Top 10 Reasons to Attend SecureWorld
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Thursday, October 22, 2020
    8:00 am
    Executive Roundtable [VIP invite only]
    • session level icon
    Discussion topic: Remote Workforce—Lessons Learned
    speaker photo
    Chief Security Officer, Southern Methodist University
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:45 am

    This session is for Advisory Council members only.

    Companies had no real choice as we all moved to the “new normal” and a fledgling at home workforce due to the coronavirus outbreak. If you stop and think about it, it was quite the feat—a massive cloud migration the likes of which had never been seen before. Now that things are somewhat settled into a pattern, what are you discovering that should have been done differently? Realizing that a lot of the same things need to be done? How is the network perimeter now? How many devices are suddenly on your networks? IoT devices from the remote workers piggybacking on the home connections? What are the legal challenges now (think reasonable security)? We’ll take a deep dive into lessons learned with a remote workforce.

    8:30 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:00 am
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:00 am
    [Opening Keynote] Panel: Different Perspectives on Cybersecurity in Oil and Gas
    • session level icon
    speaker photo
    Executive Director, ONG-ISAC
    speaker photo
    Sr. Director, IT Security & Compliance at Enterprise Products, Chairman, ONG-ISAC
    speaker photo
    Information Security Advisor, Devon Energy Corporation
    speaker photo
    Cyber Security Threat Analyst, Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC)
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    9:45 am
    Networking Break
    • session level icon
    Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:00 am
    Location / Room: Exhibitor Floor
    10:00 am
    Hey, Information Security: Be Part of the Digital Transformation or Be Left Behind!
    • session level icon
    speaker photo
    Director, Information Security Education & Consulting, Harvard University
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am
    “Digital transformation” (Dx) as a buzzword may be approaching the end of its life, but the fundamental concept—continuously improving the use of technology and data to provide value to customers—is real and critical to the survival of businesses. If information security teams don’t evolve to deliver the same Dx value and benefits to our organizations, then we risk losing our “customers” to intentional circumvention or preference for shadow IT providers. Make sure your information security team provides the core Dx attributes to your organization to cultivate value, loyalty, and trust.

    Join this session to learn how you can:
    •  Embed security into your culture, technologies and processes
    •  Empower innovation and expedite time-to-market through consistent security risk governance
    •  Assess the impacts, goals and methods of likely cyber attacks and incidents
    •  Align IT and security professionals with business objectives and risk tolerance
    •  Prepare now for effective detection and response to reduce business impacts of incidents

    Presentation level: MANAGERIAL (security and business leaders)

    10:00 am
    Taming the Third-Party Risk Beast
    • session level icon
    speaker photo
    CISO, SecureLink
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    These days, with the number of vendors and other third parties putting their tentacles into your systems and networks, you can feel like you are fighting a multi-headed hydra in trying to limit third-party risk in your IT systems. In this talk, we will discuss the nature of this beast and how to tame it using best practices, technical controls, and good review processes. We will walk through a well-designed vendor management program, including inventorying, risk assessing, on-boarding and off-boarding processes, and audit procedures that will help you tame every hairy, scary vendor on your network so that their weakest links are not yours.

    10:00 am
    A 'ToR' of the Three Ds: Dark Web, Deep Web, Dark Net
    • session level icon
    speaker photo
    Sr. Manager, Information Security, Krispy Kreme
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    This is a first-hand account into the WILD of the internet. We always hear about the “Dark Web” and how various services advertise the use of such a resource, but what does that mean? Better yet, what does it look like? This presentation will demonstrate where “various” types of activity—i.e., personal identifiable information, transaction information, and other related content—reside.

    10:30 am
    Networking Break
    • session level icon
    Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.
    Registration Level:
    • session level iconOpen Sessions
    10:30 am - 10:45 am
    10:45 am
    Inside the Mind of a Threat Actor: Beyond Pentesting
    • session level icon
    speaker photo
    Lead Curriculum Developer, Point3 Federal
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    Red team is a commonly misunderstood offensive security discipline. Red team has been used as a general term for all areas of offensive security, just as blue team for defensive security. True red teaming goes beyond pentesting and into more adversarial emulation. While there are overlapping skills, there are differences that will be discussed as Phillip shares his experience of going from a pentester to a red teamer. In this talk, you will learn about the different areas that make up red team operations, common tools, and the path to becoming a red teamer.

    Attendees will learn the following:

    • What is offensive security
    • Domains of offensive security from pentesting to red teaming
    • Differences between pentesting and red team
    • How the threat actor mindset is important for exposing possible breaches
    • Learning resources and how to become a red teamer
    10:45 am
    The Hero's Journey: How to Tell the Story of Your Risk-Driven Program
    • session level icon
    speaker photo
    Business Information Security Manager, Wood.
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    The Hero’s Journey is the familiar story we all love to hear about the unlikely hero who answers the call to adventure, is victorious in pursuit of a goal, and returns transformed.  This session will take you on a thrilling adventure: your very own hero’s journey to championing your risk-driven program with useful metrics. It doesn’t matter if you’re the grand poobah who sets strategy, the herder of cats who defines tactics, or the technical guru actually fulfilling operations, we are all the heroes of our own stories.  Let useful metrics be your narrator.

    10:45 am
    Who Accessed Your Data in the Cloud? Your Bosses and Auditors Want to Know
    • session level icon
    speaker photo
    Director, Product Management, Imperva
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    Your business is moving data to the cloud without all the security controls mandated for on-prem. After all, the promised economics and business agility are far too attractive for business leaders to ignore. But attackers are after data, auditors demand evidence, and Security is still responsible for protecting data. You need to catch up with that data before attackers and auditors find it, and you need to catch up right now.

    Join Imperva to learn how to reconcile Security’s need for visibility with the business’s need for speed and agility—in minutes.

    This session will include:

    • Learn the fast path to getting control of your data already in the cloud
    • What capabilities you will have to bring to make cloud DBaaS secure and audit-ready
    • How cloud-native data security can be frictionless to the business’s need for speed
    11:15 am
    Networking Break
    • session level icon
    Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 11:30 am
    11:30 am
    The New NIST Phish Scale: Revealing Why End-Users Click
    • session level icon
    speaker photo
    Computer Scientist, Visualization and Usability Group, National Institute of Standards and Technology (NIST)
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:15 pm

    Developed based on over four years of NIST phishing training data, the NIST Phish Scale is a DIY method for rating human phishing detection difficulty—key to understanding variability in phishing click rates. This talk will cover why end-users click, why it’s important to understand phishing detection difficulty, and how to use the NIST Phish Scale. Understanding what emails your end-users are susceptible to will help you better defend against phishing attacks in the wild.

    11:30 am
    Pivoting Your Information Security Program to the New Normal
    • session level icon
    speaker photo
    VP of Information Security, Veterans United Home Loans
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:15 pm

    We are living in different times that demand different ways of thinking. Many existing Information Security tools have lost some visibility and viability. How has your thinking changed about your Information Security program? Maybe more importantly, what are you thinking the future will look like and how are you posturing your next purchase, hire, or action to be prepared for the next pivot? We will talk about some questions you should be asking yourself, your team, your peers, and your executives.

    11:30 am
    The DoD’s Cybersecurity Maturity Model Certification (CMMC) Is Coming – Are You Ready?
    • session level icon
    speaker photo
    Treasurer and Member, Board of Directors, Cybersecurity Maturity Model Certification (CMMC) Accreditation Body
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:15 pm

    Supply chain risks are at the top of everyone’s mind today, and the US Department of Defense (DoD) is no different. That is why the DoD created its Cybersecurity Maturity Model Certification (CMMC). CMMC is a five level, third-party validated maturity certification. CMMC includes both technical and process/procedural requirements. Organizations in the Defense Supply Chain will be required to obtain CMMC certification before contract award. Requests for Proposals (RFPs) containing CMMC requirements are expected in October 2020. This session provides an overview of CMMC and the corresponding industry-led ecosystem that is being created, spearheaded by the CMMC Accreditation Body (CMMC-AB).
    Presentation Level: MANAGERIAL (security and business leaders)

    12:15 pm
    Networking Break
    • session level icon
    Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 12:30 pm
    12:30 pm
    Approaches to Justifying Cybersecurity Projects and Spend
    • session level icon
    speaker photo
    Chief Information Security & Privacy Officer, WorkForce Software
    Registration Level:
    • session level iconOpen Sessions
    12:30 pm - 1:00 pm

    Feel like you’re not getting enough funding for your security projects or program? Learn to stack the deck in your favor by following four basic rules. Lots of examples will be presented!

    12:30 pm
    Blue-Teaming and Incident Response for the "Win"
    • session level icon
    speaker photo
    Information Security Leader, Healthcare Industry
    Registration Level:
    • session level iconOpen Sessions
    12:30 pm - 1:00 pm

    Does your company use Windows or is most of the environment Windows? Come to this session to specifically learn the ins and outs of what are the most critical things needed in order to establish a respectable blueteam program at your organization. Do you know what Windows security event log 4688 mean? What about others? What are the event logs that you should know by hand or have a cheat-sheet for? What are some tools that you should be using and how can you automate them to help detect lateral movement. Also, we will be leveraging opensource tools. No, additional $ is not required. Trying harder, building your technical skills and doing proactive threat hunting will help you and your team. “Don’t worry all of this information will be useful for all no matter what level.” Per time permitting, we might also quickly talk about incident response as well, initially. Also, bring your technical questions too during our Q&A session.
    Presentation Level: TECHNICAL (deeper dive including TTPs)

    12:30 pm
    [Panel] Threat Landscape in Flux: Emerging Threats
    • session level icon
    speaker photo
    Chief Security Officer, IntSights
    speaker photo
    CISO, SecureLink
    speaker photo
    Director of Technology - Office of the CTO, Imperva
    Registration Level:
    • session level iconOpen Sessions
    12:30 pm - 1:00 pm

    The attack surface is shifting, threat actors are adapting, and security teams must also pivot. This panel will take a dive into various attack vectors, security gaps, and emerging threats organizations are now facing.

    1:00 pm
    Networking Break
    Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.
    Registration Level:
    1:00 pm - 1:15 pm
    1:15 pm
    The Changing Legal Enforcement in Cyber and Privacy
    • session level icon
    speaker photo
    Managing Partner, XPAN Law Group, LLC
    speaker photo
    Privacy Litigation Practice Group, Beckage Law
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 1:45 pm

    With the changing legislation, here in the U.S. and globally, there is an increasing emphasis on enforcement of data privacy and cybersecurity, both by regulators and individuals. The ability to bring a private right of action by individuals is a sword that data subjects are using to enforce their rights, both in the U.S. and Europe. This session will provide a detailed update on key enforcement actions, with the courts and by agencies, to ensure that companies understand the challenges and their potential liabilities.

    1:15 pm
    [Panel] Remote Workforce: Lessons Learned
    • session level icon
    speaker photo
    Director of Information Security and Research, Automox
    speaker photo
    Sr. Manager, IT Advisory, DHG
    speaker photo
    Deputy CISO, Fortinet
    speaker photo
    Channel Chief Advisor, NinjaRMM
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 1:45 pm

    Companies had no real choice as we all moved to the “new normal” and a fledgling at home workforce due to the coronavirus outbreak. If you stop and think about it, it was quite the feat—a massive cloud migration the likes of which had never been seen before. Now that things are somewhat settled into a pattern, what are you discovering that should have been done differently? Realizing that a lot of the same things need to be done? How is the network perimeter now? How many devices are suddenly on your networks? IoT devices from the remote workers piggybacking on the home connections? What are the legal challenges now (think reasonable security)? Join us for a panel discussion of security experts.

    1:45 pm
    Networking Break
    • session level icon
    Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.
    Registration Level:
    • session level iconOpen Sessions
    1:45 pm - 2:00 pm
    Location / Room: Exhibitor Floor
    2:00 pm
    [Closing Keynote] Turning the Tables: Putting Threat Intel to Work Against Attackers
    • session level icon
    speaker photo
    Chief Security Officer, IntSights
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:45 pm

    We read about hacks and breaches on a daily basis, but what do we actually know about these cybercrime groups and how they conduct these attacks?

    In this session, we will dive into a few hacking techniques, demonstrate what types of tools hackers are using today, examine the scope of these attacks, and discuss best practices to protect ourselves and our businesses. During the session, we will review security issues with people, process, and technology, see how OSINT (Open Source Intelligence) is leveraged for social engineering attacks, and review some of the latest attacks seen in the wild. We will close by examining how to operationalize threat intelligence using security frameworks such as MITRE ATT&CK framework in conjunction with cyber threat intelligence best practices.

Exhibitors
  • ACFE Houston
    Booth:

    We are the world’s largest anti-fraud organization and premier provider of anti-fraud training and education. The mission of the ACFE Foundation is to increase the body of anti-fraud knowledge by supporting future anti-fraud professionals worldwide through the funding of the Ritchie-Jennings Memorial Scholarship Program. The scholarship program provides an opportunity for men and women of all ages, races, religions and income levels to advance their education. Many of these outstanding and deserving students go on to become Certified Fraud Examiners.

  • ACP
    Booth:

    ACP is the premier organization for business continuity professionals providing a powerful networking and learning environment for ACPits members. Known for its progressive programs, workshops and symposiums, the organization has become a unifying force in defining and leading the continuously evolving fields of business continuity, disaster recovery, and emergency response (the “profession”). The Organization is strategically aligned with business partners such as DRI International, and BC Management, as well as our corporate sponsors. With a strong presence in North America, ACP has 42 chapters and over 2,300 members. We welcome all individuals, regardless of experience or certification, with an interest in the Profession.

    Founded in 1983, we are an established community of industry experts, educators, practitioners, leaders, facilitators and advocates. Our members view us as connectors and as a vital networking source.

  • Automox
    Booth:

    Automox tackles one of today’s biggest cybersecurity challenges: misconfigured and out-of-date systems that can easily be exploited. Legacy tools simply cannot remediate known vulnerabilities as efficiently as modern IT demands. Automox is rewriting those rules with a cloud-native endpoint hardening platform that delivers unprecedented speed, simplicity, and automation—whether it is on-prem, in the cloud, or on the move.

  • Checkmarx
    Booth:

    Checkmarx is the global leader in software security solutions for modern enterprise software development. Checkmarx delivers the industry’s most comprehensive software security platform that unifies with DevOps and provides static and interactive application security testing, SCA and developer AppSec training to reduce and remediate risk from software vulnerabilities. www.checkmarx.com

  • Cloud Security Alliance (CSA)
    Booth:

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Cobalt.io
    Booth:

    Cobalt’s Pentest as a Service (PtaaS) Platform transforms traditional pentesting into a data-driven vulnerability management engine. Fueled by a global talent pool of certified freelancers, our modern pentest platform delivers actionable results that empowers agile teams to pinpoint, track, and remediate vulnerabilities.

  • Corelight
    Booth:

    Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com

  • DHG
    Booth:

    Headquartered in Charlotte, NC, DHG ranks among the top 20 public accounting firms in the nation. With more than 2,000 professionals in 13 states, we combine deep experience with a strong commitment to personal service. We are passionate about helping our clients succeed—and we do so through a resourceful approach to solving problems, providing solutions and helping our clients achieve their goals.

    Dedicated client focus and relationships have been and always will be our touchstone. Here at DHG, you’ll receive personalized service provided by a team of professionals who are eager to share their knowledge and experience with you. We draw on our extensive resources to combine comprehensive assurance, tax and advisory services.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Fortinet
    Booth:

    Fortinet secures the largest enterprise, service provider, and government organizations around the world. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 300,000 customers trust Fortinet to protect their businesses.

  • Intsights
    Booth:

    IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the open, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world.

  • Gigamon
    Booth:

    Gigamon is the first company to deliver unified network visibility and analytics on all information-in-transit, from raw packets to apps, across physical, virtual and cloud infrastructure. We aggregate, transform and analyze network traffic to solve for critical performance and security needs, including rapid threat detection and response, freeing your organization to drive digital innovation. Gigamon has been awarded over 75 technology patents and enjoys industry-leading customer satisfaction with more than 3,000 organizations, including over 80 percent of the Fortune 100. Headquartered in Silicon Valley, Gigamon operates globally. For the full story on how Gigamon can help you to run fast, stay secure and innovate, please visit www.gigamon.com.

  • Global Cyber Alliance
    Booth:

    The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

  • Imperva
    Booth:

    Imperva is a leading provider of data and application security solutions that protect business-critical information in the cloud and on-premises. Cybercriminals constantly change their tactics. But what they are after, and how they ultimately make money, doesn’t change. They are after data. They make their money through extortion, via DDoS and ransomware, and through theft via data breaches. Today, data and applications are the fundamental assets of any enterprise. Data are the intellectual property and apps are what run the business. Imperva has a singular purpose: protect these critical assets from the ever-changing attacks of the cybercrime industry.

  • InfraGard Houston
    Booth:

    The Houston Chapter of InfraGard provides members of the Critical Infrastructure community a means to share information to prevent, protect, and defend against hostile acts against Critical Infrastructure and Key Resources (CIKR). InfraGard is designed to address the need for private and public-sector information-sharing mechanisms at both the national and local levels. It is our goal to improve and extend information sharing between private industry and the government, particularly the FBI, when it comes to critical national infrastructures.

  • InfraGard North Texas
    Booth:

    The primary purpose of the InfraGard North Texas Members Alliance is to assist in increasing the security of the United States national infrastructures through ongoing exchanges of information relevant to infrastructure protection and through education, outreach, and similar efforts. In addition to the benefits offered by the national InfraGard organization, there are several ways our local chapter accomplishes these objectives, including:

    • Local quarterly membership meetings focused on infrastructure protection
    • Sector-specific meetings and information exchanges
    • Partnerships and discounts to training offerings with other organizations such as ISSA and SecureWorld
    • Networking opportunities with peers within and across all sectors
  • ISACA Houston
    Booth:

    Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the area. We conduct chapter meetings the third Thursday of the month that typically includes a morning or afternoon training along with a luncheon meeting/training. We also sponsor SIG group meetings on the same day. Local seminars are held in the spring and fall that include topics of high relevance to our membership community. Certification training is scheduled before each ISACA exam date based on interest level.

  • (ISC)2 Dallas-Fort Worth
    Booth:

    The Dallas-Fort Worth Chapter of (ISC)2 is based in the DFW area and serves the counties of the Dallas-Fort Worth Metroplex. Members include those with security certifications from (ISC)2 as well as other professionals practicing or interested in information, software and communications security. Our mission is to advance information security in the DFW area by providing our members and other security professionals with the opportunity to share knowledge, grow professionally, educate others, and collaborate on projects. Our chapter programs provide members a forum to facilitate the exchange of knowledge and ideas, development of leadership and professional skills, and advancement of information systems security. We also provide our members with access to a variety of industry resources and educational programs to keep them up to date with the latest advances in technology as well as information assurance.

  • ISSA Fort Worth
    Booth:

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. Learn more at the ISSA, International website. The Fort Worth Chapter of ISSA brings all of the benefits of International membership, along with opportunities for experiencing great speakers, local networking, earning CPEs, job prospecting and more.

  • ISSA: North Texas
    Booth:

    The Dallas/Fort Worth area has many large corporations, government organizations, and educational institutions. Our membership comes from the network and information systems professionals of these organizations and institutions, as well as vendors of security products. We seek to provide our members with access to information and resources to assist their employers in securing critical information resources. Our monthly luncheon meetings, conferences, and other resources are available to members and non-members alike to assist in educating security practitioners of all types.

  • ISSA South Texas
    Booth:

    The South Texas Chapter of the Information Systems Security Association (ISSA) is a non-profit organization of information security professionals and practitioners. South Texas ISSA provides education forums, publications and peer interaction opportunities which enhance the knowledge, skill and professional growth of its members. This Chapter is affiliated with the international ISSA organization, conforms to its professional and organizational guidelines, and supports the ISSA Code of Ethics. We encourage our members to pursue and maintain formal security certifications in their chosen fields and offer training opportunities to help members meet requirements for continuing education.

  • NinjaRMM
    Booth:

    NinjaRMM is an all-in-one endpoint management platform that helps IT leaders more efficiently manage a geographically diffuse IT infrastructure by enabling their teams to remotely monitor and manage workstations, laptops, servers, and networks. NinjaRMM increases business efficiency by combining monitoring, alerting, patching, antivirus, backup, and IT automation all within a single pane of glass. NinjaRMM has been named a Leader by G2Crowd and rated the #1 RMM across 8 categories, including ease of use, product direction, quality of support and overall satisfaction.

  • RIMS
    Booth:

    The Dallas Fort Worth RIMS Chapter is among the largest most active chapters in the world, making a global and local difference regarding the importance of Risk Management.

  • SecureLink
    Booth:

    SecureLink is a leader in managing secure third-party access and remote support for both enterprise companies and technology providers. SecureLink serves over 400 customers and 30,000 organizations worldwide. World-class companies across multiple industries including healthcare, financial services, legal, gaming and retail rely on SecureLink’s secure, purpose-built platform.

  • SIM Houston
    Booth:

    Recognizing the unique needs of the industry, SIM collects the intellectual capital of IT leaders nationwide and offers the resources you need to do business better. Membership in the SIM Houston Chapter continues to grow as well as the number of activities both in educational, community, and social programs.

  • Spirion
    Booth:

    Spirion is a leading enterprise data management software solution that provides high-precision searches and automated classification of unstructured and structured data with unparalleled accuracy.  Spirion helps businesses reduce their sensitive data footprint and proactively minimize risks, costs and reputational damage of cyberattacks by discovering, classifying, monitoring and protecting sensitive data.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Women in CyberSecurity (WiCyS)
    Booth:

    Women in CyberSecurity (WiCyS) is the premier nonprofit organization with international reach dedicated to bringing together women in cybersecurity. Founded by Dr. Ambareen Siraj from Tennessee Tech University through a National Science Foundation grant in 2013, WiCyS offers opportunities and resources for its members and collaboration benefits for its sponsors and partners. The organization’s founding partners are Cisco, Facebook and Palo Alto Networks. WiCyS’ strategic partners include Amazon Web Services, Bloomberg, Cisco, Equifax, Facebook, Google, HERE Technologies, IBM, Lockheed Martin, Nike, Optum, Palo Alto Networks, PayPal, SANS Institute, Target, and University of California San Diego. To learn more about WiCyS, visit https://www.wicys.org.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    George Finney
    Chief Security Officer, Southern Methodist University

    George Finney is the Chief Security Officer for Southern Methodist University and the author of “No More Magic Wands: Transformative Cybersecurity Change for Everyone.” He previously worked with several startups and global telecommunications firms designing networks, writing policy, hardening servers, and educating users. George is a member of the Texas CISO Council, an Advisory Council member for SecureWorld, and a board member of the Palo Alto Networks FUEL User Group.

  • speaker photo
    Angela Haun
    Executive Director, ONG-ISAC

    Angela Haun became the Executive Director of the Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC) in September 2018. Ms. Haun joined the ISAC after a 20-year career as a Special Agent with the FBI. She brought extensive experience in cybersecurity and protecting critical assets from her work at the FBI, along with her leadership skills from the Houston InfraGard Chapter, which became the largest in the country while she was the FBI coordinator. Ms. Haun received the award for “InfraGard Coordinator of the Year” from the InfraGard National Members Alliance (INMA) in 2013 and 2016. In September 2018, she received the prestigious “Linda Franklin Award” from the INMA for dedicated service at the local, regional and national level for the FBI’s InfraGard program.

    Since joining the ONG-ISAC, Ms. Haun has launched a successful incentive challenge to increase, reward and recognize member companies’ contributions to the ISAC’s mission. Ms. Haun expanded the ONG-ISAC’s membership with a Strategic Partnership Pilot Program, bringing new organizations, expertise, resources and funding to support the ISAC’s efforts. She has been a subject matter expert speaker, organizer and participant in numerous energy-related conferences, briefings, exercises, meetings, webinars and other events. Ms. Haun is actively pursuing upgraded technologies and additional benefits for ONG-ISAC member analysts and executives.

  • speaker photo
    Stuart Wagner
    Sr. Director, IT Security & Compliance at Enterprise Products, Chairman, ONG-ISAC

    Stuart served as a Board Member of ONG-ISAC for over five years and became Chairman in June 2018. He has attended the FBI CISO Academy, has served as President of the award-winning South Texas Chapter of the Information Systems Security Association (ISSA), and is a member of ISACA and InfraGard. Stuart has developed and led information security programs for multi-billion dollar companies for the past twelve years and is currently the Sr. Director, IT Security and Compliance for one of the largest publicly-traded energy partnerships. His experience includes information security policy development, creating security awareness campaigns, security operations, leading incident response teams, and setting information security strategy.

  • speaker photo
    Travis Herrmann
    Information Security Advisor, Devon Energy Corporation

    Travis has been with Devon Energy for 20 years, being a pioneering member of the Information Security team. Currently, Travis supports the Incident Response, Hunt, and Intelligence functions at Devon, serves on the ONG-ISAC Information Sharing committee, and holds multiple industry security certifications.

  • speaker photo
    Katrina Watts
    Cyber Security Threat Analyst, Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC)

    Katrina Watts works as a Threat Analyst with the ONG-ISAC and focuses on curating and sharing qualitative intelligence related to cyber threats to the oil and natural gas supply chain. Prior to joining the ONG-ISAC, Katrina worked as an Incident Response Analyst for a mid-size corporation and separately as a contractor. Additionally, Katrina has prior experience working in the Legal sector as a Litigation and E-Discovery analyst performing sound data collection, culling and big data analytics. Katrina received her BA from Old Dominion University and currently holds the CISSP designation.

  • speaker photo
    Sandy Silk
    Director, Information Security Education & Consulting, Harvard University

    Sandy Silk is the Director of Information Security Education and Consulting at Harvard University, Founder of Cyber Risk and Resilience Consulting, and a member of the Board of Advisors for the MS in Information Security Leadership at Brandeis University. She excels at bringing together executive leaders, business teams, and IT professionals to align cyber risk management with strategic priorities and culture, risk tolerance levels, and positive customer experience. Sandy is also involved in several WIT organizations and programs. Her prior information security career included positions with Fidelity Investments, Bose Corporation, and Wellington Management Company.

  • speaker photo
    Tony Howlett
    CISO, SecureLink

    Tony Howlett is a published author and speaker on various security, compliance, and technology topics. He serves as President of (ISC)2 Austin Chapter and is an Advisory Board Member of GIAC/SANS. He is a certified AWS Solutions Architect and holds the CISSP and GNSA certifications, and a B.B.A in Management Information Systems. Tony is currently the CISO at SecureLink.

  • speaker photo
    Mike Muscatell
    Sr. Manager, Information Security, Krispy Kreme

    Mike Muscatell is a seasoned IT veteran with more than 21 years in the Information Security field. He is a certified ethical hacker (CEH). Was honored as top 100 professionals in the Information Security field by Strathmore's for 2014. Member of a number of security organizations, including InfraGard and the U.S. Chamber of Commerce Cyber Committee.

  • speaker photo
    Phillip Wylie
    Lead Curriculum Developer, Point3 Federal

    Phillip Wylie is the Lead Curriculum Developer for Point3 Federal, Adjunct Instructor at Dallas College, and The Pwn School Project founder. With over 22 years of experience, he has spent the last eight plus years as a pentester. His passion for mentoring and education inspired him to start teaching and to found The Pwn School Project, a bi-monthly cybersecurity educational meetup. Phillip teaches Pentesting and Web App Pentesting at Dallas College. He is a co-host of “The Uncommon Journey” podcast and co-author of “The Pentest Blueprint: Starting a Career as an Ethical Hacker” published by Wiley Publishing.

  • speaker photo
    Karen Lancon
    Business Information Security Manager, Wood.
  • speaker photo
    Ran Rosin
    Director, Product Management, Imperva

    Ran Rosin Joined Imperva two years ago and is currently leading the Cloud Data Security solution. Prior to joining Imperva, Ran founded and lead two start-ups in the area of mobile Application and IoT.

  • speaker photo
    Dr. Shaneé Dawkins
    Computer Scientist, Visualization and Usability Group, National Institute of Standards and Technology (NIST)

    Dr. Shaneé Dawkins is a Computer Scientist in the Visualization and Usability Group at the National Institute of Standards and Technology (NIST). She performs research focusing on human centered design and leads the NIST Phish Scale research effort. Shaneé received her M.S. and Ph.D. in Computer Science at Auburn University, and B.S. in Computer Engineering at North Carolina A&T State University.

  • speaker photo
    Randy Raw
    VP of Information Security, Veterans United Home Loans

    Randy Raw is VP of Information Security, serving as the Information Security Officer at Veterans United Home Loans in Columbia, Missouri. He has more than 25 years of experience in both public entities and private industry, having built several Information Security programs from the ground up. He is a proponent of risk-based, layered security measures that utilize both preventative and detective approaches to achieve the right solution for the organization. Randy is a CISSP and is active in the Central Missouri InfoSec community. He has spoken at SecureWorld on many technical topics and turns his focus towards helping others move from the technical trenches to a leadership role.

  • speaker photo
    James Goepel
    Treasurer and Member, Board of Directors, Cybersecurity Maturity Model Certification (CMMC) Accreditation Body

    James Goepel is Treasurer and Member, Board of Directors for the CMMC-AB. He is also an adjunct professor of Cybersecurity at Drexel University and CEO of Fathom Cyber, a trusted agent for senior management and developer of defensible cybersecurity strategies. Jim earned his BSECE from Drexel and his JD and LLM degrees from George Mason University. He worked in the IT and security industries for nearly two decades, including as a Network Administrator for the US House of Representatives and as a lawyer and technologist for a wide range of cybersecurity companies, including system developers, research institutions, and software vendors.

  • speaker photo
    Michael Muha, PhD, CISSP, CISM, CIPM, Certified GDPR Practitioner
    Chief Information Security & Privacy Officer, WorkForce Software

    Mike drove the global expansion of WorkForce Software’s cloud-based workforce management products from one data center to eight across the US, Europe, Canada, and Australia, and directed all compliance efforts (starting with SAS 70 and moving onto SOC 1, ISAE 3402, SOC 2, ISO 27001 certification, and EU-US Privacy Shield certification). Having led the company’s GDPR journey, he’s currently implementing a “Personal Information Management System” and additional global security controls to protect company and customer data.

  • speaker photo
    Roy Wattanasin
    Information Security Leader, Healthcare Industry

    Roy Wattanasin is currently a healthcare information security professional. Additionally, Roy is an avid speaker who has spoken at many conferences and webinars. Roy also enjoys data forensics & incident response and building security in. He is heavily involved with many computer security groups including OWASP Boston, ISSA and the local communities. Roy is also a member of multiple advisory groups. He was an adjunct instructor at Brandeis University as part of the Health and Medical Informatics and is also the co-founder of that program. He is credited for bringing back the Security BSides Boston conference (setting the standards) and enjoys seeing it grow each year and being successful with its new team members.

  • speaker photo
    Etay Maor
    Chief Security Officer, IntSights

    Etay Maor is Chief Security Officer at IntSights. As CSO, Etay leads the security advisory practice at IntSights where he works with CISOs and other senior cybersecurity executives to develop risk management-based cybersecurity programs. Etay has extensive experience in cybersecurity having worked at IBM, Trusteer, and RSA. Etay holds a BA in Computer Science and a MA in Counter Terrorism and Cyber Terrorism and is currently a professor at Boston College.

  • speaker photo
    Tony Howlett
    CISO, SecureLink

    Tony Howlett is a published author and speaker on various security, compliance, and technology topics. He serves as President of (ISC)2 Austin Chapter and is an Advisory Board Member of GIAC/SANS. He is a certified AWS Solutions Architect and holds the CISSP and GNSA certifications, and a B.B.A in Management Information Systems. Tony is currently the CISO at SecureLink.

  • speaker photo
    Peter Klimek
    Director of Technology - Office of the CTO, Imperva
  • speaker photo
    Jordan Fischer
    Managing Partner, XPAN Law Group, LLC

    Jordan L. Fischer is co-founder and managing partner of XPAN Law Group, LLC, a boutique international cybersecurity and data privacy law firm, and certified Women-Owned. She focuses her practice on international data privacy and cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations, the GDPR, and the CCPA. Jordan has extensive experience in the intersection of law and technology. She is also an Assistant Professor of Law at the Thomas R. Kline School of Law at Drexel University.

  • speaker photo
    Myriah V. Jaworski, Esq.
    Privacy Litigation Practice Group, Beckage Law

    Myriah leads Beckage’s Privacy Litigation Practice Group where she represents clients in data breach actions, technology vendor disputes, and the defense of consumer class actions and related regulatory investigations. Recognized as a Super Lawyers Rising Star – Litigation om 2019 and 2020, Myriah practices in many jurisdictions throughout the United States in both state and federal courts.

    Myriah has experience representing clients in business disputes relating to technology contracts, including cloud/SaaS and E-commerce and AI or Machine Learning vendor disputes, wherein she has obtained favorable monetary and injunctive relief. Myriah has represented clients in wire fraud and payment diversion matters throughout the country. She also represents clients in response to regulatory inquiries and investigations arising out of data incidents, including before state Attorney General offices and the Department of Human and Health Services - Office of Civil Rights (HHS/OCR).

    Myriah is also a Certified Information Privacy Professional, United States (CIPP/US) and a Certified Information Privacy Professional, Europe (CIPP/E) as certified by the International Association of Privacy Professionals (IAPP).

    Prior to joining Beckage in 2018, Myriah was a senior attorney with a large regional law firm and a Trial Attorney with the United States Department of Justice (DOJ).

  • speaker photo
    Christopher Hass
    Director of Information Security and Research, Automox
  • speaker photo
    Tom Tollerton
    Sr. Manager, IT Advisory, DHG

    Tom has 15+ years of experience in the IT industry, and has extensive experience performing SOC 1 and 2 examinations and reporting, cybersecurity risk assessments, PCI compliance assessments, and system security assessments. Tom is one of DHG’s PCI Qualified Security Assessors and has completed multiple Reports on Compliance for PCI Level 1 merchants and service providers.
    Tom advises on development of holistic security governance and risk management programs integrated into IT and business operations across a wide variety of industries including financial services, retail, technology, healthcare, manufacturing, government contractors, and state and local government agencies.
    Licenses & Certifications:
    • Certified Information Systems Auditor (CISA)
    • Certified Information Systems Security Professional (CISSP)
    • Payment Card Industry Qualified Security Assessor (PCI QSA)
    Education:
    • Florida State University, MBA, Management Information Systems; Bachelor of Science

  • speaker photo
    Renee Tarun
    Deputy CISO, Fortinet
  • speaker photo
    Tom Watson
    Channel Chief Advisor, NinjaRMM
  • speaker photo
    Etay Maor
    Chief Security Officer, IntSights

    Etay Maor is Chief Security Officer at IntSights. As CSO, Etay leads the security advisory practice at IntSights where he works with CISOs and other senior cybersecurity executives to develop risk management-based cybersecurity programs. Etay has extensive experience in cybersecurity having worked at IBM, Trusteer, and RSA. Etay holds a BA in Computer Science and a MA in Counter Terrorism and Cyber Terrorism and is currently a professor at Boston College.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Invest in yourself

Join your InfoSec peers for high-quality, affordable training and collaboration. Sign up today!