Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Tuesday, September 18, 2018
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Topic: Threat and Vulnerability Management in a Real-Time World
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: 100
    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 242

    The University of Massachusetts has developed a 4.5 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor – Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    8:00 am
    SecureWorld PLUS Part 1 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 232

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    8:30 am
    The DNC Hack: A 100% Politics-Free Deep Dive Into What Happened
    • session level icon
    speaker photo
    Founder and Principal Consultant, Portunus Consulting
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 230
    Drawing from up-to-the-minute reports, this presentation will bring together all the publicly available information to paint a complete picture of how threat actors gained access to the email system of the Democratic National Committee, exfiltrated the content, and released it. The presentation will filter out all the political noise and focus solely on the relevance of the attack to the practice of information security.

     

    8:30 am
    When Forces Collide: The Intersection of Privacy and Cybersecurity in 2018
    • session level icon
    speaker photo
    Principal and Virtual CIO, UHY LLP
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 240

    2018 is shaping up to be a critical year for cybersecurity and privacy in the United States. And cybersecurity professionals need to understand the impact privacy will have on them in 2019 and beyond. In this session we will analyze the forces causing cybersecurity and privacy to collide. Specifically, the European Union’s (EU’s) General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are forcing US companies to rapidly adopt privacy leading practices. And Facebook’s Cambridge Analytica scandal is likely accelerating the arrival of privacy regulations from the US government. Don’t miss this thought provoking session to understand the privacy implications on your cyber future and how to proactively adapt.

    8:30 am
    Foraging for Risk: Corporate Threat Hunting at Scale
    • session level icon
    speaker photo
    Security Director, Express Scripts
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: 241

    What is Threat Hunting and how does it scale in a corporate environment? This presentation will dive into the latest buzz phrase “Threat Hunting” to discuss what it is, core program components, and measuring maturity. We will discuss our Threat Hunting program’s strategic journey and what’s ahead.

    8:30 am
    Hacking Back: What Are the Legalities and Implications?
    • session level icon
    speaker photo
    President, David Strom Inc. 
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: 231

    Numerous governments are now considering introducing legislation to make hacking back more legal, to open up a new collection of tools for defenders. The issue is in attributing an attack to the right source, understanding the attacker’s intent, and developing the right red team skills.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: The Evolving Role of CISOs and Their Importance to the Business
    • session level icon
    speaker photo
    Chairman and Founder, Ponemon Institute
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    What is a CISO and what do they do? As the leader of cyber defense for an organization, the CISO is rapidly becoming indispensable for an organization’s survival. This presentation is based on interviews with senior level IT professionals at 184 companies in seven countries. The goal of the research is to better understand how CISOs work, what their concerns are, and how they are improving their effectiveness in managing risks to the enterprise.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Round Table: (VIP / Invite Only)
    • session level icon
    Topic: Security Policy Creation and Implementation
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 100
    11:15 am
    Are You Spending Your InfoSec Dollars in the Right Place?
    • session level icon
    speaker photo
    VP of Information Security, Veterans United Home Loans
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 241

    Are you allocating your Infosec budget properly? This presentation will discuss how to evaluate whether you are increasing your security posture with your spending.

    11:15 am
    Radware: Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Systems Engineer, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 231

    Throughout 2017 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    11:15 am
    (ISC)2 Chapter Meeting and Guest Presentation (Open to all Attendees)
    • session level icon
    Topic: Separating the Truth from the Myths in Cybersecurity
    speaker photo
    Chairman and Founder, Ponemon Institute
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 230

    Ponemon Institute conducted the study on Separating the Truths from the Myths in Cybersecurity to better understand the security myths that can be barriers to a more effective IT security function and to determine the truths that should be consideredimportant for the overall security posture. In the context of this survey, cybersecurity truths are based on the actual experience of participants in this research. In contrast, cybersecurity myths are based on their perceptions, beliefs and gut feel.

    11:15 am
    Comodo — Re-Think Cyber: AI and the Human Touch Safeguarding Against Known and Unknown Threats
    • session level icon
    speaker photo
    Global Channel Field Engineer, Comodo Cybersecurity
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 240

    Today’s cybersecurity threat level remains at its highest in history: malware runs rampant, and organizations large and small are besieged by phishing, breaches, take-downs, and DDoS attacks. In this environment, cybersecurity presents the greatest challenges to IT organizations.

    Join Comodo Cybersecurity experts and see how their patented auto-containment technology works defending against known and unknown malware signatures. In conjunction, they will talk to and demonstrate the visibility they have throughout their global customer footprint of nearly 89 million endpoint users. To conclude, Comodo will give a brief overview of its budding partner program and how they’re growing the Comodo Cybersecurity ecosystem.

    12:00 pm
    Advisory Council LUNCH Round Table - (VIP / Invite Only)
    • session level icon
    Topic: Security Awareness Training- Change Behavior, Reduce Risk
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 100
    12:15 pm
    LUNCH KEYNOTE: Trend Micro - From Bounties to Bureaucracy: The Hidden Market Factors of Exploit Economics
    • session level icon
    speaker photo
    Director, Vulnerability Research, Trend Micro
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    Even if you don’t participate in a bug bounty program, they impact you and the systems you defend. Bounty programs impact the exploit marketplace while disrupting exploit efforts of advanced threats. These programs have tracked the rise and fall of bug classes over the years, and they’ve tracked the rise and impact of government regulations in different regions of the globe. Join Zero Day Initiative Director Brian Gorenc as he covers the vulnerability economy and the role bug bounties play in shaping the exploit marketplace. Finally, he’ll show how effectively run programs have disrupted exploit usage in the wild.
    1:15 pm
    Panel: What Will They Think of Next? (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    It would seem the more we “build a better mousetrap” the better the threats become. Will machine learning and AI be used against us in the future? Will these and other innovations be hacked and used for gain? Will the Crime as a Business platform take off where business competitors are utilizing these attacks for the upper hand? Perhaps the cars that are being hacked will evolve into driverless vehicles that are hacking companies from inside there own parking lots. What about drones? So many questions, let’s see what our experts say on this panel.

    PANELISTS:
    Kristi Thiele, IXIA
    Bryan Lares, Sparkcognition
    TJ Adamowicz, Mimecast
    Brian Gorenc, Trend Micro
    Mike Kiser, SailPoint
    Moderator: Jon Stitzel, Lead Analyst, Ameren

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Evolution of Privacy Requirements: A Global Update
    • session level icon
    speaker photo
    Global Product Champion, ISMS, BCM , British Standards Institution
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 240

    Whether you noticed or not, Privacy is very much back on the agenda globally. From the European General Data Protection Regulation (GDPR), to Qatar’s new personal data privacy law, and everything in between, when doing business globally, privacy and a holistic approach to data governance is an increasingly important consideration as there is no privacy without security. During this session, we will take you through the evolution of privacy, the major changes around the world, and delve in to GDPR and how it may impact you, and provide some predictions of upcoming trends. Closer to home, we will discuss the current privacy landscape and why Privacy Shield “adequacy” remains the overwhelmingly relevant question, and the impact of what looks like a retraction of agreement by the UK.

    3:00 pm
    Teaching the Human: Security Awareness Program Design and Discussion
    • session level icon
    speaker photo
    National Practice Lead Consultant for Security Awareness and Training, Ernst & Young LLP
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 231

    At any given moment in their work day, a person will make a security decision that will impact your organization.  Have you enabled your workforce with the knowledge to make the right one?  Generational and cultural differences, as well as learning styles, will all impact the design of a security awareness program.  Learn about these factors and how social engineering is the greatest threat your workforce faces in this session.

    3:00 pm
    Simplicity > Complexity
    • session level icon
    speaker photo
    Asst. Director, Cybersecurity & Technology / CISO, Missouri State Highway Patrol
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 230

    This presentation will present the argument that we can’t continue to fight complex problems with complex solutions. Countless case studies prove that we cannot engineer or purchase our way to effective security. Instead, the organizations and countries that adopt a back-to-basics approach to today’s most complex problems will be those most effective in our cyber future.

    3:00 pm
    Re-thinking Our Talent Shortage: Planning for the Future Began Yesterday
    • session level icon
    speaker photo
    Partner, Jobplex
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 241
    All too often, breaches or attacks on organizations are the result of an otherwise trustworthy employee’s negligence. Whether it’s using a company device on a public wifi or ignoring password updates to confidential data, it’s human nature to error. So…how do we mitigate that? Can we pre-screen for that? This expert presentation will discuss little-known tactics deployed to avoid potential hiring risks, while also integrating non-security professionals into a highly secure environment.
    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 242

    The University of Massachusetts has developed a 4.5 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor – Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    3:00 pm
    SecureWorld PLUS Part 2 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 232

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    3:45 pm
    Happy Hour Reception
    • session level icon
    Join us for happy hour and trivia, compliments of Mimecast
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 5:00 pm
    Location / Room: Keynote Theater

    Join your peers for complimentary hors d’oeuvres, beverages, trivia, and conversation following the first day of SecureWorld. This is a great opportunity to network with other security professionals from the area, and to discuss the hot topics from the day. Generous sponsor: Mimecast

  • Wednesday, September 19, 2018
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 242

    The University of Massachusetts has developed a 4.5 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor – Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    8:00 am
    SecureWorld PLUS Part 3 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 232

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    8:30 am
    Complying With the Federal Governments Control of Unclassified Information (CUI) Requirement
    • session level icon
    speaker photo
    Director, Midwest Market Leader, MorganFranklin Consulting, LLC
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 240

    This session will focus on how organizations that do business with the Federal Government comply with the National Institute of Standards and Technology (NIST) 800-171 Guidance, ‘Protecting Controlled Unclassified (CUI) Information in Nonfederal Systems and Organizations’. What does the organizations CISO need to know, and how to implement and comply with the NIST 800-171 guidance. This session will also focus on downstream organizations that may be supplying goods or services to organizations that do business with the Federal Government.

    8:30 am
    How to Succeed with DLP
    • session level icon
    speaker photo
    CSO & Founder, CSO4Less (a cfw1 company)
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 231
    This session will examine the key points when evaluating DLP products. What is a DLP program, prerequisites to a successful DLP program, myths associated with DLP, and the ever-expanding DLP footprint and heuristics (aka Text Clustering, LDI, LDA, Oh My!).
    8:30 am
    Cybersecurity Threat Intelligence and the Dark Web
    • session level icon
    speaker photo
    Director of Cybersecurity, BKD CPAs & Advisors
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 230

    This session will cover current threats and trends in cybersecurity. Discuss options for cyber threat intelligence by understanding the extent of PII, PHI, credit card information, and intellectual property stolen from organizations that are now available through the dark web.

    8:30 am
    InfraGard Chapter Meeting - Open to all Attendees
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Keynote Theater

    Join InfraGard for their chapter meeting and guest presentation. This session is for InfraGard members and all attendees interested in the local association. This is also a great networking opportunity.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Leveraging SDN Technology to Improve Enterprise Security
    • session level icon
    speaker photo
    Vice President, Marketing and Business Development, Pluribus Networks
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    With increasing numbers of high profile breaches, focusing on securing the perimeter is no longer sufficient. New traffic types and the proliferation of diverse end-points along with increased mobility and wireless access fuels a dramatic increase in untrusted traffic entering the network. In addition, the growth of multi-cloud environments and cloud services requiring access to Enterprise resources pose additional challenges. As mixed-use networks continue to grow and Internet of Things (IoT) traffic is introduced to the network, security organizations need a more dynamic approach to secure the increases of unsecure and untrusted traffic.

    Imagine being able to build a simple, automated and secure network overlay that empowers the enterprise with cloud-scale, elasticity and adaptability and enables independence from network operations. This session will discuss the evolution of Software-Defined Networking (SDN) technologies and explore how to leverage a dynamic SDN architecture to enable dynamic traffic segmentation, distributed policy enforcement, shared security services and increased operational intelligence to reduce risk, contain infiltrations and prevent attack proliferation.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Round Table: (VIP / INVITE ONLY)
    • session level icon
    Topic: ROI for Risk Management
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 100
    11:15 am
    How Ready Is Your Cybersecurity Incident Response Team? (Maturity Assessment Techniques)
    • session level icon
    speaker photo
    Sr Manager, Enterprise Holdings Inc.
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 231
    An effective cybersecurity Incident Response Team will be ready when the “Big One” knocks on your SOC’s front door. This presentation will review methods to self-assess your incident response effectiveness, building an attainable maturity plan, the importance of implementing a continuous improvement mindset, and how trending will help focus energy and costs to mature the service where it matters.
    11:15 am
    Penetration Testing: The Good, Bad, and the Ugly of Vendor Management, Reporting, and Risk (or lack thereof)
    • session level icon
    speaker photo
    Manager, IBM Cloud - Penetration Testing, IBM
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 240
    Penetration testing has become a vast sub-industry of the Information Security industry. This presentation will be an overview of true risk in testing reports, separation of vulnerability management and penetration testing, and a deep dive on vendor management and vendor engagement.
    11:15 am
    Trend Micro: Hybrid Cloud Security in the Age of DevOps
    • session level icon
    speaker photo
    Technical Engineer, Trend Micro
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 241
    We live in a new world of automation, where monolithic applications have become microservices, and isolated groups have given way to production-aligned, agile, multi-disciplinary teams. Investments span existing data centers, products, processes, and services, as well as technology innovations that directly face business units and scale seamlessly into the cloud. From physical and virtual servers to VDI, cloud instances, containers, and serverless, there has never been a more challenging environment for security professionals. Learn from the industry leader in hybrid data center security how to integrate protection for any vintage of application seamlessly as code into your deployment pipelines.
    11:15 am
    Establishing Academic Programs and Career Pathways for the Cyber Workforce
    • session level icon
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 230
    As the former CISO for the University of Massachusetts, I have had many opportunities to interact with IT professionals, IT managers, business leaders and other management / operations personnel who would benefit with a baseline knowledge, skills and abilities in the Cybersecurity field. As we continue to move to a more digital / cloud based world, the need for advanced skills in cybersecurity will only increase. This presentation will focus on developing academic curriculum that meets the changing workforce needs as well as establishing career pathways for individuals who are interested in a career in cybersecurity.
    12:00 pm
    Advisory Council LUNCH Round Table - (VIP / Invite Only)
    • session level icon
    Topic: Ransomware - Breaking the Criminal Business Model
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 100
    12:15 pm
    LUNCH KEYNOTE — Going Digital: Building Your Strategic Roadmap for the Next Wave of Digital Transformation
    • session level icon
    speaker photo
    The Bald Futurist, Former Chief Evangelist and Futurist, Intel
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:15 pm
    Location / Room: Keynote Theater

    The next major wave of digital transformation will integrate the physical parts of your business even more intimately with the digital world, using sensors, analytics, artificial intelligence, robotics, augmented reality, 5G networking, and blockchain technology. In this talk, former Intel futurist Steve Brown presents a fast-paced, fun exploration of what it will mean to “go digital” in the next decade, and reviews the business and security strategies we will need to navigate the road ahead.

    Hear from Steve as he gives a preview of what he will cover in his keynote: https://youtu.be/Er1spVCyzS8

     

    1:30 pm
    Panel: Stopping the Attacks (Incident Response)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:30 pm - 2:15 pm
    Location / Room: Keynote Theater

    Security teams are struggling to keep up with the myriad of attack vectors that exist. Future InfoSec professionals will take a more adversarial approach to incident response. Will we have artificial intelligence helping threat hunters squash attacks before they can do any significant damage on the network while alerting the authorities in real time? Can a true partnership form between organizations and law enforcement to share information? Join our experts as they discuss challenges modern security teams face and how we can build a better plan for tomorrow.

    PANELISTS:
    Steve Shalita, Pluribus Networks
    John Fahey, Comodo
    John DiMaria, BSI Group
    Vinny Troia, Night Lion Security
    Moderator: Bob Brown, CISO, Busey

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Building a Secure Foundation out of Other People's Logs
    • session level icon
    speaker photo
    Associate Director, IT Security & Compliance, St. Louis Community College
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 231
    Plan for the future by understanding the present. Your organization’s IT logs are critical at all stages of the cyber security framework. Log data is leveraged both operationally, and to adapt the security program for the future. Getting those logs from your IT peers can be a challenge. Use a combination of strategies to walk a more enlightened path when collecting and storing your organization’s IT logs.
    3:00 pm
    Cybersecurity Collaboration in Critical Infrastructure
    • session level icon
    speaker photo
    Cybersecurity Risk Management Lead, Ameren
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 230
    Information sharing between US government agencies and private sector companies has been acknowledged as one missing element in US efforts to provide greater cybersecurity resilience. With this in mind, on August 1st the Department of Homeland Security announced the latest attempt to foster peer and cross-sector cybersecurity information sharing and collaboration.

    We’ve all seen this before, and although some progress has been made, the communication gap still seems as large as ever. How can cybersecurity professionals within critical infrastructure sectors progress beyond just talking about better communication? This presentation will provide some ideas and potential steps forward toward a more active partnership between public and private sectors, and among critical infrastructure peers.

    3:00 pm
    Machine Learning-Based Software Defined Networking Security: Current and Future Challenges
    • session level icon
    speaker photo
    Cyber Threat Researcher, Federal Reserve Bank of Cleveland
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 240
    Machine Learning (ML) is gaining popularity in the network security domain as many more network-enabled devices get connected, as malicious activities become stealthier, and as new technologies like Software-Defined Networking (SDN) emerge. From the application layer, ML-based security models can automatically defend an SDN network with speed and flexibility. However, nothing is perfect. Through the examination of ML/SDN specific vulnerabilities accompanied by a successful sample attack, several recommendations can be made for both solution designers and potential buyers on how to build or choose a future-proof ML-based SDN security solution.
  • Thursday, September 20, 2018
    9:00 am
    SecureWorld PLUS - How to Build the Future: A Deep Dive into Artificial Intelligence, Blockchain, and Preparing Your Organization for 5-10 Years Ahead
    • session level icon
    9 a.m. - 3 p.m. - Earn 6 additional CPEs after the conference!
    speaker photo
    The Bald Futurist, Former Chief Evangelist and Futurist, Intel
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm
    Location / Room: Washington University - Room 510

    In this workshop, you will learn about two of the most important technologies shaping our future, Artificial Intelligence and Blockchain technology. You will then learn how to use the Futurecasting process to model, plan, and build future experiences, including some that are a built around AI and Blockchain. While it does discuss some technical topics at a high level, this workshop is open and accessible to anyone and everyone. Sign up today to boost your knowledge on both AI and Blockchain, and to learn new techniques that will enable you to imagine, plan and build the future.

    Hear from Steve as he gives a preview of what he will cover in this PLUS course: https://youtu.be/eN-wYrdPyjs

    AGENDA

    8:00-8:15 a.m. Introductions

    8:15-9:45 a.m. Artificial Intelligence: How AI will reshape every business, including yours (1.5 hours)

    Artificial intelligence (AI) is a profoundly important set of technologies that are already shaping the way we live our lives, and the ways that businesses operate. As the second era of computing, AI will have as profound of an effect on business and society as did electrification and traditional digital computers. Over the next decade, AI will transform all our lives and will reshape every industry. AI will power autonomous vehicles, smart robots, drones, virtual assistants, and chatbots. It will manage our smart cities, power sentient factories, and oversee our smart energy grids. AI will turbo-charge medical diagnosis, revolutionize customer service, and aid in the discovery of new materials and new pharmaceuticals. AI will reshape every business process, and could reshape the structure of every team. The HR Director and CIO of every company will need to become best friends as IT and HR co-own a blended human-machine labor force. Every IT person needs to understand the capabilities, limitations, and implications of artificial intelligence, no matter their level of technical acumen. This session explains what Artificial Intelligence is and how it can be used. Attendees will then review the main concepts of AI: artificial neural networks, deep learning, supervised learning, unsupervised learning, reinforcement learning, and generative adversarial networks. Finally, the session will explore how AI may develop in the future, and how it will require a rethinking of every workflow, and every workplace.

    9:45-10:00 a.m. BREAK

    10:00-11:30 a.m. Blockchain beyond crypto-currencies: Your foundation to create new business value (1.5 hours)

    Crypto-currencies like Bitcoin are just one of the many applications that can be built on top of Blockchain technology. Blockchain has rapidly become a valuable platform for new value creation across a wide range of industries. Heavyweights like IBM, Walmart, Accenture, Intel, and Bank of America are all placing big bets in this area. Over the last thirty years, we have moved from the client-server era, through the cloud computing era, and now with Blockchain to the era of distributed applications. Blockchain technology removes the need for central authorities, creates trust in a trestles world, reduces transaction costs, and dramatically improves traceability. In this session, you’ll cover Blockchain basics, understand why Blockchain technology is so disruptive, and learn how distributed applications (dApps) enable a new innovation paradigm that brings with it new funding and collaboration models. You’ll then look at examples of how Blockchain is already being used to solve problems in a wide range of industries, from real-estate to supply chain, and healthcare to energy.  Be sure that you are prepared to take full advantage of the increased levels of trust, privacy, traceability, and data security made possible by Blockchain technology. Every IT person needs to understand the implications of this technology to their business.

    11:30-1:00 p.m. LUNCH

    1:00-4:00 p.m. Futurecasting Workshop (3 hours)

    In this workshop, you’ll learn all the main steps of the Futurecasting process, a proven foresights process developed by futurist, Brian David Johnson. You will then practice each of these major steps—trend synthesis, personas, rapid futurecasting, science fiction prototyping, and backcasting—and start to develop some plans for the future. Some of these plans will build upon what you learned during the two morning sessions focused on AI and Blockchain. In addition to using Rapid Futurecasting to design simple experiences that you may wish to create, you will also consider the investments, partnerships, R&D effort, and talent plans you might need to succeed. “The best way to predict the future is to design it”. So said engineer, inventor, and futurist Buckminster Fuller. Similar statements have been credited to Alan Kay, Peter Drucker, and even Abraham Lincoln. The bottom line is that in order to seize a leadership position in any market, a company needs to take an active role in defining the future that they want to build, and then develop a comprehensive plan to build that imagined future. Attend this workshop to learn how to deploy the Futurecasting process at your company, or perhaps in your own life, as a way to help you model, plan, and then build the future that you want.

    4:00 p.m. CLOSE

Exhibitors
  • CA Technologies
    Booth: 620

    CA Technologies helps customers succeed in a future where every business— from apparel to energy— is being rewritten by software. With CA software at the center of their IT strategy, organizations can leverage the technology that changes the way we live— from the data center to the mobile device.

    Our business management software and solutions help our customers thrive in the new application economy by delivering the means to deploy, monitor and secure their applications and infrastructure. Our goal is to help organizations develop applications and experiences that excite and engage and, in turn, open up money-making opportunities for their businesses.

  • Comodo Cybersecurity
    Booth: 450

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • ConvergeOne
    Booth: 410

    ConvergeOne is a leading IT services provider of collaboration and technology solutions for large and medium enterprises. We’ve spent decades building upon our technology offerings which span the core technology markets- customer experience, cybersecurity, data center, enterprise networking, and unified communications. We deliver these solutions across a number of delivery models including on-premise, and in private, hybrid, and public clouds as well as the proprietary ConvergeOne Cloud, regardless of our customers existing infrastructure.

  • CrowdStrike
    Booth: 620

    CrowdStrike is the leader in cloud-delivered endpoint protection. Leveraging artificial intelligence (AI), the CrowdStrike Falcon® platform offers instant visibility and protection across the enterprise and prevents attacks on endpoints on or off the network. CrowdStrike Falcon deploys in minutes to deliver actionable intelligence and real-time protection from Day One. It seamlessly unifies next-generation AV with best-in-class endpoint detection and response, backed by 24/7 managed hunting. Its cloud infrastructure and single-agent architecture take away complexity and add scalability, manageability, and speed.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • ECTF
    Booth:

    As a result of the amalgamation of advanced technology and the Internet, both the quantity and sophistication of cybercrimes targeting U.S. financial institutions and critical infrastructure have increased. Today, criminal trends show an increased use of phishing emails, account takeovers, malicious software, hacking attacks and network intrusions resulting in significant data breaches. To protect the nation’s financial infrastructure from cyber and financial criminals, the Secret Service has adopted a multipronged approach.

  • Express Scrips
    Booth: CyberLounge (160)

    Headquartered in St. Louis, Express Scripts is a healthcare technology company providing integrated pharmacy benefit management services. We put medicine within reach of eighty-three million people by aligning with plan sponsors, taking bold action and delivering patient-centered care to make better health more affordable and accessible. It’s more than what you think. As an organization that deals with highly sensitive patient information, we are committed to protecting the clients, patients, and companies we serve from security breaches and cyber-attacks. Our cyber defenders are challenged and trusted with maintaining our secure infrastructure day in and day out, while leveraging internal and external threat intelligence to continuously improve our security posture.

  • GuidePoint Security LLC
    Booth: 620

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

  • IBM Resilient
    Booth: 110

    IBM Resilient’s mission is to help organizations thrive in the face of any cyberattack or business crisis. The industry’s leading Incident Response Platform (IRP) empowers security teams to analyze, respond to, and mitigate incidents faster, more intelligently, and more efficiently. The Resilient IRP is the industry’s only complete IR orchestration and automation platform, enabling teams to integrate and align people, processes, and technologies into a single incident response hub. With Resilient, security teams can have best-in-class response capabilities. IBM Resilient has more than 150 global customers, including 50 of the Fortune 500, and hundreds of partners globally. Learn more at www.resilientsystems.com.

  • InfraGard St. Louis
    Booth:

    InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. With thousands of vetted members nationally, InfraGard’s membership includes business executives, entrepreneurs, military and government officials, computer professionals, academia and state and local law enforcement; each dedicated to contributing industry specific insight and advancing national security.

  • ISACA St. Louis
    Booth:

    As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

    Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the region.

    Meetings are generally held the 3rd Wednesday of the month between September and May.

  • (ISC)2 St. Louis Chapter
    Booth:

    As a regional chapter of (ISC)2, located in St. Louis and serving the St. Louis Metro area, the mission of the St. Louis Region/Scott AFB (ISC)2 Chapter is to provide members and other security professionals with the opportunity to share knowledge, grow professionally, raise security awareness and advance information security in local communities around the world.

  • Ixia, a Keysight Business
    Booth: 150

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Midwest Cyber Center
    Booth:

    The Midwest Cyber Center (MC²) was created in response to a comprehensive needs analysis study. Findings in the report suggested a need to increase the supply of cyber security professionals to meet the current and future demand of employers in the Midwest region. MC² has quickly established itself as a backbone organization grounded in Midwestern values that will lead the region to become a cyber ecosystem other communities will follow.

  • Mimecast
    Booth: 440

    Mimecast Is Making Email Safer For Business.
    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service.
    Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • NETSCOUT Arbor
    Booth: 120

    For 15 years, the world’s leading network operators across ISP, cloud and enterprise markets have relied on NETSCOUT Arbor for traffic visibility, advanced threat detection and DDoS mitigation. Through a combination of market-leading technology, elite security research, intuitive workflows and powerful data visualizations, NETSCOUT Arbor allows you to efficiently connect the dots to understand attack activity and to take action with confidence. See the threat, understand the risk and protect your business with NETSCOUT Arbor.

  • Pluribus Networks
    Booth: 650

    Pluribus Networks delivers a programmable software-defined security fabric with a distributed architecture to integrate and orchestrate multiple security functionalities for internal security protections. The Fabric enables establishing a transparent and secure control layer to segment and control all traffic across the enterprise independent of the underlying physical network infrastructure. The Fabric enables network virtualization and segmentation with adaptive security policies, enables security service insertion and provides real-time visibility to identify emerging threats and speed cyber incident response.

  • Professional Education Technology & Leadership Center
    Booth:
  • Radware
    Booth: 300

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • SailPoint
    Booth: 130

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • SparkCognition
    Booth: 310

    SparkCognition is a global leader in cognitive computing analytics. A highly awarded company recognized for cutting-edge technology, SparkCognition is successfully deploying a cognitive, data-driven analytics platform for clouds, devices, and the Internet of Things industrial and security markets by applying patented algorithms that deliver out-of-band, symptom-sensitive analytics, insights, and security. For more information on the company, its technology and team, please visit http://www.sparkcognition.com.

  • Splunk
    Booth: 620

    You see servers and devices, apps and logs, traffic and clouds. We see data—everywhere. Splunk® offers the leading platform for Operational Intelligence. It enables the curious to look closely at what others ignore—machine data—and find what others never see: insights that can help make your company more productive, profitable, competitive and secure. What can you do with Splunk?
    Just ask.

  • St. Louis University (SLU)
    Booth: 400
  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tenable
    Booth: 620

    Tenable™, Inc. is the Cyber Exposure company. Over 24,000 organizations of all sizes around the globe rely on Tenable to manage and measure their modern attack surface to accurately understand and reduce cyber risk. As the creator of Nessus®, Tenable built its platform from the ground up to deeply understand assets, networks and vulnerabilities, extending this knowledge and expertise into Tenable.io™ to deliver the world’s first platform to provide live visibility into any asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, large government agencies and mid-sized organizations across the private and public sectors. Learn more at tenable.com.

  • Trend Micro
    Booth: 430

    As a global leader in cloud security, Trend Micro develops Internet content security and threat management solutions that make the world safe for businesses and consumers to exchange digital information. With more than 20 years of experience, we’re recognized as the market leader in server security for delivering top-ranked client, server, and cloud-based security solutions that stop threats faster and protect data in physical, virtualized, and cloud environments.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Kurt Aubuchon
    Founder and Principal Consultant, Portunus Consulting

    Kurt is a computer forensics and incident response consultant and an Assistant Professor of Cybersecurity at Maryville University. He has been in the IT field for nearly 20 years, with the last 11 focused on information security.

  • speaker photo
    David Hartley
    Principal and Virtual CIO, UHY LLP

    Dave Hartley serves as a ‘Virtual CIO’ and ‘Virtual CISO’ helping clients with technology strategy and projects including strategic roadmap development, third party risk management including SOC reports, cyber risk assessments and cybersecurity programs, and digital transformation including cloud, mobile, etc. Dave joined UHY in 2015 following six years serving as the VP/Chief Information Officer for Arch Coal, the 2nd largest publicly traded coal company in the US, and 20 years of Big 4 consulting and auditing experience. Dave’s experience as a public-company CIO combined with a background as a CPA, CISA and auditor enables him to bring unique insights into today’s technology, cybersecurity and business challenges. He is a frequent speaker at technology and cybersecurity conferences and seminars.

  • speaker photo
    James Norberg
    Security Director, Express Scripts

    James Norberg is an Information Risk Management Director at Express Scripts and has been in the Technology field since 2002. His areas of responsibility include the Security Operations Center, Incident Response, eDiscovery, and Cyber Threat Intel & Hunting. He earned his undergrad from Drury University and MBA from Texas A&M. Currently James and his family reside in the St. Louis area.

  • speaker photo
    David Strom
    President, David Strom Inc. 

    David Strom is one of the leading experts on network and Internet technologies and has written and spoken extensively on topics such as VOIP, convergence, email, cloud computing, network management, Internet applications, wireless and Web services for more than 30 years. He was the founding editor-in-chief of Network Computing magazine, and writes for Network World, SearchSecurity.com, SecurityIntelligence.com and curates Inside Security email newsletter. 

  • speaker photo
    Larry Ponemon
    Chairman and Founder, Ponemon Institute

    Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research “think tank” dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management or RIM framework.

    Ponemon Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University’s CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Corporation.

    Dr. Ponemon consults with leading multinational organizations on global privacy management programs. He has extensive knowledge of regulatory frameworks for managing privacy and data security including financial services, health care, pharmaceutical, telecom and Internet. Dr. Ponemon was appointed to the Advisory Committee for Online Access & Security for the United States Federal Trade Commission. He was appointed by the White House to the Data Privacy and Integrity Advisory Committee for the Department of Homeland Security. Dr. Ponemon was also an appointed to two California State task forces on privacy and data security laws.

    Dr. Ponemon earned his Ph.D. at Union College in Schenectady, New York. He has a Master’s degree from Harvard University, Cambridge, Massachusetts, and attended the doctoral program in system sciences at Carnegie Mellon University, Pittsburgh, Pennsylvania. Dr. Ponemon earned his Bachelors with Highest Distinction from the University of Arizona, Tucson, Arizona. He is a Certified Public Accountant and a Certified Information Privacy Professional.

  • speaker photo
    Randy Raw
    VP of Information Security, Veterans United Home Loans

    Randy Raw is Director of Information Security, serving as the Information Security Officer at Veterans United Home Loans in Columbia, Missouri. He has 25 years of experience in both public entities and private industry, having built three Information Security programs from the ground up. He is a proponent of risk-based, layered security measures that utilize both preventative and detective approaches to achieve the right solution for the organization. Randy is a CISSP and is active in the Central Missouri InfoSec community and the Central Missouri InfraGard chapter.

  • speaker photo
    Joe Olerich
    Systems Engineer, Radware

    Joe Olerich is a Systems Engineer for Radware. He works on the front lines designing cutting-edge security solutions to aid organizations in defending against the growing threat landscape. Over his 15 years of experience, Joe has engaged in a variety of roles, from designing networks and managing infrastructure, to running network and application security for a healthcare SaaS organization. He has a degree in Management Information Systems from Kansas State University, and can be found cheering loudly during any Wildcat sporting event.

  • speaker photo
    Larry Ponemon
    Chairman and Founder, Ponemon Institute

    Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research “think tank” dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management or RIM framework.

    Ponemon Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University’s CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Corporation.

    Dr. Ponemon consults with leading multinational organizations on global privacy management programs. He has extensive knowledge of regulatory frameworks for managing privacy and data security including financial services, health care, pharmaceutical, telecom and Internet. Dr. Ponemon was appointed to the Advisory Committee for Online Access & Security for the United States Federal Trade Commission. He was appointed by the White House to the Data Privacy and Integrity Advisory Committee for the Department of Homeland Security. Dr. Ponemon was also an appointed to two California State task forces on privacy and data security laws.

    Dr. Ponemon earned his Ph.D. at Union College in Schenectady, New York. He has a Master’s degree from Harvard University, Cambridge, Massachusetts, and attended the doctoral program in system sciences at Carnegie Mellon University, Pittsburgh, Pennsylvania. Dr. Ponemon earned his Bachelors with Highest Distinction from the University of Arizona, Tucson, Arizona. He is a Certified Public Accountant and a Certified Information Privacy Professional.

  • speaker photo
    John Fahey
    Global Channel Field Engineer, Comodo Cybersecurity

    John Fahey is a Channel Field Engineer with Comodo Security Solutions. John has 20 years of various technical consulting roles, with deep and wide expertise across the modern IT infrastructure and security technologies and architectures, primarily serving enterprise clients, while also providing mid-market solutions. John’s previous role was as Sr. Security Architect, enabling customers for Comodo Security software solutions. Today, John still regularly presents, demonstrates, and deploys Comodo software solutions across the enterprise software suite and has turned to focusing on partner enablement for these same security solutions from the endpoint to the LAN, the WAN, and Cloud.

  • speaker photo
    Brian Gorenc
    Director, Vulnerability Research, Trend Micro

    Brian Gorenc is the Director of Vulnerability Research with Trend Micro. In this role, Brian leads the Zero Day Initiative (ZDI) program, which represents the world's largest vendor-agnostic bug bounty program. His focus includes analyzing and performing root-cause analysis on hundreds of zero-day vulnerabilities submitted by ZDI researchers from around the world. The ZDI works to expose and remediate weaknesses in the world's most popular software. Brian is also responsible for organizing and adjudicating the ever-popular Pwn2Own hacking competitions.

    Brian has been with ZDI since 2012, continually working on discovering new vulnerabilities, analyzing attack techniques, and identifying vulnerability trends. His work has led to the discovery and remediation of numerous critical vulnerabilities in Microsoft, Adobe, Oracle, open source, SCADA systems, and embedded devices. He has presented at numerous security conferences, such as Black Hat, DEF CON, Breakpoint, Ruxcon, PacSec, REcon, and RSA. More recently, Brian led the team that was awarded the Microsoft Mitigation Bypass Bounty and Blue Hat Bonus for Defense Bounty, which resulted in $125,000 being donated to STEM programs. During his leadership, the Zero Day Initiative program has coordinated the disclosure of over 3,000 Zero Day vulnerabilities.

  • speaker photo
    John DiMaria
    Global Product Champion, ISMS, BCM , British Standards Institution

    John DiMaria; CSSBB, HISP, MHISP, AMBCI, CERP, is the Global Product Champion for Information Security and Business Continuity for BSI and a Cloud Security Alliance (CSA) Research Fellow. He has 30 years of successful experience in Standards and Management System Development, including Information Systems, ISMS, Business Continuity and Quality Assurance. John was one of the key innovators of CSA STAR Certification for cloud providers, a contributing author of the American Bar Association’s Cybersecurity Handbook, a working group member and key contributor to the NIST Cybersecurity Framework. He currently serves as the CSA GDPR and Cloud Trust Protocol working group Co-Chair.

  • speaker photo
    Alexandra Panaretos
    National Practice Lead Consultant for Security Awareness and Training, Ernst & Young LLP

    Alex is a senior consultant and the National Cyber Practice Lead for Security Awareness and Training for Ernst & Young LLP. She specializes in cybersecurity awareness and education, as well as personal and physical security training and program development, the psychology of social engineering, behavior analytics, and operations security program development. Alex has over 10 years of experience developing and implementing cybersecurity awareness and education strategies in government, military family services, the Department of Defense, and global health and business industries. She is Operations Security Program Manager certified by the Joint Information Operations Warfare Center and the U.S. Army.

  • speaker photo
    Patrick Woods
    Asst. Director, Cybersecurity & Technology / CISO, Missouri State Highway Patrol

    Patrick J. Woods serves as the Chief Information Security Officer for the Missouri State Highway Patrol (MSHP) and the Assistant Director for Cybersecurity & Technology in the Patrol's Criminal Justice Information Services (CJIS) Division. In this capacity, Patrick directs the Patrol's cybersecurity and technology efforts to include network, data center, PC Support as well as the Cybersecurity Operations, Audit and Intelligence units. He currently serves on the FBI's Advisory Policy Board, Security and Access Subcommittee where he leads a task force aimed at addressing issues with law enforcement's use of the cloud. Patrick holds a Bachelor of Science degree in Criminal Justice, a Master of Science Degree in Cybersecurity and is a Doctoral Candidate awaiting publication of his dissertation of the defense of U.S. State and Local Law Enforcement agencies against the negative impacts of hacktivist attacks.

  • speaker photo
    Tighe Burke
    Partner, Jobplex

    Tighe Burke is a Partner and Cybersecurity Practice Lead with Jobplex Inc. in Denver, securing the next-generation of leaders on behalf of technology clients around the globe. Tighe has developed powerful domain expertise executing searches for InfoSec functional roles as well as on behalf of security providers.

    He previously spent 5 years as a search consultant in Silicon Valley, and is regularly sought out by the brightest minds in technology to conduct hard-to-fill positions across the security landscape. Tighe has deep experience working with both early-stage and public companies to identify their current and future security leaders.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Happy Hour
  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Timothy Grace
    Director, Midwest Market Leader, MorganFranklin Consulting, LLC

    Tim Grace has more than 30 years of business experience delivering solutions that drive business innovation and change within world class organizations. As a leader in the fields of information technology, security, privacy, governance, compliance, and risk assessment, Tim has brought best practices to global organizations and helps drive solutions that strengthened and enhanced business practices. Tim’s deep information technology background and understanding of business processes allowed him to bring technology and business processes together. As a former Chief Information Security / Technology Officer, Tim has led and implemented solutions to ensure the secure handling and processing of corporate data.

  • speaker photo
    Christine Wanta
    CSO & Founder, CSO4Less (a cfw1 company)

    Over 35 years of security, technology, and business leadership experience with expertise in delivering complete, effective, and strategic security solutions across a breadth of industries, including those with regulatory requirements as well as Secret/Top Secret environments. Proven expertise in DLP solutions across industries including global deployments and product integrations (300K+ endpoints in multiple geographic regions/200+ policy across multiple detection scope), developed and transitioned teams with vertical and horizontal strategies, developed DLP as a Service programs, compliance and regulatory requirement assurances and deliverables that align metrics to business goals. Actively developed user groups, hack- and install-fests and other technology-based outreach projects. Indecisive between battle royale and last player standing.

  • speaker photo
    Rex Johnson
    Director of Cybersecurity, BKD CPAs & Advisors

    Rex is a strategic and technical leader with more than 25 years of experience in security and privacy, enterprise risk management, security management and operations, IT governance, application development, internal and external audit, regulatory compliance, and controls assurance. He has served as the lead executive with responsibility for planning, budgeting, execution and delivery of cybersecurity assessments, process control assessments, enterprise security roadmaps, incident response, IT governance, IT performance, IT risk assessment, penetration testing and diagnostics. Rex is a retired Army Lieutenant Colonel with the following certifications: CISSP, CISA, CIPT, PCI QSA, and PMP.

  • speaker photo
    Steven Shalita
    Vice President, Marketing and Business Development, Pluribus Networks

    Steven Shalita has 20+ years of technology experience across the Enterprise, Cloud and Service Provider technology segments. He has market and technology expertise spanning across Cybersecurity, network security, forensics, SDN/NFV, and IT infrastructure. He has spent a considerable amount of time in the performance monitoring marker and was a key evangelist for adapting network monitoring technology for security use cases to identify zero-attacks. Steven is currently Vice President at Pluribus Networks and is a frequent featured speaker at leading industry events. He has held senior technology marketing leadership positions at NetScout, Check Point Software Technologies, Alcatel-Lucent, Cisco, and HP Networking.

  • speaker photo
    David J Harrier
    Sr Manager, Enterprise Holdings Inc.

    David has been a cyber security leader for 12+ years at various global Fortune 100 companies with responsibilities ranging from strategic and tactical planning, architecture, engineering, operational support, process improvements, automation to consulting. He enjoys decomposing complex problems into implementable and sustainable solutions.

  • speaker photo
    Justin Bauman
    Manager, IBM Cloud - Penetration Testing, IBM

    JJustin is currently a leader in Information Security for IBM Cloud and Watson Platform. With a background in red teaming and blue teaming over the past ten years, multiple degrees in his field, and SIEM and hacking certifications, he has affected positive change in securing some of the largest environments and cloud deployments in the world today.

  • speaker photo
    Nick Ferrell
    Technical Engineer, Trend Micro

    Nick Ferrell has been helping Trend Micro customers across the world solve security challenges since 2011 as a senior engineer and professional services consultant. A primary focus of this work has been assisting enterprise organizations achieve a unified, automated, and effective set of security controls across diverse cloud and data center environments that mitigates risk, achieves compliance, and removes manual processes. Each year, Nick speaks to audiences at industry events about the latest in hybrid data center security, best practices, and use cases; bringing Trend Micro's wealth of innovation and experience to bear on real-world security problems.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Steve Brown
    The Bald Futurist, Former Chief Evangelist and Futurist, Intel

    Steve Brown is an energetic speaker, author, strategist, and advisor with over 30 years of experience in high tech. Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.

    Steve is passionate about helping people to imagine and build a better future. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better.

    Steve speaks and writes in plain language on how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges. His new book, Hacking Reality, will be published later this year. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets.

  • speaker photo
    Matthew Gioia
    Associate Director, IT Security & Compliance, St. Louis Community College

    Matthew Gioia is Associate Director for IT Security & Compliance at St. Louis Community College where he works with students, faculty, and staff to secure student and employee data. Matthew believes the community is best served with an education partner focused on helping every student establish and work towards achievable goals, and that developing a culture around protecting data and privacy enables this trusted community leader to realize its vision. Matthew has established the information security program at STLCC. He has held his CISSP certification since 2010 and holds a bachelor’s degree in Computer Science from DePaul University.

  • speaker photo
    Jon Stitzel
    Cybersecurity Risk Management Lead, Ameren

    Jon Stitzel is the Lead Analyst for Cybersecurity Risk Management at Ameren. He is responsible for driving cybersecurity and risk management strategy for business and industrial control system environments, in addition to leading IT and Cybersecurity controls compliance. Jon has over 30 years of experience in the IT industry, including more than 20 years in cybersecurity. He has served as a system administrator, manager, analyst, and consultant in many diverse industries during his cybersecurity career, including energy, manufacturing, financial services, telecommunications, and DOD.

  • speaker photo
    Tam Nguyen
    Cyber Threat Researcher, Federal Reserve Bank of Cleveland

    Tam Nguyen is an IEEE peer-reviewed cybersecurity researcher whose recent works include a long-term cyber threat evaluation/prediction strategy for the Federal Reserve Bank of Cleveland, and an accepted research paper on Software Defined Network's security to be presented in Paris, France. Tam's research interests include large-scale cyber threat modeling, cyber behavioral science, and applications of quantum computing in cyber security.

  • speaker photo
    Steve Brown
    The Bald Futurist, Former Chief Evangelist and Futurist, Intel

    Steve Brown is an energetic speaker, author, strategist, and advisor with over 30 years of experience in high tech. Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.

    Steve is passionate about helping people to imagine and build a better future. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better.

    Steve speaks and writes in plain language on how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges. His new book, Hacking Reality, will be published later this year. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store