googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, September 20, 2017
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    Advisory Council Roundtable Breakfast – (VIP / Invite only)
    • session level icon
    speaker photo
    CNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: 100

    This roundtable discussion is for our Advisory Council members only.

    8:00 am
    [SecureWorld PLUS] Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 120

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 1 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 121

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    8:30 am
    Are You Spending Your InfoSec Dollars in the Right Place?
    • session level icon
    speaker photo
    CISO, Veterans United Home Loans
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 104

    Are you allocating your Infosec budget properly? This presentation will discuss how to evaluate whether you are increasing your security posture with your spending.

    8:30 am
    Anatomy of a Cyber-Heist: Examples of Advanced Cyber Risks
    • session level icon
    speaker photo
    Principal and Virtual CIO, UHY LLP
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 102

    One click is all it takes. Bring your A-game! This presentation will take you through how cyber crooks are getting away with some big pay days. We will explore techniques in use demonstrating an increasingly high level of sophistication, patience, and planning, so you can better plan your defenses.

    8:30 am
    Don't Let Your Server Be a POW: Security Monitoring for Cloud-Based Servers
    • session level icon
    speaker photo
    Manager, IBM Cloud - Penetration Testing, IBM
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: 101

    This discussion will take server security monitoring in the enterprise cloud to the next level. We will look at how and what to monitor as well as how to respond to new and existing threats in the cloud.

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    OPENING KEYNOTE: Artificial Intelligence, Real Intelligence, and the Need for a Coherent National Cyber Policy
    • session level icon
    speaker photo
    CNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    A call to action to policy makers, corporate leaders and front-line cyber warriors to develop a coherent and workable national and international cyber policy. Every day brings us new headlines from the cyber front. It’s pretty clear that we are woefully unprepared for the cyber battles of the unfolding Global Cyber War. This talk will lay the groundwork for efforts to fix this critical shortfall that will impact every aspect of our lives in the Cyber Age.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council LUNCH RoundTable: (VIP / Invite Only)
    • session level icon
    Topic: Prioritization of Top 20 Critical Security Controls
    speaker photo
    STAR Program Director, Cloud Security Alliance
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 100

    This session is for our Advisory Council members only.

    11:15 am
    Wombat: 70 Million Responses Can’t Be Wrong
    • session level icon
    speaker photo
    Sr. Security Awareness Training Strategist, Proofpoint
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 105

    This session will share the results of our 2017 Beyond the Phish Report, which analyses the aggregate data of 70 million responses to security questions and training challenges across several different topics. You’ll learn in which topics end users are the strongest and the weakest so that you can determine how to plan or improve your security awareness and training program. Understand knowledge in various industries and how they differ so that you can have a benchmark against which to compare your end users’ knowledge.

    11:15 am
    Check Point Software: Welcome to the Future of Cybersecurity
    • session level icon
    speaker photo
    Enterprise Accounts, Security Engineer, Check Point Software
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 104

    We will discuss how a unified platform providing security controls and visibility across physical devices, virtual devices, mobile devices and hand-held devices can provide greater security efficacy in your environment.

    11:15 am
    Access Management: How to Control Access in Today’s Technology Environment
    • session level icon
    speaker photo
    Director of Technology Risk Advisory Services, Mueller Prost
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 102

    User IDs, long, complicated passwords, data breaches, internal audits, external audits, compliance assessments, hackers, and the list goes on and on. These are just a few things that access management professionals worry about. How do you set up your access management controls to limit the organization’s exposure and decrease the odds something bad will happen?  Come learn proven techniques to control the access management environment.

    11:15 am
    (ISC)2 Chapter Meeting
    • session level icon
    Open to All Attendees
    speaker photo
    Director of Sales, Bugcrowd
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 101

    Join (ISC)2 for a meet and greet. This session is intended for members and non-members.

    12:00 pm
    Advisory Council LUNCH Round Table - (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 100
    12:15 pm
    LUNCH KEYNOTE: Panel - Using Public Data to Alert Organizations of Vulnerabilities
    • session level icon
    speaker photo
    Lead Technical Project Manager, US eDirect
    speaker photo
    Security Analyst, Office of Administration, IT Services Division, State of Missouri
    speaker photo
    Security Infrastructure Manager, Office of Cyber Security, State of Missouri
    Registration Level:
    • session level iconConference Pass
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Did you know your organization’s internet vulnerability information is available online? Learn about the tools and techniques that Missouri’s Office of Cyber Security uses to identify vulnerable systems, and how you can use these techniques to protect your organization.

    1:15 pm
    Tokenization: X9.119-2 American National Standard
    • session level icon
    speaker photo
    VP Security Architect, Wells Fargo
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:15 pm
    Location / Room: 102

    Tokenization is the latest data protection method but – What is it? How does it work? When do i use it? Why do i use it? Where can i use it? This session looks at tokenization pros and cons.

    1:15 pm
    Panel: What Will They Think of Next? (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    It would seem the more we “build a better mousetrap” the better the threats become. Will machine learning and AI be used against us in the future? Will these and other innovations be hacked and used for gain? Will the Crime as a Business platform take off where business competitors are utilizing these attacks for the upper hand? Perhaps the cars that are being hacked will evolve into driverless vehicles that are hacking companies from inside there own parking lots. What about drones? So many questions, let’s see what our experts say on this panel.

    PANELISTS:
    Kristi Thiele, IXIA
    Bryan Lares, Sparkcognition
    TJ Adamowicz, Mimecast
    Brian Gorenc, Trend Micro
    Mike Kiser, SailPoint
    Moderator: Jon Stitzel, Lead Analyst, Ameren

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    All Risks Are Business Risks
    • session level icon
    speaker photo
    Cybersecurity Risk Management Lead, Ameren
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 104

    Defining accurate cybersecurity measurements has always been difficult. We need to alter the perception of cybersecurity from a primarily IT concern, to an everyday function of the business. This presentation will provide some ammunition to allow us to make that argument and move us beyond our current limitations.

    3:00 pm
    GDPR: Weaving a Data Protection Culture Into the Fabric of Your Business
    • session level icon
    Overview, impact, and best practice approaches to preparing and meeting the GDPR requirements
    speaker photo
    STAR Program Director, Cloud Security Alliance
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 102

    This session discusses the nature and scope of the planned privacy reforms, the considerable cross-business challenges they represent, and best practices to address them. It is of relevance both to security and compliance professionals, and to functional managers in Sales, Marketing, and HR.

    3:00 pm
    Overview of Cyber Education: Missouri’s Only NSA CAE in Cyber Defense Education
    • session level icon
    speaker photo
    Director, Center for Cyber Security and Forensics Education and Assistant Professor, Illinois Institute of Technology
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 105

    America is struggling to fill critical positions in cybersecurity as cyber attacks continue to rise in the public and private sectors. Even the federal government has provided funding to promote a network of cybersecurity education, training, and development of a workforce. To address this need the University of Missouri – Saint Louis (UMSL) has developed an innovative program to address these needs at the undergraduate and graduate levels.

    3:00 pm
    [SecureWorld PLUS] Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 120

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:00 pm
    SecureWorld PLUS Part 2 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 121

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    3:45 pm
    Casino Happy Hour
    • session level icon
    Join us For the Casino After-Party: Networking, Games, Prizes, Drinks and Snacks
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 5:30 pm
    Location / Room: SecureWorld Exhibitor Floor

    Join your peers at 3:45 p.m. in the Exhibit Hall for beverages and snacks compliments of Express Scripts. Test your luck at Blackjack, Roulette and Craps. Hand the voucher you receive at registration to one of the participating exhibitors to get started with $1,000 and win big for your chance at some cool prizes!
    Casino tables sponsored by: Bitdefender, Check Point Security, AOS, Cisco, Event Tracker, Mimecast

  • Thursday, September 21, 2017
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    [SecureWorld PLUS] Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 120

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 3 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 121

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    8:00 am
    InfraGard Chapter Meeting and Guest Presentation - Open to all Attendees
    • session level icon
    Topic: Cybersecurity Careers
    speaker photo
    Computer Scientist, U.S. Department of Justice
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 9:15 am
    Location / Room: Keynote Theater

    Join InfraGard for their chapter meeting and guest presentation. This session is for InfraGard members and all attendees interested in the local association. This is also a great networking opportunity.
    Presentation:
    Everyone has an opinion on what certification is best and what degree is or is not essential in cybersecurity.  Alan will provide insight on cybersecurity roles, the security certifications that matter for many of these roles, what type of training is truly valued by hiring managers and what key skills matter.

     

    8:30 am
    Security Crisis & Breach Readiness for the Enterprise
    • session level icon
    speaker photo
    VP Segment & Technology Product Security, Humana
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 101

    What is the difference between a security crisis and a Breach? How will your organization as a whole respond if crippled by ransomware or a breach of all PHI or Confidential Pii? During this discussion we will speak about some of the must have items in order to have a brilliant response to a cyber security incident that impacts the entire organization.

    8:30 am
    From IT Introvert to Organizational Leader
    • session level icon
    speaker photo
    Associate CISO, Washington University in St. Louis
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 102

    Building and utilizing leadership skills to effect change within your organization and increase your personal value.

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    OPENING KEYNOTE: Framing an Innovation Strategy to Drastically Improve Our Cyber Defense (& Offense)
    • session level icon
    speaker photo
    Asst. Professor of Systems Engineering, U.S. Military Academy, Research Scientist, Army Cyber Institute
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    This session introduces a framework that distinguishes between 4 types of innovation: sustaining and incremental innovations are reactive, while breakthrough and revolutionary innovations proactively reshape the future. To better defend our information systems, we must first analyze the innovations attackers use and develop a balanced approach to cyber innovation.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Round Table: (VIP / INVITE ONLY)
    • session level icon
    Topic: Privacy Versus Security (CCPA, GDPR, DevOpsSec)
    speaker photo
    CISO, Edwards Jones
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 100
    11:15 am
    GDPR: Impact on Multinationals and Cross-Border Information Sharing
    • session level icon
    speaker photo
    Partner, Armstrong Teasdale
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 104

    Scott will discuss the EU General Data Protection Regulation (GDPR) which takes effect May 2018. The GDPR will overhaul the longstanding European data protection regime, which presents particular challenges in how the EU and U.S. will reconcile their vastly different policies in the cross border exchange of data.

    11:15 am
    Know Your Adversary: A Live Hack Simulation Using NSA’s Stolen Digital Weapons
    • session level icon
    speaker photo
    Security Researcher and Pentester, Author "Hunting Cyber Criminals"
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 101

    Live hack simulation from start to finish using modern hacking techniques and some stolen NSA toys.

    11:15 am
    End-Point Protection – Artificial Intelligence Solutions Is The Future
    • session level icon
    speaker photo
    Global Director, Networking and Communications, VSecure360
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 102

    Signature and behavioral based end-point security protection no longer suffices in today’s modern era of hacking. Corporations must prevent an attack, not just stop one. Come and learn why AI solutions have the upper hand, and learn facts from lives comparisons of AI solutions vs. traditional AV market leaders.

    11:15 am
    EventTracker: Hunting Modern Malware – The Latest Techniques
    • session level icon
    speaker photo
    CEO, EventTracker
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 105

    The threatscape is evolving rapidly, but many IT security heads and admins are so busy managing operations and ensuring the company’s ongoing security efforts that they miss key indicators that their network has been compromised. As malware and ransomware attacks continue to advance and increase, it has become crucial for enterprises to be able to assess and detect digital threat incidents quickly and easily for the security of their infrastructures.

    This session will cover:

    • How modern malware and ransomware, such as WannaCry and Petya, enter and spread through your network
    • Best methods of detecting malware and finding hidden copies (polymorphic, mutating or dormant malware hunting)
    • What to do after you’ve detected a potential attack
    • Tools to consider to improve threat detection

    12:00 pm
    Advisory Council LUNCH Round Table - (VIP / Invite Only)
    • session level icon
    Topic: Zero Trust, What’s the Big Deal?
    speaker photo
    Senior Bank Technical Analyst, State Farm Bank
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 100
    12:15 pm
    LUNCH KEYNOTE: Minding The Gap
    • session level icon
    Collaboration and Evaluation are Necessary Steps Towards Cyber Readiness
    speaker photo
    CEO, ISACA
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Enterprises globally are working seemingly around the clock to protect their critical information and technology assets from cybersecurity threats and attacks. Boards of Directors and senior executives are asking questions such as “are we safe” and seeking proof that their organizations have the capabilities in place to meet today’s challenges. Companies are also finding that a technically advance workforce is hard to find due to the lack of qualified candidates, making each a hire critical step in ensuring business stability, digital transformation, and to soothe nervous corporate boards, unsettled investors and alarmed customers, all of whom worry about cyber hacking.

    In this talk, ISACA’s CEO, Matt Loeb will shed light on the importance of hiring exceptional talent and how constant collaboration and evaluation are necessary steps towards cyber readiness.

    1:15 pm
    Panel: Phishing and Social Engineering Scams 2.0
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Phishing continues to be the #1 attack vector for the bad guys. Why? Simply put: it works. These attacks keep getting more realistic and sophisticated. In the future we should expect nothing less. Criminals will do more homework on their potential victims and possible pose as business leads or clients to gain our trust. What sales person doesn’t want email from a potential client who wants a new solution? Or they may just lay in wait until they’ve collected enough information to strike. Will they actually come to your business and drop thumb drives like pen testers do? Use drones to do their dirty work? Our experts will discuss the current state of affairs and brainstorm possible new scenarios.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Cybersecurity Metrics for Senior Leadership
    • session level icon
    speaker photo
    Manager, CyberSecurity and Privacy, PwC
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 102

    Presenting Cybersecurity Metrics to influence senior leadership.

    3:00 pm
    Where Does it Hurt? Diagnosing Delivery Issue
    • session level icon
    speaker photo
    Local Information Security Officer, Ascension Health
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 101

    Finding ways to improve chronic organizational issues such as communications or other services can be a challenge. This high-level framework was developed to diagnose and improve organizational communication issues, and is useful for finding the right questions to ask in any service delivery dynamic.

    3:00 pm
    Exploring Emerging Cyber Attest Requirements
    • session level icon
    speaker photo
    Manager, RubinBrown LLP
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 104

    The session will provide insights on the latest cybersecurity and attestation changes.
    Recent standards changes, which can change how you interact with and/or serve third parties, will be covered:
    1. New Cybersecurity Attestation
    2. New Trust Services Criteria
    3. New SOC1 Guide
    4. Pending new SOC2 Guide
    5. SSAE18 implications

Exhibitors
  • AOS
    Booth: 410

    AOS specializes in architecting, implementing and supporting an expansive portfolio of solutions. These offerings range from Enterprise Network, Unified Communications, Storage and Virtualization to Physical and Information Security, Managed Services, GIS, SharePoint and more.

  • Bitdefender
    Booth: 200

    Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.

    From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.

  • Carbon Black
    Booth: 120

    Carbon Black is Transforming Security Through Big Data and Analytics in the Cloud Growing trends in mobility and cloud have made the endpoint the new perimeter. New and emerging attacks are beating traditional defenses, and security teams are too reactive and held back by their technologies. Carbon Black is leveraging the power of big data and analytics to solve the challenges surrounding endpoint security. With the Cb Predictive Security Cloud platform, we are transforming cybersecurity to deliver a new generation of cloud-delivered security solutions designed to protect against the most advanced threats.

     

  • Check Point Software Technologies
    Booth: 530

    Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • Cisco
    Booth: 410

    Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.

  • Cylance
    Booth: 730

    Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.

  • EC-Council
    Booth: TBD

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • ECTF
    Booth: TBD

    As a result of the amalgamation of advanced technology and the Internet, both the quantity and sophistication of cybercrimes targeting U.S. financial institutions and critical infrastructure have increased. Today, criminal trends show an increased use of phishing emails, account takeovers, malicious software, hacking attacks and network intrusions resulting in significant data breaches. To protect the nation’s financial infrastructure from cyber and financial criminals, the Secret Service has adopted a multipronged approach.

  • EventTracker
    Booth: 550

    EventTracker’s advanced security solutions protect enterprises and small businesses from data breaches and insider fraud, and streamline regulatory compliance. The company’s EventTracker platform comprises SIEM, vulnerability scanning, intrusion detection, behavior analytics, a honeynet deception network and other defense in-depth capabilities within a single management platform. The company complements its state-of-the-art technology with 24×7 managed services from its global security operations center (SOC) to ensure its customers achieve desired outcomes—safer networks, better endpoint security, earlier detection of intrusion, and relevant and specific threat intelligence.

  • Express Scripts
    Booth: 180

    Headquartered in St. Louis, Express Scripts is a healthcare technology company providing integrated pharmacy benefit management services. We put medicine within reach of eighty-three million people by aligning with plan sponsors, taking bold action and delivering patient-centered care to make better health more affordable and accessible. It’s more than what you think. As an organization that deals with highly sensitive patient information, we are committed to protecting the clients, patients, and companies we serve from security breaches and cyber-attacks. Our cyber defenders are challenged and trusted with maintaining our secure infrastructure day in and day out, while leveraging internal and external threat intelligence to continuously improve our security posture.

  • ExtraHop
    Booth: TBD

    ExtraHop is a force multiplier for IT teams struggling with increasing complexity. With the ExtraHop platform, organizations can regain control over the security and performance of their applications and infrastructure, and capitalize on their data analytics opportunity to improve business operations and results. Learn more at www.extrahop.com

  • FireEye
    Booth: 100

    FireEye (https://www.fireeye.com/) is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 7,100 customers across 67 countries, including more than 45 percent of the Forbes Global 2000.

  • Fortinet
    Booth: 430

    Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.

  • Gigamon
    Booth: 510

    Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com. 

  • GuidePoint Security LLC
    Booth: 730

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

  • HOPZERO
    Booth: 170

    Firewalls control access, HOPZERO controls distance. Learn how newly patented technology automates setting of “packet toll value” controlling distance data may travel across networks. We keep sensitive database information inside the data center so hackers can’t get a login prompt – even when firewalls fail.

  • Imperva
    Booth: 510

    Imperva is a leading provider of data and application security solutions that protect business-critical information in the cloud and on-premises. Cybercriminals constantly change their tactics. But what they are after, and how they ultimately make money, doesn’t change. They are after data. They make their money through extortion, via DDoS and ransomware, and through theft via data breaches. Today, data and applications are the fundamental assets of any enterprise. Data are the intellectual property and apps are what run the business. Imperva has a singular purpose: protect these critical assets from the ever-changing attacks of the cybercrime industry.

  • InfraGard St. Louis
    Booth: 440

    InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. With thousands of vetted members nationally, InfraGard’s membership includes business executives, entrepreneurs, military and government officials, computer professionals, academia and state and local law enforcement; each dedicated to contributing industry specific insight and advancing national security.

  • ISACA St. Louis
    Booth: 160

    As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

    Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the region.

    Meetings are generally held the 3rd Wednesday of the month between September and May.

  • ISC2 St. Louis Chapter
    Booth: 720

    As a regional chapter of ISC2, located in St. Louis and serving the St. Louis Metro area, the mission of the St. Louis Region/Scott AFB ISC2 Chapter is to provide members and other security professionals with the opportunity to share knowledge, grow professionally, raise security awareness and advance information security in local communities around the world.

  • Ixia, a Keysight Business
    Booth: 400

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • LogRhythm
    Booth: 150

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • CyberUp
    Booth: 725

    Our mission is to close the cybersecurity skills gap by training the workforce of today and inspiring the workforce of tomorrow.

  • Mimecast
    Booth: 540

    Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.

  • Novacoast
    Booth: 150

    A uniquely positioned IT services and solutions company, Novacoast is less defined by our broad range of expertise and services than by a perspective rooted in our cooperative environment of adaptable problem solving.

    Beyond security specialists, software developers or network engineers, we are guides, allies, and problem solvers.

    From implementation services, license fulfillment and technical training to software development, staffing services and custom or emerging solutions, Novacoast is an experienced and comprehensive IT business resource empowered on every level by our flexible and fearless perspective.

  • Professional Education Technology & Leadership Center
    Booth: 130
  • Reblaze
    Booth: 170

    A comprehensive, cloud-based protective shield for web platforms. Reblaze offers an all-in-one virtual private cloud solution (VPC) that includes DDoS protection, WAF, IPS, bot detection and anti-scraping solutions, and more. Using a unique approach, Reblaze protects its customers’ sites, web apps, and services by monitoring and cleansing incoming traffic before it reaches the protected data centers. Bandwidth and other resources auto-scale as needed. The platform is fully managed, always up-to-date, and provided via a SaaS monthly subscription. Reblaze is available on a try-before-you-buy basis, and can easily work with existing security solutions.

  • Recorded Future
    Booth: 730

    Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.

  • SailPoint
    Booth: 450

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • Splunk
    Booth: 730

    You see servers and devices, apps and logs, traffic and clouds. We see data—everywhere. Splunk® offers the leading platform for Operational Intelligence. It enables the curious to look closely at what others ignore—machine data—and find what others never see: insights that can help make your company more productive, profitable, competitive and secure. What can you do with Splunk?
    Just ask.

  • Saint Louis University Workforce Center
    Booth: 170

    The Workforce Center was established in 2013 to address the skill needs of our modern and fast-paced workplaces. Powered by top-ranked Saint Louis University, the Workforce Center provides premier training solutions to corporations and individuals nationwide. With a mission to fulfill the needs of modern organizations, the Center offers a range of training topics including Cyber SecurityProject ManagementAgileAnalyticsSoftware Engineering and more.

  • Synopsys
    Booth: 710

    Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

  • TechTarget
    Booth: TBD

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Unisys
    Booth: 150

    Unisys is a global information technology company that specializes in providing industry-focused solutions integrated with leading-edge security to clients in diverse markets. Unisys combines experienced security consulting, Stealth micro-segmentation security solutions and efficient managed security services to deliver dramatic improvement in security posture and operational efficiencies.
    Visit http://unisys.com/security for more information.

  • Varonis Systems, Inc.
    Booth: 730

    Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • Wombat Security Technologies
    Booth: 750

    Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS cyber security education solution includes a platform of integrated broad assessments, and a library of simulated attacks and brief interactive training modules, to reduce employee susceptibility to attack, even phishing attacks, over 80%.

  • Zscaler
    Booth: 740

    Zscaler’s Cloud-delivered security solution provides policy-based secure internet access for any employee, on any device, anywhere. Our proxy and scanning scalability ensures ultra-low latency in a 100% SaaS security solution requiring no hardware, software or desktop all while providing complete control over security, policy and DLP.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Col. Cedric Leighton
    CNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC

    Cedric Leighton is a CNN Military Analyst and a retired United States Air Force Colonel. On CNN, he has provided incisive commentaries on the Israel-Hamas War, the War in Ukraine, the U.S. withdrawal from Afghanistan, and numerous other conflicts around the world. His analysis has been seen by millions of viewers around the world and provided much needed context to some of the most pressing national security issues of our time. As a U.S. Air Force officer, Colonel Leighton served at U.S. Special Operations Command, the Joint Staff, and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star. After serving 26 years as a U.S. Air Force Intelligence Officer, Col. Leighton founded a strategic risk consultancy and became the co-founder of CYFORIX, where he advises multinational businesses on developing better cyber strategies designed to reduce risk and unpredictability.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

  • speaker photo
    Randy Raw
    CISO, Veterans United Home Loans

    Randy Raw is Chief Information Security Officer at Veterans United Home Loans in Columbia, Missouri. He has more than 25 years of experience in both public entities and private industry, having built several Information Security programs from the ground up. He is a proponent of risk-based, layered security measures that utilize both preventative and detective approaches to achieve the right solution for the organization. Randy is a CISSP and is active in the Central Missouri InfoSec community. He has spoken at SecureWorld on many technical topics and turns his focus towards helping others move from the technical trenches to a leadership role.

  • speaker photo
    David Hartley
    Principal and Virtual CIO, UHY LLP

    Dave Hartley serves as a ‘Virtual CIO’ and ‘Virtual CISO’ helping clients with technology strategy and projects including strategic roadmap development, third party risk management including SOC reports, cyber risk assessments and cybersecurity programs, and digital transformation including cloud, mobile, etc. Dave joined UHY in 2015 following six years serving as the VP/Chief Information Officer for Arch Coal, the 2nd largest publicly traded coal company in the US, and 20 years of Big 4 consulting and auditing experience. Dave’s experience as a public-company CIO combined with a background as a CPA, CISA and auditor enables him to bring unique insights into today’s technology, cybersecurity and business challenges. He is a frequent speaker at technology and cybersecurity conferences and seminars.

  • speaker photo
    Justin Bauman
    Manager, IBM Cloud - Penetration Testing, IBM

    JJustin is currently a leader in Information Security for IBM Cloud and Watson Platform. With a background in red teaming and blue teaming over the past ten years, multiple degrees in his field, and SIEM and hacking certifications, he has affected positive change in securing some of the largest environments and cloud deployments in the world today.

  • speaker photo
    Col. Cedric Leighton
    CNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC

    Cedric Leighton is a CNN Military Analyst and a retired United States Air Force Colonel. On CNN, he has provided incisive commentaries on the Israel-Hamas War, the War in Ukraine, the U.S. withdrawal from Afghanistan, and numerous other conflicts around the world. His analysis has been seen by millions of viewers around the world and provided much needed context to some of the most pressing national security issues of our time. As a U.S. Air Force officer, Colonel Leighton served at U.S. Special Operations Command, the Joint Staff, and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star. After serving 26 years as a U.S. Air Force Intelligence Officer, Col. Leighton founded a strategic risk consultancy and became the co-founder of CYFORIX, where he advises multinational businesses on developing better cyber strategies designed to reduce risk and unpredictability.

  • speaker photo
    John DiMaria
    STAR Program Director, Cloud Security Alliance

    John DiMaria has 30 years of successful experience in Standards and Management System Development, including Information Systems, Business Continuity, and Quality. John was one of the innovators and co-founders of the CSA STAR program for cloud providers, a contributing author of the American Bar Association’s Cybersecurity Handbook, and a working group member and key contributor to the NIST Cybersecurity Framework. He currently manages all facets of the CSA STAR Program which includes security, privacy, continuous monitoring, and development of new solutions.

  • speaker photo
    Gretel Egan
    Sr. Security Awareness Training Strategist, Proofpoint

    Gretel Egan is a senior security awareness training strategist for Proofpoint, a leading provider of cybersecurity services and solutions. She is a Certified Security Awareness Practitioner (CSAP) and has been working in technical, business, and consumer communications for more than 20 years. Gretel has extensive experience in researching and developing cybersecurity education content for Fortune 1000 companies and was named one of the "10 Security Bloggers to Follow" by IDG Enterprise.

  • speaker photo
    Jeffrey Pricher
    Enterprise Accounts, Security Engineer, Check Point Software

    Jeffrey Pricher has over 17 years of cybersecurity experience working in many different industries, and currently works for Check Point Software. He holds a master’s degree in Network Security, and serves part-time as a lead threat hunter for the Missouri Guard’s Computer Network Defense team, focused on providing security for the state’s critical infrastructure.

  • speaker photo
    Timothy Grace
    Director of Technology Risk Advisory Services, Mueller Prost

    Timothy M. Grace, CIA, CISA, CISM, CRISC, Director of Technology Risk Advisory Services - As the Technology Risk Advisory Services leader for Mueller Prost. Tim brings more than 30 years of business experience delivering solutions that drive business innovation, optimization, and change within world class organizations. He is a leader in the fields of cybersecurity, information technology, internal audit, privacy, compliance, and risk management. Tim has brought best practices to global organizations and helped drive solutions that strengthen and enhance current technology practices. Through innovation and process improvement, Tim has been able to drive change to ensure organizations remain focused on key business issues. His deep information technology background and deep understanding of business processes allowed him to bring technology and business processes together.

  • speaker photo
    Sean Henry
    Director of Sales, Bugcrowd

    Sean Henry has been in the cybersecurity industry since 2007 when he started his career in recruiting. Sean's career path includes being a key member of building out the east coast sales team at Rapid7. He was a Partner and helped launch CyberSN's go to market strategy around the Boston market. Sean has also had key stops at GuidePoint Security, Invincea and now currently is the Director of Sales @ Bugcrowd. Sean's background & experience is geared at getting start up's within the cybersecurity industry off get off the ground faster. Sean has previously presented at various ISSA, ISC2 and ISACA groups on various topics up and down the East Coast.

  • speaker photo
    Michael Roling
    Lead Technical Project Manager, US eDirect

    Michael Roling was the Chief Information Security Officer for the Office of Administration, Information Technology Services Division, for the State of Missouri since 2009. He led the Office of Cyber Security and was responsible for overseeing the information security posture for the State of Missouri.

  • speaker photo
    Theresa Frommel
    Security Analyst, Office of Administration, IT Services Division, State of Missouri

    Theresa Frommel is a network security analyst for the Office of Administration, Information Technology Services Division for the State of Missouri. She is responsible for incident response and coordinating end user awareness for the SOC within the Office of Cyber Security. She has a background in access controls, policy development and end user education. Her prior experience includes working as a security analyst with the Missouri Research and Education Network and information security officer with Missouri’s Office of State Courts Administrator. Theresa has been in the information security field since 2002.

  • speaker photo
    Aaron Schubert
    Security Infrastructure Manager, Office of Cyber Security, State of Missouri

    Aaron Schubert joined the State of Missouri in 2003 after graduating college in 2001 with a degree in Networking Systems Technology. His roles as both a network and Unix/Linux administrator reinforced an interest in the Office of Cyber Security, which he joined in 2009. Aaron is now responsible for the deployment, integration and administration of the various technologies utilized in the Office of Cyber Security's daily operations.

  • speaker photo
    Jeff Stapleton
    VP Security Architect, Wells Fargo

    Jeff Stapleton is a security professional with 30 years’ experience in the financial services industry, focusing on cryptography and key management. He has been an ASC X9 standards participant during his career, developing dozens of informational security standards. Jeff has published a three-book series called Security Without Obscurity, written dozens of articles, and spoken at numerous conferences. He has worked with most of the payment brands and several financial institutions. Jeff is currently a security architect and the cryptography domain lead at Wells Fargo.

  • speaker photo
    Jon Stitzel
    Cybersecurity Risk Management Lead, Ameren

    Jon Stitzel is the Lead Analyst for Cybersecurity Risk Management at Ameren. He is responsible for driving cybersecurity and risk management strategy for business and industrial control system environments, in addition to leading IT and Cybersecurity controls compliance. Jon has over 30 years of experience in the IT industry, including more than 20 years in cybersecurity. He has served as a system administrator, manager, analyst, and consultant in many diverse industries during his cybersecurity career, including energy, manufacturing, financial services, telecommunications, and DOD.

  • speaker photo
    John DiMaria
    STAR Program Director, Cloud Security Alliance

    John DiMaria has 30 years of successful experience in Standards and Management System Development, including Information Systems, Business Continuity, and Quality. John was one of the innovators and co-founders of the CSA STAR program for cloud providers, a contributing author of the American Bar Association’s Cybersecurity Handbook, and a working group member and key contributor to the NIST Cybersecurity Framework. He currently manages all facets of the CSA STAR Program which includes security, privacy, continuous monitoring, and development of new solutions.

  • speaker photo
    Dr. Maurice Dawson Jr.
    Director, Center for Cyber Security and Forensics Education and Assistant Professor, Illinois Institute of Technology

    Maurice Dawson is a faculty member in the School of Applied Technology to serve as Director of Illinois Institute of Technology's Center for Cyber Security and Forensics Education, which is accredited by the National Security Agency. Maurice has earned a Doctor of Computer Science from Colorado Technical University in 2009 and a Ph.D. in Cybersecurity from London Metropolitan University in 2017. Prior to joining Illinois Tech, Maurice served as an Assistant Professor at the University of Missouri - St. Louis. Dawson has received multiple Fulbright Scholar Specialist Grants to Russia and Saudi Arabia for cybersecurity and data analytics. Recognized by the DoDD 8140 as an IA System Architect and Engineer, Manager, and Cybersecurity Service Provider.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

  • speaker photo
    Gary Hopewell
    Computer Scientist, U.S. Department of Justice
  • speaker photo
    James Norberg, Moderator
    VP Segment & Technology Product Security, Humana

    James Norberg was formerly the Information Risk Management Director at Express Scripts and has been in the Technology field since 2002. His areas of responsibility include the Security Operations Center, Incident Response, eDiscovery, and Cyber Threat Intel & Hunting. He earned his undergrad from Drury University and MBA from Texas A&M. Currently James and his family reside in the St. Louis area.

  • speaker photo
    Kevin Hardcastle
    Associate CISO, Washington University in St. Louis

    Kevin Hardcastle, Chief Information Security Officer (CISO) for Washington University in St. Louis, is a member of the CIO Leadership team and serves a key role in University leadership, working closely with senior administration, academic leaders and the campus community. The CISO is responsible for the development and delivery of a holistic information security strategy to optimize the security posture through collaboration with campus-wide resources, facilitate information security governance, advise senior leadership on security direction and direct program functions of risk and incident management, compliance, information security operations, and information security policy development and education.

  • speaker photo
    Lieutenant Colonel Ernest Wong
    Asst. Professor of Systems Engineering, U.S. Military Academy, Research Scientist, Army Cyber Institute

    Ernest Wong is a Research Scientist at the Army Cyber Institute and a United States Military Academy Assistant Professor of Systems Engineering.

  • speaker photo
    Mike Gibbons
    CISO, Edwards Jones
  • speaker photo
    Scott Galt
    Partner, Armstrong Teasdale

    As a member of the firm’s International practice group and a Certified Information Privacy Professional/Europe (CIPP/E), Scott helps clients navigate overseas data protection waters in the wake of the Schrems decision, the advent of the EU General Data Protection Regulation (GDPR), and the ongoing Privacy Shield negotiations. Scott assists clients in developing, implementing, assessing and auditing trade, data privacy, and FCPA compliance programs.

  • speaker photo
    Vinny Troia
    Security Researcher and Pentester, Author "Hunting Cyber Criminals"

    Founder and Principal Security Consultant of Night Lion Security, Vinny Troia brings 20+ years of IT security and development experience. He is also a featured speaker on ABC, CNBC, and Fox News.

    "One afternoon, I drafted an email to the CEO and CISO of a major airline company. The title read – URGENT – Data breach in your network. During our phone conversation later that evening, I proceeded to tell the security admin that I received word from a dark web contact that sensitive data from their network was about to go on sale later that week. Working in tandem with my dark web contacts and the company’s security team, we were able to identify the hacker’s position within their network, turned off their access, and closed the vulnerabilities that allowed them to gain access. This is the kind of thing I do day in and day out, and I love my job." - Vinny Troia

  • speaker photo
    Mike Ehlers
    Global Director, Networking and Communications, VSecure360

    Mike Ehlers is the Director of Network Security & Communications at a global fortune 500 company. He has been in the IT industry for over 25 years, and provides consulting for enterprise corporations on cybersecurity strategies. Mike holds a BS/BA in Management Information Systems, with a Masters Certificate in IT Management.

  • speaker photo
    A. N. Ananth
    CEO, EventTracker

    As the co-founder and CEO of EventTracker, Ananth was one of the architects of the EventTracker SIEM solution. With an extensive background in product development and operations for telecom network management, he has consulted for many companies on their compliance strategy, audit policy and automated reporting processes.

  • speaker photo
    Chris Fawcett
    Senior Bank Technical Analyst, State Farm Bank
  • speaker photo
    Matt Loeb
    CEO, ISACA

    Matt Loeb, CGEIT, FASAE, CAE, is chief executive officer of ISACA. Prior to joining ISACA, he completed a 20-year career as staff executive for the Institute of Electrical and Electronics Engineers (IEEE) and as the executive director of the IEEE Foundation. His experience includes enterprise strategy, corporate development, global business operations, governance, publishing, sales, marketing, product development and acquisitions functions in a variety of for-profit and nonprofit organizations. He is a member of CESSE and NACD, and a senior member of IEEE. Additionally, he is an ASAE Fellow and serves on ASAE’s board of directors.

  • speaker photo
    William Sawyer
    Manager, CyberSecurity and Privacy, PwC

    Bill Sawyer is a Manager in PwC's Advisory Services. As a member of PwC’s Security Architecture Center of Excellence, he is responsible for developing and delivering PwC’s Security Architecture security offerings. Across his 17 year career, Bill’s experience in both consulting and industry includes application security, security architecture and assessments, identity and access management, IT operations, platform and network engineering and architecture, mergers and acquisitions, email and directory services consolidations, and data center consolidations. Prior to joining PwC, Bill led the Identity and Access Management service line for a Microsoft-centric consulting firm.

  • speaker photo
    Austin Winkleman
    Local Information Security Officer, Ascension Health

    Austin is currently the Information Security Manager for Ascension Health’s system office and five other service locations. He has worked over 30 years in IT, with over 20 years in non-profit educational and healthcare organizations.

  • speaker photo
    Christine Figge
    Manager, RubinBrown LLP

    Christine has over 10 years of public accounting and consulting experience analyzing financial information and internal controls for companies. She manages SOC engagements for companies across a variety of industries. Her knowledge spans industries and includes working with companies directly as well as with third party service providers.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes