in a sustainable competitive advantage. Having been a part of great companies that have been honored with awards from Inc. 5000 Fastest Growing Companies, Deloitte Fast 500, Top 50 Best Places to Work in America, and Inc. Best Workplaces, as well as being named the #7 on Glassdoor’s Best Places to Work in America, John Gardiner knows what it takes to be great. His strategic leadership includes serving in numerous high growth software companies as the President, Chief Operating Officer, Chief Strategy Officer, and CFO, including the most successful investment in TA Associates’ 56-year history, earning a stunning 6013% ROI. A strong proponent of the Trust Product Practice, he knows the value it brings to an organizations’ business practices, culture, competitive differentiation, brand, and growth.
- Sabino MarquezCISO & Chief Trust Officer
Sabino Marquez' approach to leading cybersecurity as a ‘Trust Product Practice’ has led to substantial returns on security investments, higher value-generation velocity, and enhanced equity valuations. Sabino leads the Trust Product organization as a go-to-market leader, working alongside the productive business to enable and defend value, and transforming stakeholder Trust into a powerful tool for competitive differentiation. Within his key areas of focus, Sabino ensures robust protection mechanisms are in place for stakeholder interests while also leveraging organizational Trust as a distinct advantage in a competitive market landscape. His work has not only brought him recognition as ‘2023 C100 Winner’, but he is also an esteemed thought leader who frequently shares insights in Security Magazine, The Wall Street Journal, and Cyber Security Tribe.
- Lalitha SubramanianProgram Management Director, Academic Programs, UW Continuum College (UWC2), University of Washington
Lalitha Subramanian, Program Management Director at University of Washington Continuum College, has over a couple of decades of experience designing, developing, and delivering large-scale learning and development strategies and certification programs that empower working professionals build the right strengths, skills, and behaviors for organizational success and career progression. She has proven success coaching industry experts, university instructors, and private company leaders to evolve educational offerings, in the adoption of new technologies with accessibility standards, and has designed exemplary learner-driven digital education offerings to meet the needs of a dynamic global marketplace. Her expertise in educational pedagogical practices incorporating DEIBJ best practices for both in-class and virtual/online environments have been recognized at unit, university and at a national level.
- Alejandro AyalaCurriculum Developer and Integrator, NCAE Co-Op, Norwich University
Alejandro Ayala is a rising professional in the field of cybersecurity, pursuing a PhD in 2025 through an NSF Fellowship. Alejandro currently serves as a technical lead, ensuring program integration across multiple universities and industry. Alejandro contributes to the University of Washington’s Certificate in Risk Management in multiple roles. He is the co-founder and President of CyberAlumni, a community of practice focused on continuous professional cybersecurity education across the NCAE Schools. Alejandro has published in the Colloquium for Information Systems Security Education (CISSE), Springer Journal, Future Technologies Conference, and the Human Computer Interaction International Conference innovations in cybersecurity education.
- Trevor DunlapPrincipal Research Scientist, Chainguard
Trevor Dunlap is a Principal Research Scientist at Chainguard. Trevor obtained a Ph.D. in Computer Science focusing on automatically enhancing vulnerability data to help provide richer information. He has been involved in research ranging from access control, robocalls, and the use of large language models in security domains. Beyond his technical expertise, he is a passionate advocate for securing open source software.
- Shaun StalkerRegional VP, Security Solution Sales, NORAM, Dynatrace
Shaun M Stalker, a seasoned professional in the technology sector for over 28 years, has dedicated the last 19 years to the field of cyber-security. He has collaborated with CISOs and security teams, aiding them in enhancing their security posture and mitigating evolving threats. His expertise spans across application security, threat hunting, Zero Day Threats, DLP, Insider Threats, and Zero Trust. Presently, he holds the position of one of the two RVPs for Dynatrace’s Security Solutions team in North America. Outside of his professional life, Shaun is a proud father of five children and a doting grandfather to a four-year-old granddaughter.
- Kirsten StonerTechnologist, Product Strategy Team, Veeam
Kirsten Stoner is a Technologist on the Product Strategy team at Veeam Software. With 10 years of software experience, Kirsten has a specialized focus in all things data management including storage, cloud, cybersecurity, and analytics. Through her years working at Veeam, she leads the creation of technical content for product demonstrations, webinars and digital written collateral, engaging audiences globally. Kirsten holds the Veeam Certified Engineer (VMCE) credential with a drive to continuously learn more about customer pain points and the technologies they use to overcome them.
- Erez TadmorCTO, Tufin
Erez Tadmor holds a two-decade career in the ever-evolving information security field, marked by his diverse background in managing various product portfolios and verticals. His expertise spans cloud and network security, automation & orchestration, IAM, fraud detection and prevention. As Tufin's Field CTO, he bridges the gap between customers, marketing, and product teams, educating stakeholders on network security technologies, cybersecurity best practices and Tufin's solutions. Erez holds a track record of strong leadership in both enterprise and startups cybersecurity product management and strategy development.
- Mukesh Dixit, ModeratorCTO, Washington State Department of Labor and Industries
Chief Technology Officer at Washington State Department of Labor and Industries. Expert level grasp on IT Security governance and management of security in application, infrastructure and cloud domains. Spearheaded teams to do FedRAMP assessments of major cloud service provider giants in the industry. Certifications include CISSP, CCSP, CISA, PCIP, PMP, and AWS-SAA. Formerly PCI-QSA certified with a PCI assessor.
- Chirag PatelSenior Attorney, Clark Hill LLP
Chirag H. Patel is a solution-oriented technology and commercial attorney with extensive experience in emerging technologies, artificial intelligence (AI), data privacy, cybersecurity, contracts, e-commerce, and trade secrets. His multi-channel experience encompasses compliance, transactional review, and litigation.
Chirag’s practice spans diverse industries, including software, e-commerce, cryptocurrency, healthcare, financial services (traditional and FinTech), cannabis, commercial construction, and hospitality sectors.
His litigation practice includes multimillion-dollar contract disputes, high-stakes consumer class actions, and novel technology issues. Recent cases include national data breach class actions, privacy and wiretapping claims (CIPA), AI discrimination claims, software service (SaaS) and implementation contract disputes, business email compromise, cryptocurrency injunctions, and right of publicity of cases.
Chirag’s compliance practice focuses on AI, data privacy, and e-commerce. This includes development and advising on AU Acceptable Use Policies (AUPs), AI Audits, data privacy laws, and ecommerce laws. Among other regulatory regimes, Chirag has advised clients on compliance with the HIPPA Privacy Rule, the California Restore Online Shoppers Confidence Act (ROSCA), California Consumer Privacy Act (CCPA), California Automatic Renewal Law (CARL), and Federal Trade Commission (FTC) regulations.
Chirag has experience with commercial contract review and transactions. He conducts master contract reviews in various industry settings covering issues such as intellectual property rights, data ownership, and terms of service. He also has full-cycle M&A experience, including conducting privacy and cybersecurity due diligence.
- Danny ManimboPrincipal | ISO Practice Director | AI Assessment Leader, Schellman
Danny Manimbo is a Principal with Schellman based in Denver, Colorado. As a member of Schellman’s West Coast / Mountain region management team, Danny is primarily responsible for leading Schellman's AI and ISO practices as well as the development and oversight of Schellman's attestation services. Danny has been with Schellman for 10 years and has over 13 years of experience in providing information security and data privacy audit and compliance services. Danny has achieved the following certifications relevant to the fields of accounting, auditing, and information systems security and privacy: • Certified Public Accountant (CPA) • Certified Information Systems Security Professional (CISSP) • Certified Information Systems Auditor (CISA) • Certified Internal Auditor (CIA) • Certificate of Cloud Security Knowledge (CCSK) • Certified Information Privacy Professional – United States (CIPP/US)
- Kent BlackwellDirector, Penetration Testing Team, Schellman
Kent Blackwell is a Director at Schellman, helping lead their penetration testing and offensive security practice. Kent has over fifteen years of experience serving clients in a multitude of industries, including the Department of Defense and top cloud service providers. He got his start in penetration testing evaluating systems as a civilian with the Air Force before later joining Schellman to help build the security practice. A security and privacy enthusiast, Kent is passionate about ensuring people can have confidence in the platforms to which they entrust their data.
- Karim FanadkaDirector of Software Engineering, Salesforce
As the Director of AI Infrastructure at Salesforce, Karim leads a key team responsible for designing and implementing cloud-based infrastructure and platform tools for the Salesforce AI Platform. Karim and his team focus on architecture, scaling, performance optimization, and infrastructure development to enhance system performance and scalability. They also create methodologies, tools, and frameworks that play a significant role in the 'go-to-production' process for an auto-scaled cloud system.
- Milosz GoralczykLead Software Engineer, Salesforce
Milosz Goralczyk is a Lead Software Engineer, Scrum Master, Security Champion, and VTO rockstar for the AI Platform team at Salesforce. He owns services in model training areas for Generative AI and Predictive AI, expanding Salesforce Einstein AI impact in cutting-edge AI products. With a deep passion for ML, experimentation, and security, he plays a pivotal role in driving innovation and ensuring robust security standards within his team. Prior to his role at Salesforce, he contributed to Microsoft's Bing and Azure Active Directory, as well as several CRM-focused companies. An entrepreneur at heart, Milosz has founded and successfully managed two companies. He earned his master’s degree with honors from the Military University of Technology, where he published research papers from his work on object-oriented databases.
- Kaustubh SarkarLead Product Security Engineer, Salesforce
- Eric Warfel, ModeratorDirector of Strategy & Operations, AI Platform, Salesforce
Eric is the Director of Strategy & Operations for Salesforce's AI Cloud, where he works on the company’s Trust commitments and leads strategic cross-functional initiatives. He is privileged to work with an exceptional team dedicated to delivering the most trusted AI CRM software on the market.
Before joining Salesforce, Eric built and led teams in the payments and Fintech industries, focusing on product innovation, business operations, and program management. His career includes roles at Visa, Citi Ventures, PayPal, Gap, and more.
A Silicon Valley native, Eric has lived and worked across Europe, earning his MBA from the Grenoble Graduate School of Business in France. He now resides in Silicon Valley with his family.
- Jake Bernstein, Esq.Vice President, ISC2 Seattle Chapter
Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.
- Agnieszka (Agnes) GossTreasurer, ISC2 Seattle Chapter
- Jean PawlukDirector at Large, ISC2 Seattle Chapter
Jean is an Executive Consultant, ISSA Distinguished Fellow, and honored as a 2015 SC Magazine “Woman of Influence”. With a global focus on strategy, architecture, and technology in the high tech and financial industries, she alternates between technical and executive leadership roles. Once focused on security and cryptography for the financial industry, her current focus is on the use and abuse of blockchains, augmented reality, and the Internet of Things (IoT).
- Frank Simorjay, ModeratorPresident, ISC2 Seattle Chapter
Frank Simorjay (CISSP, ISSA Distinguished Fellow) is a cloud security and compliance subject matter expert. Frank works for Microsoft Azure global ecosystem organization as the Lead PM of the Azure automation Blueprint program, that includes the PCI automation blueprint. Frank has written an extensive library of papers, and blogs (http://cloudntech.blogspot.com/)
- Happy Hour
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Lisa PlaggemierExecutive Director, National Cybersecurity Alliance
Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.
- Jenifer ClarkInformation Security & Compliance Engineer, Costco Wholesale
Experienced Information Security Professional with a demonstrated history of working in the retail industry. Skilled in Operations Management, Sales, Management, Point of Sale (POS) / Fuel Systems, and Inventory Control. Strive to find ways information security can enable and support business and operations teams with solutions. Actively support public/private partnerships with local and federal agencies with emphases on infrastructure, cyber security and community outreach.
- Jerry Petru, CISSP, CISM, FBCS, CITPPresident, Washington State InfraGard Chapter
Mr. Petru is the President of the Washington State InfraGard Chapter and a Fellow of the British Computer Society, The Chartered Institute for IT. He is an innovative, and technically sophisticated professional, offering substantial years of broad-based experience in evaluating large corporate systems. Powered with a comprehensive background in development and implementation, he has authored more than forty-seven different courses based on AIX, Encryption, Linux, Networking, Security, and Virtualization technologies, teaching to an audience of tens of thousands around the world for the past twenty-five years. Mr. Petru has spent more than two years in Ukraine over the past 20 years and has seen much change. Equipped with a proven track record of success in designing and implementing system and policy based on Confidentiality, Integrity, and Availability, to meet business continuity and disaster recovery for long-range strategic plans of Fortune 100 Companies. Mr. Petru is armed with stellar qualifications in all facets of project lifecycle development, from initial analysis and conceptual design to implementation, quality review, and enhancement to optimize operational efficiencies that improve business and IT operations.
- Maggie AmatoSr. Director, BISO, Salesforce
Maggie Amato is a dynamic cybersecurity leader with deep expertise in cloud security, AI security, and risk management across technology, healthcare, and federal sectors. As the Business Information Security Officer (BISO) for AI Cloud + CRM Apps at Salesforce, she plays an integral role in advising two Chief Technology Officers on holistic risk management strategies that align with the evolving demands of cutting-edge technologies. Throughout her career, Maggie has been at the forefront of innovation, leading the development of AI-specific security programs, advancing cloud security initiatives at Aetna, and forging impactful public-private partnerships in healthcare. Her leadership and strategic vision have consistently driven transformative security solutions that strengthen organizational resilience.
- Rob DavidsonCISO, Pacific Blue Cross & PBC Solutions
Rob Davidson brings many years of experience to his role as Chief Information Security Officer at Pacific Blue Cross and Pacific Blue Cross Solutions. His career started with Dell Canada and has progressed though several senior strategic and leadership positions at industry-defining organizations such as Microsoft and Hootsuite. Prior to his recent return to Vancouver, Rob worked through an extended tenure at Microsoft, from the original basics of networking through the launch of the Global Azure Cloud services.
Rob holds an Executive MBA and maintains his original CISSP certification. He enjoys the opportunity to share with and learn from others who are like-minded in his passion for the Security of People, Information, and Technology.
In addition to his core work, you will also find him engaged in Board of Directors (and Board advisory) positions, volunteer opportunities, and working to mentor and assist the next generation of security professionals.
- William Lidster, ModeratorCISO, AAA Washington
William serves as the leader of AAA Washington’s information security and compliance efforts. He is responsible to establish a responsive, dynamic, and flexible cybersecurity program to meet continually changing information security, regulatory, and compliance needs in the organization. William has been with AAA Washington since August of 2017. Other roles that William serves in the company include coordinating business continuity program activities and leading the company through emerging privacy legislation management.
In the evenings, William instructs graduate and undergraduate cybersecurity courses at the University of Washington and The Penn State University. William completed his Bachelor of Science in Computer Science from the U.S. Military Academy at West Point. He subsequently earned a Masters in Management Information Systems and an MBA from the University of Maryland. In December of 2018, he completed his Doctorate of Philosophy in Cybersecurity and Information Assurance from Capella University.
Prior to William starting at AAA Washington, he served five years as the Manager of IT Security Engineering at Puget Sound Energy. Prior to that, he also served as the regional CISO for Providence Health and Services. He has also served in similar positions with Alaska USA Federal Credit Union, Chugach Electric Association, and the State of Alaska, Department of Public Safety.
William served in the U.S. Army from 1990 to 1996 as an officer in the Infantry and is a combat veteran for Operation Desert Storm.
- Nazira CarlageCISO, LTK
A proven senior security leader that drives business-centric innovation through strategy, empowering independence, and inspiring the next generation of enterprise growth from small to large enterprise. Experienced security strategist from Cloud to Enterprise Architecture, change/transitional management, application security, product development, vulnerability assessment, security operations, security engineering, process improvement, and enterprise transformation. A visionary who serves as a catalyst for sustainable change by empowering organizations and people in achieving breakthrough results as they travel to secure digital transformations. A leader that nurtures and empowers teams through communication in fostering cross-functional collaboration and achieving the organization’s goals. A driver of continuous improvement who eliminates single points of failure, transforming complex obstacles into tangible solutions.
- Cynthia DamianCISO, Valon
Cynthia Damian is the Chief Information Security Officer at Valon Technologies, an up and coming fintech company innovating the financial and homeowner industry through technology. Cynthia has over 20 years of experience in cybersecurity and risk management holding security leadership and practitioner roles across small to large scale, global organizations including top Fortune companies. She is a mission-driven, people-centric security leader focused on making an impact through building, maturing and innovating cybersecurity and risk organizations with a track record of effectively managing risk and driving high-value outcomes for the business – protecting companies, employees and customers.
Cynthia has worked across diverse industries including companies such as Twitter/X, Salesforce, T-Mobile, and Starbucks. She also serves as a Board member, advisor, and mentor for various professional organizations in the security and tech community and is passionate about enabling diversity, equity and inclusion in the field one step at a time.
- Becky FrickerHead of Security Assurance and Operations, DAT Freight & Analytics
Becky Fricker is the Director of Information Security at DAT Freight & Analytics, where she plays a pivotal role in protecting the company’s digital infrastructure. She oversees Security Operations and Product Security, including areas such as Endpoint Protection and Response, Continuous Threat Exposure Management, Incident Response, and Network Security. Becky holds a Certified Information Systems Security Professional (CISSP) certification, a globally recognized credential that demonstrates her ability to design, implement, and manage a robust cybersecurity program.
Her extensive background in cybersecurity began with 13 years of service in the NJ Air National Guard, where she held critical roles such as Installation Spectrum Manager and Installation Security Systems Manager. After transitioning to the civilian sector, Becky continued to build her expertise as a Network Security Engineer at Cooper University Health Care. She later took on senior roles in the financial sector and at one of Southern California’s largest utility companies, focusing on information security within critical infrastructure.
Her academic credentials include an Associate of Science in Electronic Systems Technology, a Bachelor of Arts in Communication and Media Studies, and a Master of Science in Information Technology, specializing in Cybersecurity. Known for her adaptability, mentorship, and strong communication skills, Becky is an invaluable member of the DAT team, continuously driving improvements in the company’s information security programs.
- Erika Voss, ModeratorCISO, DAT Freight & Analytics
Erika Voss offers two decades of extraordinary success in a series of high level roles at top tier companies that include Capital One,
Salesforce, Oracle Public Cloud, Microsoft Corporation and Amazon Web Services.Erika’s invaluable expertise and broad business range have powered a history of developing successful process improvements that
drive productivity, reliability, and client satisfaction. Such traits have consistently enabled Erika to achieve an impressive command
of the skills needed to manage ongoing business planning processes while developing strategies to meet future challenges.Upon being named as Vice President of Information Security for DAT Freight & Analytics, Erika will lead vision, strategy, and
execution for all facets of security for this Fortune 500 Supply Chain Logistics corporation, while defining and revising policies,
procedures, and best practices for security, including application security, access control, authentication, third party risk management,
and intrusion detection. Dr.. Voss has dedicated herself and her vision as a leader who engages in projects with an “All-In” attitude.With a forte for successfully building strong teams and holding a key role leading all facets of finance and strategy, Dr. Voss has
successfully positioned companies, as a leading expert in its field with respect foundational security basics, fraud, identity, and cloud
security practices contributing to the following successes:● Effectively manages a team of product and application security engineers, architects, and DevSecOps personnel, continually
identifying opportunities to reinforce the company’s security posture.
● Engages directly with customers, providing information and guidance on the company’s security posture.
● Served as the CISO of the company’s cybersecurity program in line with all industry standards and regulatory requirements,
including SOC2, PCI, SOX, and other industry regulations.Combining her proven business instinct with an unprecedented disciplinary work ethic, Erika has continuously exceeded expectations
in high stake environments throughout her career positioning herself as a key member of each company and a driving force for growth.
Erika holds a Ph.D. in Cybersecurity from Northcentral University, as well as a Master of Science Degree in Security Administration
and a Bachelor of Science Degree in Computer Operations Technology from Southwestern College. - Panel Discussion
- Dr. Peter HolowkaDirector of Educational Technology, West Point Grey Academy, Vancouver BC
Dr. Peter Holowka is passionate about digital transformation and technology leadership, particularly in education. His doctoral research was in cloud computing adoption and organizational leadership. His professional work and academic research centre on the digital transformation journey, particularly the journey from legacy systems towards the cloud. He has received multiple awards for leadership and academic excellence. He was recognized as Member of the Year by the CIO Association of Canada, and currently serves as the Past President of the Vancouver Chapter. Beginning his career as a network and web design specialist, Dr. Holowka also advises a number of businesses, educational institutions, and not-for-profit organizations.
- Aaron HuntDirector, Information Security, KP LLC
An Information Security leader with experience establishing resilient security strategies and procedures enhancing the corporate security posture, through evaluation of risk, promoting security awareness and privacy training, management of incident response, managing relationships with customers and business partners, and ensuring continued compliance through internal, customer and certification security audits.
A proven leader, skilled in managing network and application operations, knowledgeable in many collaboration and web environments and successfully managed services and large scale projects. Experienced in several security frameworks, including ISO 27001, PCI DSS, HITRUST, NIST 800-53, HIPAA, GDPR and SOC.
- Marie OlsonFormer Deputy Chief Privacy Officer (CPO), Boeing
- Jake Bernstein, Esq.Partner - Data Protection, Privacy & Security Group, K&L Gates
Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.
- Maggie AmatoSr. Director, BISO, Salesforce
Maggie Amato is a dynamic cybersecurity leader with deep expertise in cloud security, AI security, and risk management across technology, healthcare, and federal sectors. As the Business Information Security Officer (BISO) for AI Cloud + CRM Apps at Salesforce, she plays an integral role in advising two Chief Technology Officers on holistic risk management strategies that align with the evolving demands of cutting-edge technologies. Throughout her career, Maggie has been at the forefront of innovation, leading the development of AI-specific security programs, advancing cloud security initiatives at Aetna, and forging impactful public-private partnerships in healthcare. Her leadership and strategic vision have consistently driven transformative security solutions that strengthen organizational resilience.
- Gowri QuickBISO & Sr. Director of Security, Salesforce
Gowri is a mission-driven, people-centric senior cybersecurity leader with 15 years of experience in Threat Intelligence, Security Operations, Risk Management, and Compliance. As a former FBI agent, Gowri proudly served her country and has also worked in Corporate Security. She holds a Master's Degree in Information Science from the University at Buffalo. Currently, Gowri serves as a Business Information Security Officer (BISO) at Salesforce, advising the President of the Customer Success Group on information security matters. In this role, she represents the Chief Trust Officer when partnering with executive leadership to promote cybersecurity across the Enterprise units.
- Brian Shea, ModeratorBISO & Sr. Director of Security, Salesforce
Brian is an IT Executive with 29 years of experience from Security Operations and Support, Compliance, Risk Management, Technology Innovation, IT Operations and Supportand. Currently, Brian is a Business Information Security Officer (BISO) supporting multiple business units at Salesforce, delivering security and compliance across our people, process, technology, and data. In addition to this, he has worked in Security and GRC at Starbucks, Microsoft, and Bank of America as well as served as a Cybersecurity Advisor for CREATE.ORG, sat on the Board of Technical Advisors for NODUS technologies, served as an alternate to the PCI-DSS Customer Advisory Council, held CISSP and CISM certifications, and has published 2 books and 3 industry papers on security.
- Ian RileySr. Security Operations Analyst, Blumira
Ian Riley is a seasoned cybersecurity professional with over a decade of experience in the IT world, including more than six years specifically focused on cyber security. His career highlights include roles as a Senior Security Operations Analyst at Blumira and Cloud Ops at Amazon Web Services (AWS). Ian's expertise lies in security incident response and system hardening, approaching cybersecurity from a defensive standpoint. With a strong background in both cloud operations and security analysis, Ian brings a wealth of knowledge and practical experience to the field of information security.
- Brian VecciField CTO, Varonis
As Field CTO at Varonis, Brian supports a wide range of security and technology initiatives by helping Varonis’ customers and partner get the most out of the company’s products. In his 20-year technical career, Brian served as a developer, tech architect, engineer and product manager for companies in financial services, legal, and cybersecurity. Brian joined Varonis in 2010 in technical marketing, led education and development, and now serves as the company’s Field CTO. He holds a CISSP certification and frequently speaks on topics related to security and technology. He has been quoted in news sources ranging from The Financial Times to Dark Reading and has made multiple appearances on CNBC. Brian holds a Bachelor’s Degree from The New School in New York City and graduated from The Lakeside School in Seattle, Washington.
- Observo.ai Representative
- Frank Simorjay, ModeratorPresident, ISC2 Seattle Chapter
Frank Simorjay (CISSP, ISSA Distinguished Fellow) is a cloud security and compliance subject matter expert. Frank works for Microsoft Azure global ecosystem organization as the Lead PM of the Azure automation Blueprint program, that includes the PCI automation blueprint. Frank has written an extensive library of papers, and blogs (http://cloudntech.blogspot.com/)
- Mike LeFeverMike Lefever, Member, U.S. Global Leadership Coalition's National Security Advisory Council; EVP of National Security, Concentric Advisors; Executive Chairman, Illuminate; Former Commander and Senior Military Representative, Office of the U.S. Defense; Representative to Pakistan, U.S. Embassy, Islamabad
Vice Admiral (Ret.) Mike LeFever, USN, currently serves as Chief Executive Officer for Concentric. Concentric is a risk management consultancy that specializes in delivering strategic security and intelligence services. In
addition, he is a member of the network of national security experts for “The Cipher Brief,” a digital based conversation platform to connect the private sector with leading security experts.Previously, Mike was the Chief Operating Officer for IOMAXIS, a US technology company specializing in cyber, communications, and computing solutions, and services. He also worked as a senior advisor, mentor, and
speaker at the McChrystal Group, a leadership and management firm, engaging with senior executives across multinational companies on leadership, strategy, and change management.Reflecting his deep experience with and commitment to developing high performance leaders and teams, Mike also served as a Performance Ambassador and Speaker for Liminal Collective and Arena Labs and as a
senior advisor and mentor for leaders in private industry; the USG’s National Defense University senior level national strategy, leadership, and warfighting courses; and USG Joint Forces. He is also a member of the
board of advisors at the National Security Institute at George Mason University, Antonin Scalia Law School and a participant on the Atlantic Council Counterterrorism Study Group.Mike retired from the United States Navy after over 38 years of service, finishing his military career as the Director of Strategic Operational Planning at the National Counterterrorism Center, within the Office of the
Director of National Intelligence. He also served as both the Commander of the Office of Defense Representative in Pakistan and the Commander of the Joint Task Force in Pakistan, leading all US Armed Forces in Pakistan between 2008-2011.Throughout his career, Mike served in Navy and Joint leadership and command positions at every level. He led disaster relief and humanitarian efforts, the full spectrum of warfare operations, and counterterrorism and
counterinsurgency operations. Renowned for his effectiveness in navigating cross-cultural, complex, and international environments and building high performance teams, his leadership was directly responsible for
numerous significant achievements that protected and enhanced the national security of the United States. The hallmark of LeFever’s leadership was his commitment to build and promote lasting partnerships between
the US and its key allies and coalition partners. - Craig Spiezle, ModeratorFounder & President, AgeLight Advisory & Research Group
Craig Spiezle is the Founder and President of AgeLight Advisory & Research Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.
- Marc Menninger, ModeratorInformation Security Officer, AstrumU
Marc Menninger is a seasoned corporate information security and risk management
professional with more than twenty years of experience. He has held the Certified
Information Security Systems Professional (CISSP) certification since 2000 and the Certified
in Risk and Information System Controls (CRISC) certification since 2016.
Marc’s career started with his service as a Computer and Communications Officer in the
U.S. Air Force from 1992 to 1997. During his tenure, he led a team of 19 UNIX
administrators, managing mobile Top Secret fiber optic networks. He was stationed at
Langley Air Force Base in Virginia and Barksdale Air Force Base in Shreveport, LA, and served
a short tour in the Persian Gulf during Operation Desert Shield.Transitioning to civilian roles, Marc has navigated through several technical and leadership
positions, building his expertise across the United States—from Dallas to San Francisco and,
ultimately, Seattle. His roles have included Vice President of Corporate Information Security
at Washington Mutual Bank, Security Manager at PEMCO Corporation, Senior Security
Manager at Lighthouse eDiscovery, and Director of Cybersecurity at A Place for Mom.
Presently, he serves as the Information Security Officer at AstrumU.Marc's specialty areas encompass Enterprise Risk Assessment, Information Security
Program Management, Governance, Risk and Compliance, and more. He lives near Seattle,
WA, with his family. - Scott BensonDirector of Cybersecurity and Infrastructure, Mud Bay, Inc.
Scott Benson is the Director of Cybersecurity and Infrastructure at Mud Bay, with over 25 years of experience in the field. He holds certifications such as CISSP, CEH, and PCIP. Scott leads a team responsible for cybersecurity, infrastructure, and help desk services, ensuring successful business outcomes and compliance with industry standards. He has a strong background in risk management, cloud security, and cybersecurity strategies.
- Kathryn PattersonSr. Lead Information Security Business Manager, TIAA
Kathryn Patterson supports the Global Cybersecurity & Fraud Management organization at TIAA. In prior roles, she managed 3rd Pty Assessment, Regulatory Exam Mgmt and Audit support, and RCSA. Her career spans three industries: healthcare, telecommunications, and financial services, with additional background in program management, business resiliency and internal investigations. She prioritizes collaboration with business partners on best practices, communications, training, and development. Kathryn holds a BA in Organizational Leadership from the University of Oklahoma with a concentration in Criminal Investigations and Intelligence Analysis.
- Grant AsplundGrowth Technologies Evangelist, Check Point Software Technologies
For more than 20 years, Grant Asplund has been sharing his insights on how businesses can best protect themselves from sophisticated cyber-attacks in an increasingly complex world. As Check Point’s chief evangelist, he travels the world enthralling audiences with his passionate and relational storytelling at conferences like RSA and Next100 CIOs and numerous media interviews. Grant’s wide range of cyber security experience informs his talks, having served in diverse roles ranging from sales, marketing, business development, and senior management for Dome 9, Blue Coat Systems, Neustar, and Altor Networks. As CEO of MetaInfo, he led its acquisition by Neustar. Grant is the host of the CISO Secrets podcast (cp.buzzsprout.com) and the Talking Cloud Podcast (www.talkingcloudpodcast.com) on Cloud security.
- Wade ElleryField CTO & Sr. Technical Evangelist, Radiant Logic
Wade Ellery, Field Chief Technology Officer and Senior Technical Evangelist with Radiant Logic. Wade has extensive experience in enterprise IT direct and channel software, and services, sales and management. He has in-depth knowledge and experience in enterprise IAM, IGA, PAM, ZTA, risk and compliance and IT security challenges. Wade has consulted on some of the largest identity management solutions deployed across Federal and Commercial clients.
- Kevin Murphy, ModeratorBusiness Information Security Officer (BISO), T-Mobile USA
Kevin has more than 25 years of experience in threat intelligence and information security. He was the VP of cybersecurity operations and governance at IOActive.com, a retired NSA intelligence officer, the former director of Windows security architecture at Microsoft, and shipped Windows 10 (not by myself). He holds the CISM, CISSP, CGEIT security certifications.
- Cynthia DamianCISO, Valon
Cynthia Damian is the Chief Information Security Officer at Valon Technologies, an up and coming fintech company innovating the financial and homeowner industry through technology. Cynthia has over 20 years of experience in cybersecurity and risk management holding security leadership and practitioner roles across small to large scale, global organizations including top Fortune companies. She is a mission-driven, people-centric security leader focused on making an impact through building, maturing and innovating cybersecurity and risk organizations with a track record of effectively managing risk and driving high-value outcomes for the business – protecting companies, employees and customers.
Cynthia has worked across diverse industries including companies such as Twitter/X, Salesforce, T-Mobile, and Starbucks. She also serves as a Board member, advisor, and mentor for various professional organizations in the security and tech community and is passionate about enabling diversity, equity and inclusion in the field one step at a time.
- Jaki FerenzSVP, Global Risk Advisor & Insurance, Marsh
Jaki Ferenz is a client risk advisor in the risk and insurance industry with over two decades of experience. She helps clients navigate operational and organizational risks to empower strategic business initiatives. Jaki has extensive experience and knowledge regarding privacy and security (cyber), errors & omissions, directors & officers, property & casualty, and workers' compensation risks, as well as insurance coverage needs. She ensures that her clients are well-prepared to navigate the ever-evolving landscape of cyber threats and protect their valuable assets.
- Jane E. Petoskey, Esq.Associate Attorney - Data Protection, Privacy & Security Group, K&L Gates LLP
Jane E. Petoskey is an associate at the firm's Seattle office. She is a member of the Technology Transactions practice group, and primarily services clients under the Data Protection, Privacy, and Security focus area. Jane is also a Certified Information Privacy Professional in the United States (CIPP/US) and Certified Information Privacy Manager (CIPM), and is a Fellow of Information Privacy (FIP).
Prior to joining the firm, Jane served as a technology transactions and data privacy associate attorney at the Seattle office of an AmLaw 100 firm. Through this role, Jane regularly advised clients of all sizes and industries through privacy and data security matters, including counseling on compliance with domestic and international privacy and data security laws and regulations, including the CCPA, COPPA, GLBA, HIPAA and HITECH, and GDPR.
- Jennifer WomackCybersecurity Operations, Puget Sound Energy
Jennifer Womack has worked for Puget Sound Energy since 2008. She has held various roles within Infrastructure Security, Compliance and Security & Risk. She currently is the Manager of Cyber Security Operations.
- Zabrina McIntyre, ModeratorDirector, Advisory, KPMG; BISO, WiCyS
Zabrina McIntyre is a Director with KPMG focusing on large scale cybersecurity transformations for clients with a focus on compliance. She holds the CISSP and PMP certifications and is working on her PCI QSA. She is a dedicated supporter of Women in Cybersecurity (WiCyS) and is currently on the leadership board for the Business Information Security Officer (BISO) Affiliate.
- Hong-Lok LiChief Technology Officer, Alma Mater Society of UBC, Vancouver
Hong-Lok Li is the Chief Technology Officer at the Alma Mater Society of UBC Vancouver (representing 60,000+ UBC students). He has a strong technical background and 20+ years of experience in large organizations in a multi-platform, integrated computing environment. Hong is a Chartered Engineer (CEng) who earned his Master of Science (MSc.) in AI and Networking at the University of Essex in the United Kingdom. He is also a BCS (British Computer Society) assessor for the Chartered Engineer (CEng) Assessment. Hong believes in fostering a culture of innovation and collaboration and is always passionate about deploying technology to ensure resource optimization and operational excellence.
- Andrew JohnsonSolutions Architect, Washington Technology Solutions (WaTech)
Andrew Johnson is a Solutions Architect based in Olympia, WA. Andrew serves as the Principal Architect overseeing the state’s adoption of zero trust, Secure Access Service Edge, SD-WAN, and Secure Service Edge. Andrew is responsible to interconnect state government with cloud-based resources and external business partners. Andrew spearheads the state's adoption of new technologies enabling state government to leverage cutting-edge technology in serving the residents of Washington State. Additionally, Andrew modernized the state's DNS system, transitioning it to a hybrid DNS solution that handles both on-premise and cloud-based queries. Andrew is a retired Army Signal Warrant Officer.
- Patrick MasseyDirector, Region 10, DHS CISA
Patrick Massey serves as the Regional Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Region 10 office in Seattle. CISA is committed to improving the security and resiliency of our nation’s infrastructure through collaboration with critical infrastructure owner/operators, governments, industry, and other stakeholders.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Join your local cybersecurity community for learning and professional growth!