Open Sessions
Conference Pass
SecureWorld Plus
VIP / Exclusive
- Thursday, October 14, 20218:00 amExhibit Hall OpenRegistration Level:
Open Sessions
8:00 am - 9:00 amLocation / Room: Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Virtual booths feature demos, resources downloads, and staff ready to answer your questions. Look for participating Dash For Prizes and CyberHunt sponsors to be entered to win prizes.
8:00 amAdvisory Council RoundtableDiscussion topic to be announcedRegistration Level:VIP / Exclusive
8:00 am - 8:50 amThis session is for SecureWorld Advisory Council members by invite only.
8:15 amAssociation Chapter MeetingsRegistration Level:Open Sessions
8:15 am - 8:50 amParticipating professional associations and details to be announced.
9:00 amOpening KeynoteRegistration Level:Open Sessions
9:00 am - 9:45 am9:45 amNetworking BreakRegistration Level:Open Sessions
9:45 am - 10:00 amLocation / Room: Exhibitor FloorVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
10:00 amDeveloping an Effective Security Awareness ProgramRegistration Level:Open Sessions
10:00 am - 10:30 amSecurity Awareness is well known for being the “best bang for the buck” out of all the risk mitigation techniques, but is it really? For Security Awareness to be effective, it must change the behaviors of employees and ideally lead to a mature security culture in your organization. Many programs that do not use adult education techniques and neuroscience fail to achieve behavior change—and can even make things worse. Once employees start to have a negative impression about information security, feel helpless, or begin to consider remediation as punitive, great damage has been done to the security culture and this can be difficult to reverse.
This fun presentation will help you to gain an understanding about effective Security Awareness program creation and implementation, as well as to build buy-in for a mature security culture.
10:00 amI.A.M. What I Am: Building a Strong Identity and Access Management ProgramRegistration Level:Open Sessions
10:00 am - 10:30 amIdentity and Access Management has risen from a necessary evil to the “new perimeter” as applications migrate to the cloud. Having the right people aligned to your business processes with sound technology will propel your IAM program from the back office to business enabling function. This presentation will guide you on how to mature your existing identity and access management program, pitfalls to avoid, and tips to get your stakeholders on board.
10:00 amPractical Considerations When Verifying Your Vendors' Cybersecurity ControlsRegistration Level:Open Sessions
10:00 am - 10:30 amAs businesses grow, it becomes increasingly cheaper, more convenient, and more efficient to rely on third parties to take on certain business functions. However, the security of your organization’s assets is only as strong as the weakest link in your vendor chain.
Embracing the “trust-but-verify” approach, this session offers helpful tips and areas to focus on when validating your vendors’ cybersecurity controls.
Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)
10:30 amNetworking BreakRegistration Level:Open Sessions
10:30 am - 10:45 amVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
10:45 amInsider Threats: A Multi-Pronged Approach to Protecting Your OrganizationRegistration Level:Open Sessions
10:45 am - 11:15 amInsider threats are a real danger and cannot be overlooked. While deploying the latest secure system to fight against cyber threats is a decent strategy, you must also implement an effective insider threat system for an overall cybersecurity solution. An insider threat program cannot be brought off the shelf, but is a continuous process to identify and detect an incident as it occurs. Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)
10:45 amLeveraging Culture to Optimize Information SecurityRegistration Level:Open Sessions
10:45 am - 11:15 amTo build a culture that optimizes security, an organization needs to set information security leadership appropriately. Strategically, it needs to understand the organization’s risk tolerance, codify it as policy, and communicate it. Based on risk tolerance, it needs to create a roadmap that moves the organization from ad hoc and compliance-based cultures to one that’s risk-based. Tactically, security management needs to regularly drive buy-in for risk tolerance and policy. In addition, management needs to foster a culture that learns from incidents and failures rather than a culture that focuses on assigning blame.
10:45 amBuilding Blocks to Achieve Cloud SecurityRegistration Level:Open Sessions
10:45 am - 11:15 amCloud computing has entered its second decade, and its prevalence is increasing, as “cloud first” is gaining more popularity than ever. Despite its prolonged existence, cloud computing still suffers from confusion and hype over how to secure the cloud. Also, longstanding concerns such as cloud governance continue to muddle the opinions and approaches of CIOs, CISOs, architects, and IT leaders. This session is aimed to demystify the myth of cloud being insecure and will emphasize how to build the security blocks around cloud while using varied service and deployments of cloud computing.
11:15 amNetworking BreakRegistration Level:Open Sessions
11:15 am - 11:30 amVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
11:30 amAre You Ready for the Convergence of IIoT, OT, and IT Security?Registration Level:Open Sessions
11:30 am - 12:00 pmBusiness transformation and drive for smart factory initiatives has placed demands on business leaders to leverage relevant technologies to achieve the desire end goal of operational excellence. The technologies such as industrial internet of things (IIoT) are being layered on top of manufacturing floor machinery to provide that needed insight into business operations and productivity. These improvement and perceived operational excellence have come with cyber security risks which were not a common place in manufacturing space previously. It for this reason that there is now a convergence between operation technology (OT), Industrial internet of things (IIoT) and IT. This intersection is becoming very evident in manufactural, supply chain and traditional production organization or companies.
Most of these manufacturing machineries were never directly connected to the ethernet networks and as such the risk was very minimal. In some cases, these organizations had organized security based on perimeter controls such as data center firewalls, site firewalls, floor firewalls that provide segmentation or microsegment between corporate IT and manufacturing operation technology (OT space). However, if the individual devices that are connected on the OT side become compromised and the threat has access to that communication link, a hacker can push malicious data, cause denial of service (DoS), or introduce malware or viruses to the entire network — even if there is a secure communication link. There are many ways to run into problems on the OT/IoT front if companies are not careful in their network design security implementation. These increase the risk and a re-thinking of how to architect security appropriately to meet the ever-evolving threat landscape with relevant implications to OT/IIoT and larger enterprise network.
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)11:30 amRansomware Incident Command and Lessons Learned for ManagersRegistration Level:Open Sessions
11:30 am - 12:00 pmThis presentation presents a practical approach to incident command for managers at all levels, irrelevant of cyber expertise. Managers of all types are asked to take charge in critical situations and can benefit from leveraging proven crisis management processes during ransomware response.
11:30 amNew Remote Workforce: Privacy and Security Risks and MitigationsRegistration Level:Open Sessions
11:30 am - 12:00 pmThe sudden growth in the remote workforce exposed critical cybersecurity and privacy concerns that should be considered. This presentation will provide an overview of key legal considerations with remote work when it comes to privacy and security, as well as discuss some solutions to help mitigate risk as your employees work from home.
12:00 pmNetworking BreakRegistration Level:Open Sessions
12:00 pm - 12:15 pmVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
12:15 pmHey, Information Security: Be Part of the Digital Transformation or Be Left Behind!Registration Level:Open Sessions
12:15 pm - 1:00 pm“Digital transformation” (Dx) as a buzzword may be approaching the end of its life, but the fundamental concept—continuously improving the use of technology and data to provide value to customers—is real and critical to the survival of businesses. If information security teams don’t evolve to deliver the same Dx value and benefits to our organizations, then we risk losing our “customers” to intentional circumvention or preference for shadow IT providers. Make sure your information security team provides the core Dx attributes to your organization to cultivate value, loyalty, and trust. Join this session to learn how you can:
• Embed security into your culture, technologies and processes
• Empower innovation and expedite time-to-market through consistent security risk governance
• Assess the impacts, goals and methods of likely cyber attacks and incidents
• Align IT and security professionals with business objectives and risk tolerance
• Prepare now for effective detection and response to reduce business impacts of incidentsPresentation level: MANAGERIAL (security and business leaders)
12:15 pmLeveraging the Three Lines of Defense to Improve Your Security PositionRegistration Level:Open Sessions
12:15 pm - 1:00 pmDepending on your role, a three lines of defense risk management model can be your best friend or worst enemy. No matter your view, the data produced through these channels can help you better understand your weaknesses, work more effectively with senior management, and respond to a variety of scenarios.
Presentation Level: MANAGERIAL (security and business leaders)12:15 pm[Panel] Addressing Weakness: Vulnerability ManagementRegistration Level:Open Sessions
12:15 pm - 1:00 pmNIST defines vulnerabilities as, “Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.” This panel will discuss current vulnerabilities and risk management through proper controls and best practices.
12:15 pm[Panel] Identity and Access Management: Zero Trust for the Win?Registration Level:Open Sessions
12:15 pm - 1:00 pmAuthentication used to be a discreet decision with the purpose of securing a single access point. Today, the ability to utilize many different types of authentication—from passwordless authentication, to certificate-based authentication, to adaptive and multi-factor authentication—is the foundation of a robust access management framework. With all the terms flying around out there—MFA, 2FA, Zero Trust, IAM, etc.—it’s hard to keep track of what is supposed to be working. Our experts will help demystify the jargon, provide best practices, and steer you away from common missteps.
12:15 pmExecutive RoundtableRegistration Level:VIP / Exclusive
12:15 pm - 1:00 pmDiscussion forum for executive leaders and SecureWorld Advisory Council members (10-15, invite only). Moderated by a CISO/CSO.
1:00 pmNetworking BreakRegistration Level:Open Sessions
1:00 pm - 1:15 pmVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
1:15 pmMoving from Individual Contributor to Cybersecurity LeaderRegistration Level:Open Sessions
1:15 pm - 2:00 pmAre you feeling the call towards cybersecurity leadership? Just being a good technologist is no guarantee you will be a good leader. There are many things that good leaders need to know that have nothing to do with technical knowledge.
Join in this conversation about the path from the Information Security technical role to an Information Security leadership role. Learn the right knowledge that will be powerful in helping advance your career up the ranks of security leadership!
1:15 pmEthical Hacking and Cyber Ecosystems: Anticipating the PredatorsRegistration Level:Open Sessions
1:15 pm - 2:00 pmIn an ever-evolving digital landscape with cloud computing, mobility and IoT systems, more sophisticated approaches to vulnerability assessment are necessary. One of the central tools used in vulnerability testing is penetration testing, along with other techniques that are more broadly classified as ethical hacking. This discussion includes highlights from three case studies of ethical hacking in different settings. Highlights include approaches to ethical hacking and specific penetration techniques relevant to cloud computing and network security. Topics will also include challenges faced in ethical hacking within cybersecurity ecosystems and a discussion of a robust, integrative multi-layered used in ethical hacking.
Presentation Level: TECHNICAL (deeper dive including TTPs)1:15 pm[Panel] Threat Landscape in Flux: Emerging ThreatsRegistration Level:Open Sessions
1:15 pm - 2:00 pmThe attack surface is shifting, threat actors are adapting, and security teams must also pivot. This panel will take a dive into various attack vectors, security gaps, and emerging threats organizations are now facing.
1:15 pm[Panel] No Perimeter: Security in the CloudRegistration Level:Open Sessions
1:15 pm - 2:00 pmWorldwide events have accelerated cloud adoption trends. Organizational reliance on the cloud is at an all-time high. This panel will explore cloud security risks, controls, and best practices to help ensure a secure cloud computing environment.
1:15 pmExecutive RoundtableRegistration Level:VIP / Exclusive
1:15 pm - 2:00 pmDiscussion forum for executive leaders and SecureWorld Advisory Council members (10-15, invite only). Moderated by a CISO/CSO.
2:00 pmNetworking BreakRegistration Level:Open Sessions
2:00 pm - 2:15 pmVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
2:15 pmClosing KeynoteRegistration Level:Open Sessions
2:15 pm - 3:00 pm
- Arctic Wolf NetworksBooth:
Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOC™ service is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting, and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit https://www.arcticwolf.com.
- Armis, IncBooth:
Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust Armis’ unique out-of-band sensing technology to discover and analyze all managed and unmanaged devices, analyze endpoint behavior to identify risks and attacks, and protect information and systems.
- BitSightBooth:
BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog or follow @BitSight on Twitter
- Check Point Software Technologies Inc.Booth:
Check Point Software Technologies Inc. is a leading provider of cyber security solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.
- OktaBooth:
Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.
- ProofpointBooth:
Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.
Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.
- Recorded FutureBooth:
Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.
- RedSealBooth:
By focusing on cybersecurity fundamentals, RedSeal helps government agencies and Global 2000 companies measurably reduce their cyber risk. With RedSeal’s cyber terrain analytics platform and professional services, enterprises improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif.
- RemediantBooth:
Founded in the heart of San Francisco, Remediant offers an industry leading Privileged Access Management (PAM) solution we call SecureOne. Our innovative and enterprise-class cybersecurity solution enables real-time monitoring, Zero Trust protection of privileged accounts and Just-In-Time Administration (JITA) across IT/Security/Cloud ecosystems. We protect organizations from stolen credentials being used against them, which is the number one attack vector across all breaches. To learn more, please visit: www.remediant.com
- SecureLinkBooth:
SecureLink is a leader in managing secure third-party access and remote support for both enterprise companies and technology providers. SecureLink serves over 400 customers and 30,000 organizations worldwide. World-class companies across multiple industries including healthcare, financial services, legal, gaming and retail rely on SecureLink’s secure, purpose-built platform.
- ThreatConnectBooth:
Designed by analysts but built for the team, ThreatConnect’s intelligence-driven security operations platform is the only solution available today with intelligence, automation, analytics, and workflows in a single platform. To learn more about our TIP and SOAR solutions, visit www.ThreatConnect.com.
- Panel Discussion
- Panel Discussion
- Panel Discussion
- Panel Discussion

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Join your InfoSec peers for high-quality training and collaboration. Sign up today!
