Open Sessions
Conference Pass
SecureWorld Plus
VIP / Exclusive
- Thursday, April 22, 20218:00 amAdvisory Council RoundtableDiscussion topic to be announcedRegistration Level:
VIP / Exclusive
8:00 am - 8:50 amThis session is for SecureWorld Advisory Council members by invite only.
8:15 amAssociation Chapter MeetingsRegistration Level:Open Sessions
8:15 am - 8:50 amParticipating professional associations and details to be announced.
8:30 amExhibit Hall OpenRegistration Level:Open Sessions
8:30 am - 9:00 amLocation / Room: Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Virtual booths feature demos, resources downloads, and staff ready to answer your questions. Look for participating Dash For Prizes and CyberHunt sponsors to be entered to win prizes.
9:00 amOpening KeynoteRegistration Level:Open Sessions
9:00 am - 9:45 am9:45 amNetworking BreakRegistration Level:Open Sessions
9:45 am - 10:00 amLocation / Room: Exhibitor FloorVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
10:00 amDeveloping an Effective Security Awareness ProgramRegistration Level:Open Sessions
10:00 am - 10:30 amSecurity Awareness is well known for being the “best bang for the buck” out of all the risk mitigation techniques, but is it really? For Security Awareness to be effective, it must change the behaviors of employees and ideally lead to a mature security culture in your organization. Many programs that do not use adult education techniques and neuroscience fail to achieve behavior change—and can even make things worse. Once employees start to have a negative impression about information security, feel helpless, or begin to consider remediation as punitive, great damage has been done to the security culture and this can be difficult to reverse.
This fun presentation will help you to gain an understanding about effective Security Awareness program creation and implementation, as well as to build buy-in for a mature security culture.
10:00 amI.A.M. What I Am: Building a Strong Identity and Access Management ProgramRegistration Level:Open Sessions
10:00 am - 10:30 amIdentity and Access Management has risen from a necessary evil to the “new perimeter” as applications migrate to the cloud. Having the right people aligned to your business processes with sound technology will propel your IAM program from the back office to business enabling function. This presentation will guide you on how to mature your existing identity and access management program, pitfalls to avoid, and tips to get your stakeholders on board.
10:00 amPractical Considerations When Verifying Your Vendors' Cybersecurity ControlsRegistration Level:Open Sessions
10:00 am - 10:30 amAs businesses grow, it becomes increasingly cheaper, more convenient, and more efficient to rely on third parties to take on certain business functions. However, the security of your organization’s assets is only as strong as the weakest link in your vendor chain.
Embracing the “trust-but-verify” approach, this session offers helpful tips and areas to focus on when validating your vendors’ cybersecurity controls.
Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)
10:30 amNetworking BreakRegistration Level:Open Sessions
10:30 am - 10:45 amVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
10:45 amInsider Threats: A Multi-Pronged Approach to Protecting Your OrganizationRegistration Level:Open Sessions
10:45 am - 11:15 amInsider threats are a real danger and cannot be overlooked. While deploying the latest secure system to fight against cyber threats is a decent strategy, you must also implement an effective insider threat system for an overall cybersecurity solution. An insider threat program cannot be brought off the shelf, but is a continuous process to identify and detect an incident as it occurs. Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)
10:45 amLeveraging Culture to Optimize Information SecurityRegistration Level:Open Sessions
10:45 am - 11:15 amTo build a culture that optimizes security, an organization needs to set information security leadership appropriately. Strategically, it needs to understand the organization’s risk tolerance, codify it as policy, and communicate it. Based on risk tolerance, it needs to create a roadmap that moves the organization from ad hoc and compliance-based cultures to one that’s risk-based. Tactically, security management needs to regularly drive buy-in for risk tolerance and policy. In addition, management needs to foster a culture that learns from incidents and failures rather than a culture that focuses on assigning blame.
10:45 amBuilding Blocks to Achieve Cloud SecurityRegistration Level:Open Sessions
10:45 am - 11:15 amCloud computing has entered its second decade, and its prevalence is increasing, as “cloud first” is gaining more popularity than ever. Despite its prolonged existence, cloud computing still suffers from confusion and hype over how to secure the cloud. Also, longstanding concerns such as cloud governance continue to muddle the opinions and approaches of CIOs, CISOs, architects, and IT leaders. This session is aimed to demystify the myth of cloud being insecure and will emphasize how to build the security blocks around cloud while using varied service and deployments of cloud computing.
11:15 amNetworking BreakRegistration Level:Open Sessions
11:15 am - 11:30 amVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
11:30 amAre You Ready for the Convergence of IIoT, OT, and IT Security?Registration Level:Open Sessions
11:30 am - 12:00 pmBusiness transformation and drive for smart factory initiatives has placed demands on business leaders to leverage relevant technologies to achieve the desire end goal of operational excellence. The technologies such as industrial internet of things (IIoT) are being layered on top of manufacturing floor machinery to provide that needed insight into business operations and productivity. These improvement and perceived operational excellence have come with cyber security risks which were not a common place in manufacturing space previously. It for this reason that there is now a convergence between operation technology (OT), Industrial internet of things (IIoT) and IT. This intersection is becoming very evident in manufactural, supply chain and traditional production organization or companies.
Most of these manufacturing machineries were never directly connected to the ethernet networks and as such the risk was very minimal. In some cases, these organizations had organized security based on perimeter controls such as data center firewalls, site firewalls, floor firewalls that provide segmentation or microsegment between corporate IT and manufacturing operation technology (OT space). However, if the individual devices that are connected on the OT side become compromised and the threat has access to that communication link, a hacker can push malicious data, cause denial of service (DoS), or introduce malware or viruses to the entire network — even if there is a secure communication link. There are many ways to run into problems on the OT/IoT front if companies are not careful in their network design security implementation. These increase the risk and a re-thinking of how to architect security appropriately to meet the ever-evolving threat landscape with relevant implications to OT/IIoT and larger enterprise network.
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)11:30 amRansomware Incident Command and Lessons Learned for ManagersRegistration Level:Open Sessions
11:30 am - 12:00 pmThis presentation presents a practical approach to incident command for managers at all levels, irrelevant of cyber expertise. Managers of all types are asked to take charge in critical situations and can benefit from leveraging proven crisis management processes during ransomware response.
11:30 amNew Remote Workforce: Privacy and Security Risks and MitigationsRegistration Level:Open Sessions
11:30 am - 12:00 pmThe sudden growth in the remote workforce exposed critical cybersecurity and privacy concerns that should be considered. This presentation will provide an overview of key legal considerations with remote work when it comes to privacy and security, as well as discuss some solutions to help mitigate risk as your employees work from home.
12:00 pmNetworking BreakRegistration Level:Open Sessions
12:00 pm - 12:15 pmVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
12:15 pmHey, Information Security: Be Part of the Digital Transformation or Be Left Behind!Registration Level:Open Sessions
12:15 pm - 1:00 pm“Digital transformation” (Dx) as a buzzword may be approaching the end of its life, but the fundamental concept—continuously improving the use of technology and data to provide value to customers—is real and critical to the survival of businesses. If information security teams don’t evolve to deliver the same Dx value and benefits to our organizations, then we risk losing our “customers” to intentional circumvention or preference for shadow IT providers. Make sure your information security team provides the core Dx attributes to your organization to cultivate value, loyalty, and trust. Join this session to learn how you can:
• Embed security into your culture, technologies and processes
• Empower innovation and expedite time-to-market through consistent security risk governance
• Assess the impacts, goals and methods of likely cyber attacks and incidents
• Align IT and security professionals with business objectives and risk tolerance
• Prepare now for effective detection and response to reduce business impacts of incidentsPresentation level: MANAGERIAL (security and business leaders)
12:15 pmLeveraging the Three Lines of Defense to Improve Your Security PositionRegistration Level:Open Sessions
12:15 pm - 1:00 pmDepending on your role, a three lines of defense risk management model can be your best friend or worst enemy. No matter your view, the data produced through these channels can help you better understand your weaknesses, work more effectively with senior management, and respond to a variety of scenarios.
Presentation Level: MANAGERIAL (security and business leaders)12:15 pm[Panel] Addressing Weakness: Vulnerability ManagementRegistration Level:Open Sessions
12:15 pm - 1:00 pmNIST defines vulnerabilities as, “Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.” This panel will discuss current vulnerabilities and risk management through proper controls and best practices.
12:15 pm[Panel] Identity and Access Management: Zero Trust for the Win?Registration Level:Open Sessions
12:15 pm - 1:00 pmAuthentication used to be a discreet decision with the purpose of securing a single access point. Today, the ability to utilize many different types of authentication—from passwordless authentication, to certificate-based authentication, to adaptive and multi-factor authentication—is the foundation of a robust access management framework. With all the terms flying around out there—MFA, 2FA, Zero Trust, IAM, etc.—it’s hard to keep track of what is supposed to be working. Our experts will help demystify the jargon, provide best practices, and steer you away from common missteps.
12:15 pmExecutive RoundtableRegistration Level:VIP / Exclusive
12:15 pm - 1:00 pmDiscussion forum for executive leaders and SecureWorld Advisory Council members (10-15, invite only). Moderated by a CISO/CSO.
1:00 pmNetworking BreakRegistration Level:Open Sessions
1:00 pm - 1:15 pmVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
1:15 pmMoving from Individual Contributor to Cybersecurity LeaderRegistration Level:Open Sessions
1:15 pm - 2:00 pmAre you feeling the call towards cybersecurity leadership? Just being a good technologist is no guarantee you will be a good leader. There are many things that good leaders need to know that have nothing to do with technical knowledge.
Join in this conversation about the path from the Information Security technical role to an Information Security leadership role. Learn the right knowledge that will be powerful in helping advance your career up the ranks of security leadership!
1:15 pmEthical Hacking and Cyber Ecosystems: Anticipating the PredatorsRegistration Level:Open Sessions
1:15 pm - 2:00 pmIn an ever-evolving digital landscape with cloud computing, mobility and IoT systems, more sophisticated approaches to vulnerability assessment are necessary. One of the central tools used in vulnerability testing is penetration testing, along with other techniques that are more broadly classified as ethical hacking. This discussion includes highlights from three case studies of ethical hacking in different settings. Highlights include approaches to ethical hacking and specific penetration techniques relevant to cloud computing and network security. Topics will also include challenges faced in ethical hacking within cybersecurity ecosystems and a discussion of a robust, integrative multi-layered used in ethical hacking.
Presentation Level: TECHNICAL (deeper dive including TTPs)1:15 pm[Panel] Threat Landscape in Flux: Emerging ThreatsRegistration Level:Open Sessions
1:15 pm - 2:00 pmThe attack surface is shifting, threat actors are adapting, and security teams must also pivot. This panel will take a dive into various attack vectors, security gaps, and emerging threats organizations are now facing.
1:15 pm[Panel] No Perimeter: Security in the CloudRegistration Level:Open Sessions
1:15 pm - 2:00 pmWorldwide events have accelerated cloud adoption trends. Organizational reliance on the cloud is at an all-time high. This panel will explore cloud security risks, controls, and best practices to help ensure a secure cloud computing environment.
1:15 pmExecutive RoundtableRegistration Level:VIP / Exclusive
1:15 pm - 2:00 pmDiscussion forum for executive leaders and SecureWorld Advisory Council members (10-15, invite only). Moderated by a CISO/CSO.
2:00 pmNetworking BreakRegistration Level:Open Sessions
2:00 pm - 2:15 pmVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
2:15 pmClosing KeynoteRegistration Level:Open Sessions
2:15 pm - 3:00 pm
- DHGBooth:
Headquartered in Charlotte, NC, DHG ranks among the top 20 public accounting firms in the nation. With more than 2,000 professionals in 13 states, we combine deep experience with a strong commitment to personal service. We are passionate about helping our clients succeed—and we do so through a resourceful approach to solving problems, providing solutions and helping our clients achieve their goals.
Dedicated client focus and relationships have been and always will be our touchstone. Here at DHG, you’ll receive personalized service provided by a team of professionals who are eager to share their knowledge and experience with you. We draw on our extensive resources to combine comprehensive assurance, tax and advisory services.
- ImpervaBooth:
Imperva is a leading provider of data and application security solutions that protect business-critical information in the cloud and on-premises. Cybercriminals constantly change their tactics. But what they are after, and how they ultimately make money, doesn’t change. They are after data. They make their money through extortion, via DDoS and ransomware, and through theft via data breaches. Today, data and applications are the fundamental assets of any enterprise. Data are the intellectual property and apps are what run the business. Imperva has a singular purpose: protect these critical assets from the ever-changing attacks of the cybercrime industry.
- NetskopeBooth:
Netskope offers the industry’s only all-mode architecture that supports any use case. This starts with the option of being deployed 100 percent in the cloud, as an on-premises appliance, or via a hybrid configuration that includes both. When it comes to traffic steering, Netskope supports every possible out-of-band and inline mode, including forward and reverse proxy, secure TAP, API, and log-based discovery. These modes are often used in parallel to cover customers’ multiple use cases.
- OktaBooth:
Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.
- Recorded FutureBooth:
Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.
- Panel Discussion
- Panel Discussion
- Panel Discussion
- Panel Discussion

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Join your InfoSec peers for high-quality training and collaboration. Sign up today!
