Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Tuesday, October 15, 2019
    9:00 am
    [SecureWorld PLUS] Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    9 a.m. - 3 p.m. • Earn 12 CPEs!
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm

    The University of Massachusetts has developed a 6-hour SecureWorld PLUS training class that instructs attendees on the best practices for designing, building, and maintaining a cybersecurity program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the Framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program, and a Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M), and Executive Report

    The class will help individuals and organizations acquire knowledge, skills, and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the instructor:

    • Larry Wilson is the CISO for UMass President’s Office since 2009.
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation.
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past five years.
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework.

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    9:00 am
    [SecureWorld PLUS] Security and the C-Suite: Speaking the Language of Key-Stakeholders and Decision Makers
    • session level icon
    9 a.m. - 3 p.m. • Earn 12 CPEs!
    speaker photo
    VP & President of the Board, Beryllium InfoSec Collaborative / Cyber Warrior Foundation
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm
    This is an excerpt course from the Cyber Warrior Foundation’s MBA in Information Security at Union College. From this course, attendees will understand the importance of being able to effectively communicate to the C-Suite and other key stakeholders, and ways to help them understand the gravity of information security inside and outside the organization. Business has many sub-languages, and as an information security manager or decision maker, we must be able to speak the languages to the various audiences to reach them where they are. By doing this, we bring the importance of information security and cyber security into the home-turf of each aspect of the business, and gain buy-in from every vertical and department.

    Attendees will learn:
    -How to effectively communicate information security to every aspect of the business
    – Identify key assets across the organization for information protection
    – How to collaborate with stakeholders both inside and outside of the organization for effective information security practice
    – Get buy-in for coordinated incident response participation across the organization
    – Learn about Open FAIR methodology and how to translate from other compliance frameworks

  • Wednesday, October 16, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    7:30 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    7:30 am - 8:30 am

    This session is for Advisory Council members only.

    8:30 am
    Engaging the Board on Cybersecurity
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Boards of directors are increasingly interested more than ever in the organization’s cybersecurity posture and strategy. It’s important to engage them early and often with the right level of detail to maintain their confidence. This session will provide practical guidance on approaches that could be used to be successful when communicating with the Board.

    8:30 am
    Privacy Impact Assessments and Emerging Technologies
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Privacy laws and regulations continue to evolve rapidly in the U.S. at the federal and state levels. Combined with the European Union GDPR, these emerging standards underline the need for businesses to manage data as a regulated asset. The risks are heightened when developing or implementing emerging technologies, such as artificial intelligence, blockchain and biometric technologies. A key part of governance, both to reduce risk and to enable new innovations, is to perform impact assessments when implementing new technologies into the business, and as part of any new product development or innovation operations. This presentation will focus on privacy regulatory issues associated with emerging technologies, trends in structuring impact assessments, approaches to and objectives of PIAs, and ways in which to integrate PIA processes into the business.
    8:30 am
    Culture and Collaboration: How Working Together Builds the Bridge Between People, Process, and Technology
    • session level icon
    speaker photo
    Security Awareness and Training leader, Ernst & Young LLP
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Having worked in many different industries, company sizes, and employee populations as both a consultant and practitioner, I’ve seen the good, bad, and ugly ways companies approach security awareness. The one thing that I have seen consistently in “good” awareness programs is the willingness to collaborate with groups outside of the security team. Attendees will learn how to leverage marketing, physical security, corporate communications, HR, legal, and yes, even employee health into a holistic approach to securing the human.

    8:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Business Email Compromise: Real World Stories and Practical Defense
    • session level icon
    speaker photo
    Cyber-Enabled Financial Fraud Investigator, U.S. Secret Service / Firebird AST
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    Business Email Compromise is a scourge and a severe threat to our national and global economy. With $13.5 billion in losses from 2013, BEC is an exponentially growing threat. The presentation will cover the evolution of BEC, major players, and how to protect your business from this cyber-enabled financial fraud scheme.
    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:15 am
    7 Ways to Boost InfoSec’s Influence (and Yours) by Communicating Differently
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Grow your personal influence, your leadership possibilities and move your InfoSec objectives forward (faster) by thinking differently about how you communicate. Whether your audience is the board, your team, or any part of the business, this session will help you and your communication stand out. Lead by a long-time TV reporter turned cybersecurity journalist who shares a framework for powerful communication you can implement immediately.

    11:15 am
    Navigating the Uncharted Cybersecurity Career Path
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    With a growing shortage of qualified workforce, it’s a pivotal time for the cybersecurity profession to define its value and claim its space within the corporate landscape. From entry-level to C-suite, do you know what you’re worth and how to maximize your earning potential? What are the KPIs, accomplishments, and degrees or accreditations needed to advance your career?
    11:15 am
    IoT Defense: A Holistic Approach
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Reviewing the current state of IoT devices, their cloud endpoints and the connection between them to understand the threat landscape and where our focus needs to be in the years ahead.

    11:15 am
    IoT and Blockchain in Healthcare
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Tens of billions of connected devices will form the smart homes, cities and user experience of the future. The “Internet of Things” is a rich opportunity for IT Leaders but also presents some headaches, particularly when we think of medical and consumer devices in Healthcare. Hear the unique perspective from one of the nations largest healthcare providers on how they plan to step up to the challenge and how one notorious upstart technology, the “Blockchain”, can potentially benefit the “Smart Hospital.”

    12:00 pm
    Advisory Council Lunch Roundtable (VIP / Invite only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm

    This session is for Advisory Council members only.

    12:15 pm
    LUNCH KEYNOTE
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    1:15 pm
    Panel: Cloudy With a Chance of Breach
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    Everything old is new again. Migrating to the cloud certainly is not a new thing. It is for some smaller companies that are just now able to afford making the move to the cloud. Cloud boasts a secure, disaster proof option for companies to store their data offsite with access to that data from practically anywhere. So, who’s fault is it when the data is compromised? What if your information is stolen from the cloud because another user’s data was at fault? At the end of the day, isn’t the cloud just someone else’s computer? Join this panel discussion as they guide you through the pros and cons in migrating to the cloud.

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes and CyberHunt Winners Announced
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have your badge scanned with participating exhibitors. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win.

    3:00 pm
    Communicating Technology Risk to Non-Tech People: Helping Organizations Understand Bad Outcomes
    • session level icon
    speaker photo
    Director, Risk Science, FAIR Institute
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Communicating risk to nontechnical people is difficult. As security professionals, we can recite the threats and vulnerabilities that are impacting our organizations and we often call those risks. This can influence executives sometimes, but often fails to resonate and connect with the decision makers in the way we want . This session will discuss how to translate threats and vulnerabilities into business risks that executives care about. A review of the weaknesses of traditional technology risk assessment methodologies is offered and an introduction to Cyber Risk Quantification (CRQ) is covered. Example risk reporting to the board is also included.

    3:00 pm
    A Survey of U.S. Domestic Security and Privacy Laws: The Evolving Landscape
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    The U.S. legal framework for cybersecurity and data privacy continues to evolve, trying to stay abreast of the ever-evolving and changing technologies. In the past year, state and federal regulatory changes have altered the legal and compliance obligations of many companies across a variety of industries. Additionally, the courts are starting to adopt opinions that are placing more liability on companies for the protection of sensitive personal data. This presentation will provide an overview of key regulatory and legal changes both at the state and federal level, and discuss how companies should prepare to meet these evolving obligations.

Exhibitors
  • Bitdefender
    Booth:

    Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.

    From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.

  • Comodo Cybersecurity
    Booth:

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Global Cyber Alliance
    Booth:

    The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

  • InfraGard Minnesota
    Booth:
  • (ISC)2 Twin Cities Chapter
    Booth:

    Our mission is to create a safe environment where information security practitioners can openly share expertise and ideas, providing practical, relevant, useful and timely information that, when applied, will develop and promote the (ISC)2 CISSP CBK®. help support the Information Security and Cyber Security Communities of the Upper Midwest.

    The objectives of this chapter are to:

    • Educate: Provide low cost (or no-cost), high impact educational opportunities for both new and seasoned information security practitioners.
    • Network: Create an environment that encourages relationship building and professional growth via networking and creating Mentorship opportunities
    • Transform: Provide a forum for the free exchange of bold, innovative, transformative ideas to advance the perception and effectiveness of information security.

  • ISACA Minnesota Chapter
    Booth:

    With approximately 1,100 members from over 100 organizations, we are the premier organization for information technology audit and control professionals in Minnesota and surrounding areas.

    Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IT governance, IS audit, control and security profession throughout the state of Minnesota.

    On our website, you will find a wealth of information about events and volunteer opportunities within our chapter including local job postings. Please be sure to visit the members-only pages for important information about your chapter, special members-only benefits.

  • ISSA Minnesota Chapter
    Booth:

    The Minnesota Chapter of ISSA (MN ISSA) serves the Minneapolis / St. Paul twin cities area, greater Minnesota and western Wisconsin. Our membership, over 170 strong and growing, is drawn from the multitude of large corporations, small businesses, government entities and educational institutions in the area. They span all levels of career growth, from students and entry-level to senior management, and cover all industries – finance, medical, government, education, retail, technology, services, and more. This depth of experience and breadth of knowledge provides a dynamic networking environment and a cadre of great individuals to draw from for education, guidance and thought leadership.

  • Ixia, a Keysight Business
    Booth:

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Malwarebytes
    Booth:

    Malwarebytes provides anti-malware and anti-exploit software designed to protect users against zero-day threats that consistently escape detection by traditional endpoint security solutions. Malwarebytes Anti-Malware earned an “Outstanding” rating by CNET editors, is a PCMag.com Editor’s Choice, and was the only security software to earn a perfect malware remediation score from AV-TEST.org. That’s why large Enterprise businesses worldwide, including Disney, Dole, and Samsung, trust Malwarebytes to protect their mission-critical data. For more information visit www.malwarebytes.com/business

  • Mimecast
    Booth:

    Mimecast Is Making Email Safer For Business.

    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service. Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • One Identity
    Booth:

    Turn security from the practice of denial and restriction to the utopia of enablement and transformation with the One Identity family of IAM solutions for access management, identity governance, and privileged account management on prem and in the cloud.

  • OWASP Minneapolis-St. Paul
    Booth:
  • Radware
    Booth:

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Trustwave
    Booth:

    Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Benjamin Brooks
    VP & President of the Board, Beryllium InfoSec Collaborative / Cyber Warrior Foundation

    Vice President of Beryllium InfoSec Collaborative and Founding Member of Cyber Warrior Foundation. Benjamin is a 19-year Navy veteran of Information Warfare and Special Warfare communities. He serves as the Education Committee Chair for the Cyber Warrior Foundation as well as Chairman of the Board. Benjamin is an (ISC)2 CISSP and Writer for the CISSP exam, as well as a Ponemon Research Institute Distinguished Fellow. He has assisted with the Navy Security System Certifications, and created multiple information security curriculum at both the undergrad, and post-graduate levels.

  • speaker photo
    Alexandra Panaretos
    Security Awareness and Training leader, Ernst & Young LLP

    Alexandra Panaretos, CSAP is the Americas Cyber Practice Lead for Security Awareness and Training for Ernst & Young LLP. She specializes in information security awareness and education, personal and physical security, and the psychology of social engineering. Alex has experience developing and implementing security awareness and education strategies in government, military family services, and global companies. She is Operations Security Program Manager certified by the Joint Information Operations Warfare Center and the U.S. Army. Her primary focus in awareness program design is the individual, which she showcases in materials that are relevant for multiple generational, cultural, and learning styles in an enterprise.

  • speaker photo
    Stephen Dougherty
    Cyber-Enabled Financial Fraud Investigator, U.S. Secret Service / Firebird AST

    Stephen Dougherty has over a decade of investigative experience. His career as a Financial Fraud Investigator in support of the federal government has played a pivotal role in criminal investigations, surrounding cyber-enabled financial crime, money laundering, human trafficking, identity theft, healthcare fraud, embezzlement, tax/government program fraud, dark web crimes, among others. Stephen’s main area of expertise is combatting money laundering in all its forms. Aside from this, Stephen has been proactive in identifying new and future trends in the world of financial crime. Such trends include the cyber security nexus of financial crimes and its ever-growing relationship in major financial crimes such as Business Email Compromise and the rise of the dark web and the use of virtual currency as a vehicle for facilitation of financial crimes. Stephen has been a leader and a mentor to other investigators teaching them how to uncover fraud internally and externally. Stephen is currently an investigator contracted to the U.S. Secret Service’s Global Investigative Operations Center (GIOC) in Washington D.C.

  • speaker photo
    Jack Freund, PhD
    Director, Risk Science, FAIR Institute

    Dr. Jack Freund is a leading voice in cyber risk measurement and management. He is an expert at building relationships to collaborate, persuade, and sell information risk and security programs. Jack is currently serving as Director, Risk Science at RiskLens and previously worked for TIAA as Director, Cyber Risk. Jack holds a PhD in Information Systems and has been named an IAPP Fellow of Information Privacy. Jack’s book on quantifying risk (Measuring and Managing Information Risk: A FAIR Approach) was inducted into the Cybersecurity Canon in 2016. Jack’s writings have appeared in the ISSA Journal and he currently writes a column for the @ISACA newsletter.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
DON'T MISS OUT!

Join us for high-quality, affordable cybersecurity training and networking. Sign up today!