Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, September 18, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Topic: How Mature is your Cybersecurity Incident Response Plan?
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    8:00 am
    SecureWorld PLUS Part 1 - Cyber Defense Ineffectiveness and What We Can Do About It
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CEO, Alpine Security
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    Alpine Security CEO, Christian Espinosa, a bronze sponsor of SecureWorld Chicago, hosts SecureWorld Plus training session on Cyber Defense Ineffectiveness and What We Can Do About It. Attendees will be exposed to data gathered from real-world penetration tests, audits, and incident responses, bringing attention to the current state of cyber defense. Attendees will become familiar with the top 5 trending cybersecurity misconceptions and learn actionable solutions and tools to approach cyber defense and to create a more secure world. Upon completion of this 6-hour training session, attendees will be eligible to receive 12 CPE’s.

    “Ransomware & cyber extortion are effective because organizations blindly implement controls without a risk-based strategy, have poor cybersecurity awareness, and have difficulty determining the validity of ‘incriminating data’ used for cyber extortion.” -Christian Espinosa

    Throughout this training session, Christian Espinosa will candidly discuss the following key elements:

    • Despite all the Next-Gen tools, latest products, compliance requirements, etc., breaches still happen daily. Why is this, and what can we do about it?
    • Data gathered from real-world penetration tests, audits, and incident responses to focus on the current state of cyber defense.
    • Motivations, breaches, and primary tactics used by attackers.
    • Opportunities and solutions to address common issues such as how more organizations focus on the wrong items, how egos get in the way, how compliance doesn’t really help, how risk is rarely assessed, and how cloud migrations can actually make security worse.

    During this training session, you can expect to participate in group activities and discussions. Be open to new ideas and approaches. We can learn from each other.

    Meet the Trainer:
    Christian Espinosa is Alpine Security’s CEO/Founder and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a US Air Force veteran with a BS in Engineering from the US Air Force Academy and MBA from Webster University. Christian holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.

    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:30 am
    Cybersecurity and Industrial Control Systems
    • session level icon
    speaker photo
    Cybersecurity Compliance Manager / NERC Sr. Consultant, Electric Power Systems
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    This session will cover the special challenges of cybersecurity in Industrial Control Systems (ICS), the lack of available training, and how to find people to fill the void.

    8:30 am
    Engaging the Board on Cybersecurity
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Boards of directors are increasingly interested more than ever in the organization’s cybersecurity posture and strategy. It’s important to engage them early and often with the right level of detail to maintain their confidence. This session will provide practical guidance on approaches that could be used to be successful when communicating with the Board.

    8:30 am
    Data Privacy for Information Security Professionals
    • session level icon
    Changing Our Old Compliance Methods
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am

    Just as we are getting IoT, cloud computing, SOX/HIPAA/FISMA etc. under our belts, Europe changed the rules. The General Data Protection Regulation (GDPR) may just change the way we look at “compliance” once and for all. This isn’t just another regulation. We’re going to need to make a fundamental change in the way we think about data to get past this newest challenge.

    8:30 am
    Third-Party Risk: Creating and Managing a Program that Works!
    • session level icon
    speaker photo
    Managing Director, UHY Advisors
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Every organization is concerned with third-party risk. No one wants to be the next Target breach. This session will examine the components of third-party risk management and give you some leading practices on how to develop a workable and sustainable process.

     

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    [OPENING KEYNOTE] Business Email Compromise: Real World Stories and Practical Defense
    • session level icon
    speaker photo
    Cyber-Enabled Financial Fraud Investigator, U.S. Secret Service / Firebird AST
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    The average loss from a bank robbery is about $3,000. The average loss from a successful Business Email Compromise (BEC) attack is nearly $130,000. That kind of math explains why BEC is rampant, and every type of organization is at risk. During this presentation, hear from the point person on BEC cases investigated by the U.S. Secret Service. He’ll share true crime examples of and practical steps for defense against BEC losses, which now stand at $13.5 billion in the last six years.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council LUNCH RoundTable: (VIP / Invite Only)
    • session level icon
    Topic: Prioritization of Top 20 Critical Security Controls
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 1:00 pm

    This session is for our Advisory Council members only.

    11:15 am
    (ISC)2 Chapter Meeting and Guest Presentation - Open to All Attendees
    • session level icon
    Topic: AI and Machine Learning for Information Security
    speaker photo
    Board Member , FBI St. Louis Citizens Academy Alumni Association (FBISTLCAAA)
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Interested in your local associations? Join (ISC)2 for their chapter meeting and guest presentation. This opportunity is open to all attendees.
    Presentation:
    Self-learning Artificial Intelligence, also known as Machine Learning (ML), is changing the world.  From skillfully optimizing store shelves to deftly influencing us to click on ads, ML is here to help.  35% of Amazon’s revenue is generated by its ML insightfully recommending products to you and me.  Come learn how intelligent machines make decisions, just like you or I do, but only faster and more accurately because it’s really good at math (!).

     

     

    11:15 am
    [Radware] Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Security Evangelist, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    11:15 am
    CISO Ventures Panel: Are Cybersecurity Startups Meeting Expectations of Buyers Taking a Risk on Them?
    • session level icon
    speaker photo
    Founder & Managing Director, Whiteboard Venture Partners
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    The number of cyber startups is growing exponentially, with 4300+ cybersecurity companies worldwide including several private “unicorns”. With so many startups engaged in helping organizations achieve cybersecurity outcomes, how do organizational decisionmakers think about the risks involved in working with them? A panel of CISOs will share their expectations of and experiences with cybersecurity startups, including how they use solutions from startups to meet existing and emerging cybersecurity challenges.

     

    12:15 pm
    [LUNCH KEYNOTE] 7 Ways To Boost InfoSec’s Influence (and Yours) by Communicating Differently
    • session level icon
    speaker photo
    Emmy-Winning Journalist, SecureWorld
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Grow your personal influence, your leadership possibilities and move your InfoSec objectives forward (faster) by thinking differently about how you communicate. Whether your audience is the board, your team, or any part of the business, this session will help you and your communication stand out. Lead by a long-time TV reporter turned cybersecurity journalist who shares a framework for powerful communication you can implement immediately.

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.

    1:15 pm
    Panel: You Got Burned, Now What? (Incident Response)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    We’ve all heard the adage that it’s not if it happens but when you are inevitably breached… Do you have a plan? Even a framework to go off of? What do you include? Who do you include? How often should you be practicing this plan? Join our experts as they discuss incident response plans, who should be involved, best practices, and pitfalls.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Legal Issues in AI, IoT and the Cloud of the Future
    • session level icon
    speaker photo
    Professor, Researcher, Lawyer, Education
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    AI, IoT and the Cloud are no doubt changing the way we live in the future. This presentation discusses current and predicted legal issues in AI, IoT and the Cloud into the future. Legal areas cover privacy and security law, marketing law, and tech law more generally. Trends in how AI, IoT and the Cloud will be used in the future will be married with the potential legal issues that may present themselves in that context. This will permit insight into how the law may evolve in these areas and how we can be ready for our cyber future from this perspective.
    3:00 pm
    Ready Is the New Black: Data Theft, Breach Response, and Liability Updates
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    When it comes to data security, knowing a little goes a long way. Jeff Schultz, Armstrong Teasdale partner and co-chair of the firm’s Data Security and Privacy practice, will cover common and even some unexpected threats, how to prepare for and how to respond following a breach, and potential liability.

    3:00 pm
    Opening the Door to InfoSec
    • session level icon
    speaker photo
    Intelligence Analyst, Express Scripts
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    This presentation is about personal experiences over my year as an intern to an associate cybersecurity intelligence analyst. Going from a dev team, to a red team, and eventually blue team. Highlighting industry struggles as a female (first and only female of each of these teams) trying to get an entry level position and trying to close my own skill gap. Also highlighting personal struggles as well as technical struggles.

    3:00 pm
    Top 10 Activities to Avoid Identity Theft / Financial Fraud
    • session level icon
    speaker photo
    SVP, Information Security, CitiMortgage
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    In the increasingly online world we live in, many people are concerned about having their identity stolen. A few simple precautions can go a long way to avoiding the hassle of identity theft. Join us as we explore ten action steps that we as consumers can take to lower the likelihood and impact of identity theft.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    3:00 pm
    SecureWorld PLUS Part 2 - Cyber Defense Ineffectiveness and What We Can Do About It
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CEO, Alpine Security
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    Alpine Security CEO, Christian Espinosa, a bronze sponsor of SecureWorld Chicago, hosts SecureWorld Plus training session on Cyber Defense Ineffectiveness and What We Can Do About It. Attendees will be exposed to data gathered from real-world penetration tests, audits, and incident responses, bringing attention to the current state of cyber defense. Attendees will become familiar with the top 5 trending cybersecurity misconceptions and learn actionable solutions and tools to approach cyber defense and to create a more secure world. Upon completion of this 6-hour training session, attendees will be eligible to receive 12 CPE’s.

    “Ransomware & cyber extortion are effective because organizations blindly implement controls without a risk-based strategy, have poor cybersecurity awareness, and have difficulty determining the validity of ‘incriminating data’ used for cyber extortion.” -Christian Espinosa

    Throughout this training session, Christian Espinosa will candidly discuss the following key elements:

    • Despite all the Next-Gen tools, latest products, compliance requirements, etc., breaches still happen daily. Why is this, and what can we do about it?
    • Data gathered from real-world penetration tests, audits, and incident responses to focus on the current state of cyber defense.
    • Motivations, breaches, and primary tactics used by attackers.
    • Opportunities and solutions to address common issues such as how more organizations focus on the wrong items, how egos get in the way, how compliance doesn’t really help, how risk is rarely assessed, and how cloud migrations can actually make security worse.

    During this training session, you can expect to participate in group activities and discussions. Be open to new ideas and approaches. We can learn from each other.

    Meet the Trainer:
    Christian Espinosa is Alpine Security’s CEO/Founder and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a US Air Force veteran with a BS in Engineering from the US Air Force Academy and MBA from Webster University. Christian holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
  • Thursday, September 19, 2018
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 - Cyber Defense Ineffectiveness and What We Can Do About It
    • session level icon
    speaker photo
    CEO, Alpine Security
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    Alpine Security CEO, Christian Espinosa, a bronze sponsor of SecureWorld Chicago, hosts SecureWorld Plus training session on Cyber Defense Ineffectiveness and What We Can Do About It. Attendees will be exposed to data gathered from real-world penetration tests, audits, and incident responses, bringing attention to the current state of cyber defense. Attendees will become familiar with the top 5 trending cybersecurity misconceptions and learn actionable solutions and tools to approach cyber defense and to create a more secure world. Upon completion of this 6-hour training session, attendees will be eligible to receive 12 CPE’s.

    “Ransomware & cyber extortion are effective because organizations blindly implement controls without a risk-based strategy, have poor cybersecurity awareness, and have difficulty determining the validity of ‘incriminating data’ used for cyber extortion.” -Christian Espinosa

    Throughout this training session, Christian Espinosa will candidly discuss the following key elements:

    • Despite all the Next-Gen tools, latest products, compliance requirements, etc., breaches still happen daily. Why is this, and what can we do about it?
    • Data gathered from real-world penetration tests, audits, and incident responses to focus on the current state of cyber defense.
    • Motivations, breaches, and primary tactics used by attackers.
    • Opportunities and solutions to address common issues such as how more organizations focus on the wrong items, how egos get in the way, how compliance doesn’t really help, how risk is rarely assessed, and how cloud migrations can actually make security worse.

    During this training session, you can expect to participate in group activities and discussions. Be open to new ideas and approaches. We can learn from each other.

    Meet the Trainer:
    Christian Espinosa is Alpine Security’s CEO/Founder and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a US Air Force veteran with a BS in Engineering from the US Air Force Academy and MBA from Webster University. Christian holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.

    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:30 am
    InfraGard Chapter Meeting and Guest Presentation - Open to all Attendees
    • session level icon
    Topic: Cybersecurity Careers
    speaker photo
    Vice President, Cybersecurity, Centene Corporation
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am

    Join InfraGard for their chapter meeting and guest presentation. This session is for InfraGard members and all attendees interested in the local association. This is also a great networking opportunity.
    Presentation:
    Everyone has an opinion on what certification is best and what degree is or is not essential in cybersecurity.  Alan will provide insight on cybersecurity roles, the security certifications that matter for many of these roles, what type of training is truly valued by hiring managers and what key skills matter.

     

    8:30 am
    Behavioral Defense Using the MITRE ATT&CK Framework
    • session level icon
    speaker photo
    Sr. Security Incident Response Consultant, Aflac
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Indicators of Compromise (IOC) have been a mainstay of security defense, but companies still get hacked. One of the problems with IOCs is that they are only good for a short space of time. A miscreant can create a new domain, use it for 12 hours and then never use it again. Defenders need to stop thinking of bad domains or bad IP addresses and start focusing on the behavior of the miscreants. Using the MITRE ATT&CK Framework, we will discuss current attack techniques and how defenders can identify gaps in security coverage.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

     

    8:30 am
    The Dark Web, Cyber Crimes, and Cyber Intelligence
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    In this presentation we will learn about trends in cyber fraud tactics and attacks, how dark web markets and forums fuel cyber crime, and how they can be investigated for threat intelligence. In addition, we will learn how cyber criminals utilize digital currencies, and how these transactions can intersect with the formal financial sector. In addition we will discuss cyber awareness and cyber literacy as well as an introduction to Cyber Intelligence.

    8:30 am
    How to Up-Level Your Skills to Enhance Your Career
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Keynote Theater

    Up-Level Your Hard and Soft Skills to Turbo-Charge Your Career

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    [OPENING KEYNOTE] Catching Cyber Criminals
    • session level icon
    Investigative Techniques to Identify Modern Threat Actors and the Clues They Leave Behind During Data Breaches
    speaker photo
    Founder / Security Strategy and Research, Night Lion Security
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    This keynote will provide insight into modern threat groups like The Dark Overlord, MABNA, and Gnostic Players. The discussion will detail the formation of the groups, information on their structure, their core members, the tactics behind their attacks, and why their attacks are so successful.

    As a precursor to my upcoming book, “Hunting Cyber Criminals,” I will convey confidential information I have gathered in my personal dealings with these criminals, and provide an inside look at several of the companies they have breached and the many clues they unknowingly leave behind.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Round Table: (VIP / INVITE ONLY)
    • session level icon
    Topic: Privacy Versus Security (CCPA, GDPR, DevOpsSec)
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    11:15 am
    Deconstructing Chaos: A Look at the Threat Beyond the Computer
    • session level icon
    speaker photo
    Cyber Threat Intelligence Engineer, Pathfinder Intel
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Discussions on cyber threats typically don’t go beyond the computer system. Rarely, is the lone hacker or group and their intent come to light. In their attempt to understand cyber threats, security professionals typically grasp the minimalist understanding of “Bad Guys Do Bad Things.” Information Security Professionals sometimes lock themselves into a reactive state, and patching holes in a wall about to break.

    This is discussion will look beyond the computer threat, at the hacker, and what motivates them and try to create professionals who can see beyond the indicators, vulnerabilities and exploits, and find the proactive thinkers, organizations need.

    11:15 am
    An Introduction to IoT Penetration Testing
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    IoT devices are one of the biggest challenges for security professionals now and will continue to be in the future. The secure engineering and implementation of these devices is critical as more insecure devices come to market. As technology professionals we need to have an idea how these devices effect our organization. In this talk we will explore the basic principles of IoT PenTesting, what is in an effective toolset, reverse engineering, and analyzing popular IoT protocols with software defined radios.

    11:15 am
    Opportunity and Risk: How Open APIs Are Transforming Banking
    • session level icon
    speaker photo
    Sr. National Cybersecurity Specialist, Federal Reserve
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Do you know what an Open API is? The data shows the majority of Americans don’t. Open/ public application programming interfaces (APIs) are the engine that power Open Banking, something that has transformed banking around the world the last couple of years. It is on the radar of banks in the United States and in practice in some. Open APIs enable the exchange of customer data with other parties in a simple and secure way, facilitating rapid innovation in products and services. Countries are creating laws and regulation around this practice. This innovation and opportunity potentially carries security risk.

    11:15 am
    Cloud Security Alliance Chapter Meeting
    • session level icon
    Open to all Attendees
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Interested in local associations? Join Cloud Security Alliance for their chapter meeting, light refreshments and meet & greet.

    12:00 pm
    Advisory Council LUNCH Round Table - (VIP / Invite Only)
    • session level icon
    Topic: Zero Trust, What’s the Big Deal?
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    12:15 pm
    [LUNCH KEYNOTE] How to Manage Your Own Career to Get to the Top
    • session level icon
    speaker photo
    Former CIO, The White House
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:15 pm
    Location / Room: Keynote Theater
    Do you have a plan for your future? Why not? You are the leader of your own destiny! You need to look at where you are, where you want to go, and have a plan to get there. We will talk about how to develop a plan, what to think about, and how to put one foot in front of the other to get to your end goal. We will also talk about how to manage up to your boss to get what you need to help you in your own career. Col. Mark Gelhardt made it to The White House managing his own career, and stood next to the President of the United States. He will tell you how he did it; if he can do it, so can you!

     

    1:30 pm
    Panel: Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:30 pm - 2:15 pm

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.

    1:30 pm
    Panel: The Battle for the Endpoint Continues (Endpoint Security)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:30 pm - 2:15 pm

    What are you doing to keep the network safe for your employees? You’ve got your fancy next-gen firewall and some A/V. Maybe even some biometrics or 2FA thrown in for safekeeping. We also keep hearing the IAM acronym thrown around. And what is Zero Trust? What are you missing? Oh, yeah… remote workers and IoT. Wouldn’t it be cool if you had someone to ask? Now you do. This panel will go through these questions and more. Join the group discussion as we address the challenges in endpoint and network security.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Moving from InfoSec Technician to InfoSec Leadership
    • session level icon
    speaker photo
    VP of Information Security, Veterans United Home Loans
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Are you a technician feeling the call towards leadership? Are you just interested in learning more about leadership? Just being a good tech is no guarantee of being a good leader. There are many things that good leaders need to know that have nothing to do with technical knowledge.

    Come to this session and join in a conversation about the path from the Information Security Technical role to an Information Security Leadership role. Learn the right Knowledge that will be Powerful in helping you become a great Information Security Leader!

    Presentation Level:
    MANAGERIAL (security and business leaders)

    3:00 pm
    Practical Application of the NIST CSF
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    The NIST Cybersecurity Framework is a valuable tool for mapping security posture and maturity in an organization. This presentation strives to take some of the confusion out of how to approach and apply the framework to an organization in an effective manner, including an expanded CSF worksheet template.

    3:00 pm
    Insider Threat Detection and Response
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    From cybercriminal recruiting for insiders on the Dark Web to nation-state operatives, insider threats are an increasing risk facing many firms today.
    We will discuss the latest technologies and techniques that can be used to detect various types of insiders as well as what to do once you actually find them.

Exhibitors
  • Alert Logic
    Booth: 320

    Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.

  • Apricorn
    Booth: 500

    Founded in 1983, Apricorn designs, manufactures, and supports storage innovations with your data’s security as our top priority. Our unique, patented approach is centered on being 100% hardware-encrypted, software-free, and cross-platform compatible. Trusted by numerous state, national, and international governments, as well as small and large corporations alike, Apricorn delivers advanced data security innovations designed to address today’s threats, as well as tomorrow’s.

  • BlackBerry Cylance
    Booth: 330

    BlackBerry Cylance develops artificial intelligence to deliver prevention-first, predictive security products and smart, simple, secure solutions that change how organizations approach endpoint security. BlackBerry Cylance provides full spectrum predictive threat prevention and visibility across the enterprise to combat the most notorious and advanced cybersecurity attacks. With AI-based malware prevention, threat hunting, automated detection and response, and expert security services, BlackBerry Cylance protects the endpoint without increasing staff workload or costs. We call it the Science of Safe. Learn more at www.cylance.com.

  • Burwood Group, Inc.
    Booth: 120

    Burwood Group, Inc. is an IT consulting and integration firm. We help forward-thinking leaders design, use, and manage technology to transform their business and improve outcomes. Our services in consulting, technology, and operations are rooted in business alignment and technical expertise in cloud, automation, security, and collaboration.

  • CISO Ventures
    Booth:

    Whiteboard Venture Partners is building this exclusive community to help cybersecurity startups engage/collaborate with security innovation stakeholders.

  • Cloud Security Alliance (CSA)
    Booth:

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Comodo Cybersecurity
    Booth: 630

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • CyberUp
    Booth:

    Our mission is to close the cybersecurity skills gap by training the workforce of today and inspiring the workforce of tomorrow.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • ECTF
    Booth:

    As a result of the amalgamation of advanced technology and the Internet, both the quantity and sophistication of cybercrimes targeting U.S. financial institutions and critical infrastructure have increased. Today, criminal trends show an increased use of phishing emails, account takeovers, malicious software, hacking attacks and network intrusions resulting in significant data breaches. To protect the nation’s financial infrastructure from cyber and financial criminals, the Secret Service has adopted a multipronged approach.

  • Express Scrips
    Booth: 160

    Headquartered in St. Louis, Express Scripts is a healthcare technology company providing integrated pharmacy benefit management services. We put medicine within reach of eighty-three million people by aligning with plan sponsors, taking bold action and delivering patient-centered care to make better health more affordable and accessible. It’s more than what you think. As an organization that deals with highly sensitive patient information, we are committed to protecting the clients, patients, and companies we serve from security breaches and cyber-attacks. Our cyber defenders are challenged and trusted with maintaining our secure infrastructure day in and day out, while leveraging internal and external threat intelligence to continuously improve our security posture.

  • FBI St. Louis Citizens Academy Alumni Association
    Booth:

    Join the FBI St. Louis Citizens Academy Alumni Association (FBISTLCAAA) membership any time after graduating from the FBI Citizens Academy!  FBISTLCAAA membership provides access to education in the areas of Federal Law Enforcement, to network with others, to participate in fun events, and to promote a safe and informed St. Louis community.
    Each member of the FBI St. Louis Citizens Academy Alumni Association is a graduate of an eight-week FBI Citizens Academy course in which the curriculum focuses on federal law enforcement issues and challenges. The FBISTLCAAA was established in 2006 with a local membership of FBI Citizens Academy Graduates.

  • Gemalto
    Booth: 100

    Today’s enterprises depend on the cloud, data and software to make decisive decisions. That’s why the most respected brands and largest organizations in the world rely on Thales to help them protect their most sensitive information and software wherever it is created, accessed or stored – from the cloud and data centers to devices and across networks. As the global leader in cloud and data protection, our solutions enable organizations to move to the cloud securely, achieve compliance with confidence, and create more value from their software in the devices and services used by millions of consumers every day.

  • InfraGard St. Louis
    Booth:

    InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. With thousands of vetted members nationally, InfraGard’s membership includes business executives, entrepreneurs, military and government officials, computer professionals, academia and state and local law enforcement; each dedicated to contributing industry specific insight and advancing national security.

  • ISACA St. Louis
    Booth:

    As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

    Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the region.

    Meetings are generally held the 3rd Wednesday of the month between September and May.

  • (ISC)2 St. Louis Chapter
    Booth:

    As a regional chapter of (ISC)2, located in St. Louis and serving the St. Louis Metro area, the mission of the St. Louis Region/Scott AFB (ISC)2 Chapter is to provide members and other security professionals with the opportunity to share knowledge, grow professionally, raise security awareness and advance information security in local communities around the world.

  • Ixia, a Keysight Business
    Booth: 340

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Malwarebytes
    Booth: 200

    Malwarebytes provides anti-malware and anti-exploit software designed to protect users against zero-day threats that consistently escape detection by traditional endpoint security solutions. Malwarebytes Anti-Malware earned an “Outstanding” rating by CNET editors, is a PCMag.com Editor’s Choice, and was the only security software to earn a perfect malware remediation score from AV-TEST.org. That’s why large Enterprise businesses worldwide, including Disney, Dole, and Samsung, trust Malwarebytes to protect their mission-critical data. For more information visit www.malwarebytes.com/business

  • Midwest Cybersecurity Alliance
    Booth:

    Let MCSA help you prepare for the inevitable. Join our community to get access to insider best practices and new cutting edge approaches to developing cyber security programs and combating cyber attackers. To learn more about MCSA membership, contact us at info@MidwestCyber.org.

  • Mimecast
    Booth: 440

    Mimecast Is Making Email Safer For Business.

    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service. Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • One Identity
    Booth: 130

    Turn security from the practice of denial and restriction to the utopia of enablement and transformation with the One Identity family of IAM solutions for access management, identity governance, and privileged account management on prem and in the cloud.

  • ProcessUnity
    Booth: 600

    ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources.

  • Professional Education Technology & Leadership Center
    Booth:
  • Radware
    Booth: 310

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • SailPoint
    Booth: 610

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • SecureAuth
    Booth: 420

    SecureAuth enables companies to determine identities with absolute confidence. Whether you’re seeking to continuously secure employee,
    customer or partner access, SecureAuth’s flexible and adaptive platform makes everything fast, frictionless and pain-free. Guaranteed.

  • St. Louis University (SLU)
    Booth: 660
  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Christian Espinosa
    CEO, Alpine Security

    Christian Espinosa is Alpine Security's CEO/Founder and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a US Air Force veteran with a BS in Engineering from the US Air Force Academy and MBA from Webster University. Christian holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Craig Reeds
    Cybersecurity Compliance Manager / NERC Sr. Consultant, Electric Power Systems

    Craig Reeds has been involved with Cybersecurity since before there was a name for it. During his time in the IT field, he has been responsible for Cyber Security, Cyber Vulnerability Assessments, Penetration Testing, Risk Identification and Management, Business Continuity/Disaster Recovery and Change Management. In his role as a NERC Compliance Senior Consultant he helps to protect the North American Power Grid. Craig hold both a CISSP and the CRISC certifications as well as degrees a BS in Information Systems from Maryville and an MBA from Webster University.

  • speaker photo
    David Barton
    Managing Director, UHY Advisors

    David Barton is a Managing Director with UHY Advisors and practice leader of the Internal Audit, Risk, and Compliance practice, which provides consulting and attestation services around information technology controls, cybersecurity, and compliance. He has over 25 years of practical experience in information systems and technology risk and controls. David is frequently asked to speak at national and regional events, such as SecureWorld and the Cloud Security Alliance Congress. He is the primary author of the CSA position paper on AICPA Service Organization Control Reports. He regularly provides his input and opinions for national publications such as Compliance Week, Accounting Today, and the Atlanta Journal Constitution. David holds an MBA and BS in Business Administration from Appalachian State University. He is Certified in Risk and Information Systems Control (CRISC), received the Certified Information Systems Auditor (CISA) designation in 1988, and is a member of the Atlanta chapter of the Cloud Security Alliance.

  • speaker photo
    Stephen Dougherty
    Cyber-Enabled Financial Fraud Investigator, U.S. Secret Service / Firebird AST

    Stephen Dougherty has over a decade of investigative experience. His career as a Financial Fraud Investigator in support of the federal government has played a pivotal role in criminal investigations, surrounding cyber-enabled financial crime, money laundering, human trafficking, identity theft, healthcare fraud, embezzlement, tax/government program fraud, dark web crimes, among others. Stephen’s main area of expertise is combatting money laundering in all its forms. Aside from this, Stephen has been proactive in identifying new and future trends in the world of financial crime. Such trends include the cyber security nexus of financial crimes and its ever-growing relationship in major financial crimes such as Business Email Compromise and the rise of the dark web and the use of virtual currency as a vehicle for facilitation of financial crimes. Stephen has been a leader and a mentor to other investigators teaching them how to uncover fraud internally and externally. Stephen is currently an investigator contracted to the U.S. Secret Service’s Global Investigative Operations Center (GIOC) in Washington D.C.

  • speaker photo
    Gary Chan
    Board Member , FBI St. Louis Citizens Academy Alumni Association (FBISTLCAAA)

    Gary S. Chan is an accomplished security and artificial intelligence expert. He architected anti-fraud systems for state agencies, led the information security teams for a $10B+ company, works as an independent consultant, and is an evaluator and mentor for cybersecurity start-ups. He has multiple security certifications, including a CISSP (information security), ISSMP (information security management), and CFE (fraud examiner), and holds a degree in Electrical Engineering & Computer Science from MIT. He is currently building a self-learning artificial intelligence to address information security challenges.

  • speaker photo
    Ron Winward
    Security Evangelist, Radware

    Ron Winward is a Security Evangelist for Radware, where he helps execute the company’s thought leadership on today’s security threat landscape. Ron brings nearly 20 years of experience in the Internet service provider space, most recently as Director of Network Engineering for a global infrastructure and colocation provider. With an expertise in network architectures and DDoS mitigation, Ron has helped design solutions for carriers, enterprises, and cybersecurity service providers around the world.

  • speaker photo
    Moderator: Abhijit Solanki
    Founder & Managing Director, Whiteboard Venture Partners

    Abhijit Solanki is the founder of Whiteboard Venture Partners, an early stage venture capital firm helping entrepreneurs achieve their whiteboard dreams.

  • speaker photo
    Bruce Sussman
    Emmy-Winning Journalist, SecureWorld

    Bruce Sussman is a life-long storyteller who spent 20 years on TV screens in Portland, Oregon, as a journalist and meteorologist, winning two regional Emmy awards for “Best Weather Anchor.” He still pops up on KATU News occasionally, but he’s more likely to be spotted now on a security podcast, moderating a panel discussion at a SecureWorld InfoSec conference, or leading a session on more powerful communication in a corporate environment. After a brief stint at Gartner working with CISOs, Sussman now leads cybersecurity writing and content for SecureWorld’s media division.

  • speaker photo
    Dr. Raj Sachdev
    Professor, Researcher, Lawyer, Education

    Dr. Raj Sachdev is a professor, researcher, and‎ internationally qualified lawyer (USA and England/Wales). He holds‎ several degrees in business and law and has guest spoken at such institutions as Oxford, Cambridge, Stanford and major industry‎ conferences including having given a Tedx talk. Over the last 15‎ years, he has taught 50‎+ different courses at other institutions including some as a part-time‎ instructor at Stanford. He was formerly a visiting researcher at UC Berkeley.

  • speaker photo
    Alexis Womble
    Intelligence Analyst, Express Scripts

    Alexis Womble is a Cybersecurity Intelligence Analyst at Express Scripts, where she interned for a year in an EOCC automation development role, Attack Simulation role, and an Intelligence role. She is also a recent grad from Missouri Baptist University, where she can still be found backstage assisting in stage management even as an alumnus. Outside of this, she likes to break things, be up to date on all the infosec news and secrets, as well as practice social engineering with anyone who has fun with it.

  • speaker photo
    John Newcomer
    SVP, Information Security, CitiMortgage

    John Newcomer is currently Senior Vice President of Information Security at CitiMortgage, a top-10 national mortgage lender. He has eight years of experience in the information security field, with 17 years prior in IT.

  • speaker photo
    Christian Espinosa
    CEO, Alpine Security

    Christian Espinosa is Alpine Security's CEO/Founder and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a US Air Force veteran with a BS in Engineering from the US Air Force Academy and MBA from Webster University. Christian holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Christian Espinosa
    CEO, Alpine Security

    Christian Espinosa is Alpine Security's CEO/Founder and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a US Air Force veteran with a BS in Engineering from the US Air Force Academy and MBA from Webster University. Christian holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Alan Berry
    Vice President, Cybersecurity, Centene Corporation

    Alan Berry is the Vice President for Cybersecurity at Centene Corporation. He leads the Cyber Incident Response, Security Strategy, and Threat and Vulnerability Management teams, as well as the Business Resilience and Crisis Management teams. Alan brings 30 years of experience in cyber operations, communications, and command and control. Prior to joining Centene in November of 2017, Alan led the Disaster Recovery team at CVS Health, where he proactively restructured the teams and technologies involved with disaster response for the Fortune 7 company. Alan is also an Air Force veteran, serving just shy of 26 years in various positions in cyber and communications. This included the Director of Communications (CIO) for Air Forces Central, Commander of the 624th Operations Center (the AF’s command and control center for their global networks), and the Chief of Staff for Air Forces Cyber at Fort Meade, MD. Additionally, Alan is on the St. Louis InfraGard chapter board and on the Cybersecurity Education Advisory Board at Washington University.

  • speaker photo
    Beth Young
    Sr. Security Incident Response Consultant, Aflac

    Beth Young has 20 years of cyber security experience. She is currently a Senior Security Incident Response Consultant with Aflac. Beth has previously worked for a financial services company and for one of the Information Sharing and Analysis centers. She just completed her Masters in Applied Data Science from Syracuse University. She has previously given talks at Secure World St Louis, EDUCAUSE, BSidesKC and MOREnet security conferences. Beth is the founder of the BSidesSpfd conference.

  • speaker photo
    Vinny Troia
    Founder / Security Strategy and Research, Night Lion Security

    Founder and Principal Security Consultant of Night Lion Security, Vinny Troia brings 20+ years of IT security and development experience. He is also a featured speaker on ABC, CNBC, and Fox News.

  • speaker photo
    Daniel Stiegman
    Cyber Threat Intelligence Engineer, Pathfinder Intel

    Daniel is a 15-year Intelligence Professional, with a career in US Army Intelligence and the National Geospatial Agency. His primary focus has been in Counter-Terrorism, Asymmetrical Warfare, and Intelligence Analysis methodology. Daniel was a national-level instructor in All Source Intelligence Analysis and has written several published white papers on threats and threat methodology. Daniel now works as the Cyber Threat Intelligence Engineer for one of the largest private companies in the U.S. and is the Founder and Intelligence Lead of a non-profit that helps locate missing and exploited children.

  • speaker photo
    Don Peterson
    Sr. National Cybersecurity Specialist, Federal Reserve

    Don Peterson is a Sr. National Cybersecurity Specialist for the Federal Reserve System, based out of the Federal Reserve Bank- St. Louis. He is tasked with overseeing the supervision of the largest and most systemically important financial institutions in the United States with assets of $100B+. His duties also include participating in the development of Federal Reserve and international cybersecurity policy and guidance. He sits on multiple System steering groups involving cybersecurity, technology, and intelligence within the Federal Reserve.

    His past roles in technology and security span several sectors including Technology, Law Enforcement, Medical, and Higher Education. His research has involved Automated Machine Translation (AMT) of Arabic dialects to English and counterintelligence involving extremist groups. He is a member of several industry groups that include InfraGard, ECTF, Cloud Security Alliance, OWASP, and the IEEE. He holds several certifications and a Master’s of Cybersecurity Management (MSCM) from the McKelvey School of Engineering at Washington University in St. Louis.

  • speaker photo
    Mark Gelhardt
    Former CIO, The White House

    Colonel Mark Gelhardt is a retired Army combat veteran. While in the Army, Mark was selected to be the Chief Information Officer for The White House, supporting President Clinton with secure Automation and Telecommunication for over four and half years. Mark has over 40 years of experience in providing executive level management in Information Technology and Cybersecurity fields as a CTO, CSO, CIO, and CISO for several global companies. He is currently the VP of Global Technology Governance for US Bank. Mark is a published author and well-known keynote speaker.

  • speaker photo
    Randy Raw
    VP of Information Security, Veterans United Home Loans

    Randy Raw is Director of Information Security, serving as the Information Security Officer at Veterans United Home Loans in Columbia, Missouri. He has 25 years of experience in both public entities and private industry, having built three Information Security programs from the ground up. He is a proponent of risk-based, layered security measures that utilize both preventative and detective approaches to achieve the right solution for the organization. Randy is a CISSP and is active in the Central Missouri InfoSec community and the Central Missouri InfraGard chapter. He has spoken at SecureWorld on many technical topics and this years turns his focus towards helping others move from the technical trenches to a leadership role.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Don't miss out!

Join us for high-quality, affordable cybersecurity training and networking. Sign up today!