- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Tuesday, October 15, 20199:00 am[SecureWorld PLUS] Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework9 a.m. - 3 p.m. • Earn 12 CPEs!Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:
- SecureWorld Plus
9:00 am - 3:00 pmLocation / Room: Lake NokomisThe University of Massachusetts has developed a 6-hour SecureWorld PLUS training class that instructs attendees on the best practices for designing, building, and maintaining a cybersecurity program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the Framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program, and a Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M), and Executive Report
The class will help individuals and organizations acquire knowledge, skills, and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the instructor:
- Larry Wilson is the CISO for UMass President’s Office since 2009.
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation.
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past five years.
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework.
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
- Wednesday, October 16, 20197:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 3:00 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 amAdvisory Council Breakfast – (VIP / INVITE ONLY)Topic: The Journey to the Cloud - Roadblocks, Pitfalls & Silver LiningsCISO, Bluecore, Inc.Registration Level:- VIP / Exclusive
7:30 am - 8:30 amLocation / Room: Lake IslesThis session is for Advisory Council members only.
8:30 amInfraGard Hosted Session and Guest Presentation - Open to all AttendeesTopic: Out of the Box and Onto The Wire: The Insecurity of Healthcare IoTCertified Ethical Hacker, Healthcare Information Security AnalystRegistration Level:- Open Sessions
8:30 am - 9:15 amLocation / Room: Lake HarrietJoin InfraGard for their chapter meeting and guest presentation. This session is for InfraGard members and anyone interested in learning more about this local association.
8:00am – 8:30am – InfraGard Networking
8:30am – 9:15am – “InfraGard Session”
Presentation:
Are IoT devices leaving your hospital organization Eternally Blue and making you WannaCry? Hear from a healthcare information security analyst as she navigates through the complicated landscape of network device security risk assessments, “Out of The Box” configurations, default passwords, and many other limitations within the hospital business model that have the potential to give cyber criminals a running head start.
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)8:30 amThe Power of an Identity Aware Security StrategyEnterprise Architect, Office of CIO, OptumRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: Lake CalhounIdentity meet security. Security meet identity. Despite the growing number of breaches related to compromised identities, these two critical functions continue to operate in silos. It’s time for security executives to not just embrace identity as part of their security strategy but put it at the center. In this session you’ll learn about how the Identity Defined Security Alliance is working to help organizations and security practitioners succeed in the battle to stay secure by using the knowledge about our identities as the thread through existing cybersecurity investments.
8:30 amWorld War “D”: The Unknown Consequences of Data, Global Compliance, Security, AI, and MLPresident, Rimage Corporation; CSRO, Equus HoldingsRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: Lake MinnetonkaAt some point, every organization will be discussing how data is being used, what risks and opportunities exist while balancing security needs, how to ensure global compliance, and how AI and ML will influence all of the above. The speed of today’s technology is outstripping our ability to comprehend all of the touch points. In this discussion, we will take a look at how to manage each of the building blocks: evaluating opportunity, risk, and rewards, as well as thinking strategically about the operational impact of our decisions.
Presentation Level: MANAGERIAL (security and business leaders)8:30 amAdvisory Council Roundtable: Light Breakfast and Coffee (VIP / Invite Only)Topic: Reporting to the Board - Using Metrics & KPIsVP & CISO, Formerly Deluxe CorporationRegistration Level:- VIP / Exclusive
8:30 am - 9:25 amLocation / Room: Lake IslesThis session is for Advisory Council members only.
9:00 amExhibitor Hall openRegistration Level:- Open Sessions
9:00 am - 3:00 pmLocation / Room: SecureWorld Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
9:30 am[OPENING KEYNOTE] Business Email Compromise: Real World Stories and Practical DefenseSpecial Agent, Global Investigative Operations Center, United States Secret ServiceRegistration Level:- Open Sessions
9:30 am - 10:15 amLocation / Room: Keynote TheaterThe average loss from a bank robbery is about $3,000. The average loss from a successful Business Email Compromise (BEC) attack is nearly $130,000. That kind of math explains why BEC is rampant, and every type of organization is at risk. During this presentation, hear from the point person on BEC cases investigated by the U.S. Secret Service. He’ll share true crime examples of and practical steps for defense against BEC losses, which now stand at $13.5 billion in the last six years.
10:15 amConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
10:15 am - 11:15 amLocation / Room: SecureWorld Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
11:15 am[Insight] A Practical Approach to Securing Data Regardless of Where It LivesDirector, Network & Cloud Security, Insight Cloud + Data Center TransformationRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: Lake MinnetonkaIn this session, we will review the evolution of data in the enterprise, how we got into the mess of corporate data being so unwieldy, and practical approaches to securing data with both technology and policy.
Presentation Level: MANAGERIAL (security and business leaders)11:15 amCulture and Collaboration: How Working Together Builds the Bridge Between People, Process, and TechnologyAmericas Lead for Human Cyber Risk and Education, EYRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: Lake HarrietHaving worked in many different industries, company sizes, and employee populations as both a consultant and practitioner, I’ve seen the good, bad, and ugly ways companies approach security awareness. The one thing that I have seen consistently in “good” awareness programs is the willingness to collaborate with groups outside of the security team. Attendees will learn how to leverage marketing, physical security, corporate communications, HR, legal, and yes, even employee health into a holistic approach to securing the human.
11:15 amHidden Leadership Talent: Is the Technology World Committing Leadership Suicide?Founder & CEO, Quiet Brilliance Consulting LLCRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: Lake NokomisThe Global Leadership Forecast of 2018 revealed that “finding next generation leaders” is what keeps top executives everywhere up at night.
Technology companies, almost legendary for being leading edge and innovative, report a failure rate for leadership assignments that is 20% higher than that of other industries. Lynette Crane, author of “Quiet Brilliance: Solving Corporate America’s Leadership Crisis with ‘Hiding in Plain Sight’ Talent,” shows you where that talent lies hidden in your own organization, then supplies strategies to uncover and develop it.11:15 am[Radware] Cybersecurity Pushed to the LimitSystems Engineer, RadwareRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: Lake CalhounThroughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.
Join the session to learn more about:
• The threat landscape deep dive—the who, what and why of attacks
• Potential impact on your business, including associated costs of different cyber-attacks
• Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
• Emerging threats and how to protect against them
• A look ahead – predictions and what to prepare for12:15 pm[LUNCH KEYNOTE] Insider Threat Panel: Are We Giving this Security Risk the Attention It Deserves?VP & CISO, Provation MedicalCISO, Sun Country AirlinesCISO, Bluecore, Inc.CIO, Self Esteem BrandsSr. Director, Cloud Operations, NucleusHealthRegistration Level:- Open Sessions
12:15 pm - 1:00 pmLocation / Room: Keynote TheaterWhat is insider threat? How can organizations ensure these risk areas are mitigated? Are there techniques and tools that can help raise awareness and eliminate insider threat? During this panel discussion, we will define the different types of threat actors and identify potential options for reducing risk.
1:15 pm[Panel] Cloudy With a Chance of BreachRegistration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: Lake HarrietEverything old is new again. Migrating to the cloud certainly is not a new thing. It is for some smaller companies that are just now able to afford making the move to the cloud. Cloud boasts a secure, disaster proof option for companies to store their data offsite with access to that data from practically anywhere. So, who’s fault is it when the data is compromised? What if your information is stolen from the cloud because another user’s data was at fault? At the end of the day, isn’t the cloud just someone else’s computer? Join this panel discussion as they guide you through the pros and cons in migrating to the cloud.
Panelists:
Brandon Reid, Mimecast
Jason Radar, Insight
Mike Kearn, U.S. Bank
Mike Olsen, Agari
Moderator: Benjamin Brooks, Cyber Warrior Foundation1:15 pm[Panel] Building a Better Mouse Trap (Emerging Threats)Registration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: Keynote TheaterTo be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
Panelists:
Frank Leyva, Radware
Daniel Conrad, One Identity
Kristi Thiele, Ixia
Adam Gates, Malwarebytes
John Linzy, Bitdefender
Moderator: Tim Wittenburg Calabrio2:15 pmConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
2:15 pm - 3:00 pmLocation / Room: SecureWorld Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
2:30 pmNetworking Break — Dash for Prizes and CyberHunt winners announcedRegistration Level:- Open Sessions
2:30 pm - 2:45 pmLocation / Room: SecureWorld Exhibitor FloorBe sure to have your badge scanned with participating exhibitors throughout the day. Past prizes have included Kindles, Bose wireless headphones, gift cards, iPads, drones, and more! *Must be present to win.
3:00 pmCommunicating Technology Risk to Non-Tech People: Helping Organizations Understand Bad OutcomesDirector, Risk Science, FAIR InstituteRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: Lake CalhounCommunicating risk to nontechnical people is difficult. As security professionals, we can recite the threats and vulnerabilities that are impacting our organizations and we often call those risks. This can influence executives sometimes, but often fails to resonate and connect with the decision makers in the way we want . This session will discuss how to translate threats and vulnerabilities into business risks that executives care about. A review of the weaknesses of traditional technology risk assessment methodologies is offered and an introduction to Cyber Risk Quantification (CRQ) is covered. Example risk reporting to the board is also included.
3:00 pmData Security and Data Privacy: The Laws and Regulations and Why Security and Privacy Are So ImportantData Privacy and Technology Law Attorney, The Carlson FirmRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: Lake HarrrietJoshua Carlson works exclusively with companies on their data privacy and data security postures. Mr. Carlson will cover why data security and data privacy are critically important to the businesses of today and the future.
The Why behind the critical importance of data security and data privacy funding and coordination with every part of the business.
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)3:00 pmEPSS: Data-Driven Vulnerability RemediationSr. Data Scientist, Cyentia InsituteRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: Lake MinnetonkaKeeping up with vulnerability remediation is a universal challenge experienced by every organization. The onslaught of reported and discovered vulnerabilities makes prioritization essential and the lack of clear feedback makes prioritization tricky. CVSS is the de factor approach to ease the complexities of prioritization, but CVSS has largely gone unmeasured and unchallenged… until now. This talk begins with data on tens of thousands of vulnerabilities and combines billions of real-world exploitation events to both measure the performance of CVSS and to build a data-driven solution for the prioritization of vulnerability remediation efforts we call the Exploit Prediction Scoring System (EPSS).
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)
- AgariBooth: 210
Agari is transforming the legacy Secure Email Gateway with its next-generation Secure Email Cloud powered by predictive AI. Leveraging data science and real-time intelligence from trillions of emails, the Agari Identity Graph™ detects, defends and deters costly advanced email attacks including business email compromise, spear phishing and account takeover.
- BitdefenderBooth: 123
Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.
From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.
- Cloud Security Alliance, Minnesota ChapterBooth: TBD
- Code42Booth: TBD
Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.
- Comodo CybersecurityBooth: 100
In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.
- EC-CouncilBooth:
International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.
- ESETBooth: 228
For over 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single ‘in-the-wild’ malware without interruption since 2003.
- ForcepointBooth: 155
Forcepoint is transforming cybersecurity by focusing on what matters most: people’s behavior as they interact with critical data and systems. Forcepoint behavior-based solutions adapt to risk in real time and are delivered via a converged security platform, protecting the human point for thousands of enterprise and government customers. Our solutions include Cloud Security, Network Security, Data & Insider Threat Security.
- Global Cyber AllianceBooth:
The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org
- InfraGard MinnesotaBooth:
- InsightBooth: 240
Insight is a comprehensive solutions integrator that helps organizations transform technology, operations, and service delivery to meet challenges and future-proof the business. With a client-focused approach to delivery, we recommend the most appropriate solutions to drive digital transformation and modernization for innovation. As clients look for ways to optimize data for better business, empower speed and scale of service, and drive next-gen security, Insight delivers expertise that is grounded, unbiased, and refreshingly straightforward.
- ISC2 Twin Cities ChapterBooth:
Our mission is to create a safe environment where information security practitioners can openly share expertise and ideas, providing practical, relevant, useful and timely information that, when applied, will develop and promote the ISC2 CISSP CBK®. help support the Information Security and Cyber Security Communities of the Upper Midwest.
The objectives of this chapter are to:
• Educate: Provide low cost (or no-cost), high impact educational opportunities for both new and seasoned information security practitioners.
• Network: Create an environment that encourages relationship building and professional growth via networking and creating Mentorship opportunities
• Transform: Provide a forum for the free exchange of bold, innovative, transformative ideas to advance the perception and effectiveness of information security. - ISACA Minnesota ChapterBooth:
With approximately 1,100 members from over 100 organizations, we are the premier organization for information technology audit and control professionals in Minnesota and surrounding areas.
Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IT governance, IS audit, control and security profession throughout the state of Minnesota.
On our website, you will find a wealth of information about events and volunteer opportunities within our chapter including local job postings. Please be sure to visit the members-only pages for important information about your chapter, special members-only benefits.
- ISSA Minnesota ChapterBooth:
The Minnesota Chapter of ISSA (MN ISSA) serves the Minneapolis / St. Paul twin cities area, greater Minnesota and western Wisconsin. Our membership, over 170 strong and growing, is drawn from the multitude of large corporations, small businesses, government entities and educational institutions in the area. They span all levels of career growth, from students and entry-level to senior management, and cover all industries – finance, medical, government, education, retail, technology, services, and more. This depth of experience and breadth of knowledge provides a dynamic networking environment and a cadre of great individuals to draw from for education, guidance and thought leadership.
- Ixia, a Keysight BusinessBooth: 127
We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.
- MalwarebytesBooth: 200
Malwarebytes secures endpoints, making workplaces resilient. Our adaptive attack protection predicts and detects attacks with multi-layer detection across the kill chain. We enable active threat response with machine learning that is actionable and automated, allowing for full recovery when a compromise occurs. We empower enterprise endpoint orchestration across siloed IT and Security organizations, simplifying security management and making responses effective. Malwarebytes makes endpoints resilient so workplaces can protect and remediate, and employees can regain control of their digital lives. Visit us at www.malwarebytes.com/business.
- MimecastBooth: 220
Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.
- <Booth: 225
- OWASP Minneapolis-St. PaulBooth:
- ProcessBoltBooth: 300
ProcessBolt automates vendor risk assessments for both enterprises and their vendors. Our hosted platform saves time, improves efficiency and reduces risk through improved workflow and collaboration. Customers include small, mid-sized and enterprise companies in North America and Europe including multiple Fortune 500 clients. Visit https://www.processbolt.com for more information.
- ProcessUnityBooth: 145
ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources.
- RadwareBooth: 115
Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.
- TechTargetBooth:
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- Twin Cities Identity & Access Management User GroupBooth:
A vendor neutral user group designed to be a forum for discussing the best practices for both technology and business usage of Identity and Access Management (IAM) frameworks.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Brent LassiCISO, Bluecore, Inc.
Brent Lassi is currently the CISO at Bluecore, Inc. He has nearly 20 years of experience in the information security field. Brent's previous roles include CISO at Carlson Wagonlit, Director of Information Security at UnitedHealth Group, CISO and VP of Information Security at Digital River, Inc. for a decade. He also co-founded one of the world’s first application security companies, specializing in secure design and review of software.
- Jennifer ReichertsCertified Ethical Hacker, Healthcare Information Security Analyst
Jennifer Reicherts is an Information Security Analyst with over 16 years of experience working in the Healthcare and Public Health sector. Her passions include IoT cybersecurity and threat intelligence. Jennifer is a Certified Ethical Hacker (CEH) and an Executive Board Member of InfraGard Minnesota Member Alliance.
- Carlos GarciaEnterprise Architect, Office of CIO, Optum
Carlos has specialized in Identity and Access Management systems for the past 20 years. His experience has been in the architecture and implementation of large enterprise and consumer IAM systems. Most of his career has been spent designing and running the large scale IAM systems for UnitedHealth Group. His experience and leadership led him to work on unique challenges such as helping to stabilize and improve the 2013 troubled implementation of healthcare.gov, as well as other state health exchanges. In his current role, he works in collaboration to drive the future technology state of UnitedHealth Group and has been a member of the Identity Defined Security Alliance Customer Advisory Board since 2017.
- Christopher RencePresident, Rimage Corporation; CSRO, Equus Holdings
Christopher is President and CEO of Rimage Corporation. He has more than 25 years of experience leading global security and technology transformation for Accenture, FICO, Digital River, and EQ Holdings, with deep expertise in governance and compliance, business continuity and disaster recovery, cloud architecture computing, and sustainability. GDPR, DPO, CIPPE, CRISC, CISO, MBCP
- Christopher GrilloVP & CISO, Formerly Deluxe Corporation
- Christopher McMahonSpecial Agent, Global Investigative Operations Center, United States Secret Service
Chris McMahon is a Special Agent for the United States Secret Service. Prior to joining the Secret Service, Chris was a Prince George’s County, MD Police Officer. Chris is a well-seasoned criminal investigator specializing in cyber-enabled financial fraud, money laundering, credit card/ID fraud among other crimes. Chris began his Secret Service career out of the New York Field Office spending time between the Fraud Squad and Electronic Crimes Task Force where he earned the designation NITRO Agent for specialized training in network intrusions. While in the New York Field Office, Chris ran point on several large-scale multi-national criminal investigations targeting transnational organized crime groups. Chris is currently assigned to the U.S. Secret Service, Global Investigative Operations Center (GIOC) where he specializes in Business Email Compromise schemes and account takeovers focusing on the international nexus of cyber-enabled financial crime.
- Jason RaderDirector, Network & Cloud Security, Insight Cloud + Data Center Transformation
Jason Rader joined Insight in 2015 as the National Practice Director of Security. He is charged with managing Insight’s security portfolio including strategic consulting offerings and technology focused solutions. Jason has over 20 years experience and has a deep understanding of the skills, tools, and methodologies required to deliver true solutions related to today’s security challenges.
- Alexandra PanaretosAmericas Lead for Human Cyber Risk and Education, EY
With a background in broadcasting and operational security, Alex specializes in secure communications and education, awareness program development, the psychology of social engineering, human-based risk mitigation, and behavior analytics. She has over 12 years of experience developing and implementing security awareness, communication, and education strategies in Fortune 50/100 companies and other global enterprises. Alex is OPSEC Manager II Certified by the U.S. Army and the Joint Information Operations Warfare Center (JIOWC). She volunteers with local law enforcement agencies educating parents, community groups, and youth organizations on information security and social media safety in her free time.
- Lynette CraneFounder & CEO, Quiet Brilliance Consulting LLC
Lynette Crane, MA, is a Minneapolis-based mentor to introvert CEOs, an acclaimed national speaker, corporate trainer, executive coach and author, and Founder of Quiet Brilliance Consulting LLC Trained in psychology, she has more than 30 years' experience in her field. Lynette Crane and Quiet Brilliance Consulting help smart companies who are looking everywhere for leadership and innovation to recognize the treasure they may already have within their workforce, and to unlock the full revenue-boosting potential of these SMEs (subject matter experts) to drive innovation, turbocharge collaboration and retain top talent in an increasingly competitive market.
- Frank LeyvaSystems Engineer, Radware
Frank Leyva is a Systems Engineer with Radware, a market leader in cybersecurity with a focus on Network and Application level availability, and security. Prior to that, he was a subject matter expert in network security defense with a leading anti-malware company, performing advanced threat analysis, deep packet inspection, and creating hacker profiles for after attack reports. His skillset spans across all infrastructures, from on premise, physical, and virtual, to cloud, ISP, hosting, and carrier grade networks. He has spoken at many engagements with security partners, vendors, and C-level executives, continuously striving to stay up to date with current security trends, vulnerabilities, and exploits. As a prior service Marine, he is a member of LinkedIn Vets, and is also a member of InfraGard North Texas chapter, Dallas Hackers Association, and is an advisory board member for Navarro College.
- Milinda Rambel StoneVP & CISO, Provation Medical
Milinda Rambel Stone is an executive security leader with extensive experience building and leading security programs, including Information Security Governance, Vulnerability Management, Incident Investigation & Response, Security Awareness, and Risk Management & Compliance. With significant experience in creating and managing large-scale information security programs in technology, healthcare, and financial services, today Milinda puts this expertise to work as a VP and CISO at Provation Medical.
- Brian BoboCISO, Sun Country Airlines
Brian Bobo is the Chief Information Security Office for Sun Country Airlines in Eagan, Minnesota. He is responsible for all aspects of the security and disaster recovery strategy, implementation, and effectiveness. Sun Country Airlines focuses on vacation destinations taking vacationers to the tropical beaches of Mexico, Costa Rica, and the Caribbean, as well as flying charters to support our troops across the world.
Previously, he was the Director of Global Security at Ecolab, a leading provider in water, hygiene, and energy technologies to foodservice, food processing, hospitality, healthcare, industrial, and oil and gas companies in over 170 countries. In this role, Bobo was responsible for the planning and execution of effective processes and technologies for incident response and security operations. He also leads the security awareness and continuous improvement of security.
Prior to Ecolab, Bobo was the CISO for Schneider, a leading provider of transportation, intermodal and logistics services. In this role, Bobo was responsible for the planning and execution of effective processes throughout the enterprise for information security, personal and physical security, as well as disaster recovery, business continuity and emergency preparedness. Prior to that, Bobo was a Technologies Services Manager for Target Corporation, where he managed corporate-wide information protection and IT security teams. Bobo worked for Target for 12 years, holding various positions with increasing responsibility, including warehouse management, IT security and disaster recovery. Bobo has 30 years of military experience serving in the U.S. Army and Army National Guard. He most recently led the Cyber team for the Minnesota Army National Guard prior to being promoted to the head of IT for the Minnesota Army National Guard.
Bobo received his Bachelor of Science degree in History and Systems Engineering from the United States Military Academy at West Point. He holds a Master’s Degree in Business Administration from the University of Florida and a Master's Degree in Strategic Studies from the U.S. Army War College. In addition, Bobo has earned the Certified Information Systems Security Professional and Certified Business Continuity Professional certifications.
- Brent LassiCISO, Bluecore, Inc.
Brent Lassi is currently the CISO at Bluecore, Inc. He has nearly 20 years of experience in the information security field. Brent's previous roles include CISO at Carlson Wagonlit, Director of Information Security at UnitedHealth Group, CISO and VP of Information Security at Digital River, Inc. for a decade. He also co-founded one of the world’s first application security companies, specializing in secure design and review of software.
- Tammylynne JonasCIO, Self Esteem Brands
Tammylynne Jonas (TLJ) is a seasoned digital and technology executive with almost 20 years of experience leading large, international teams. TLJ is the Global CIO for Self Esteem Brands, the parent company for Anytime Fitness. In this role, TLJ has responsibility for multiple franchise brands, with almost 5000 locations across almost 40 countries. She owns development, infrastructure, security and data/ analytics. Before SEB, TLJ was the CIO for Holiday Companies. TLJ spent 15 years at Kohl’s Department Stores, and worked for Accenture before that.
TLJ holds an Executive MBA in International Business from Marquette University, and has undergraduate degrees in Math, English and Spanish. TLJ sits on the Board of Directors for the MN Better Business Bureau, the Northrop Auditorium at the University of Minnesota, The Minnesota CIO Advisory board, the Twin Cities Innovation Council, and is a volunteer for the Girl Scouts.
In 2019, TLJ was named a finalist for “CIO of the Year” in the Minneapolis- St. Paul Business Journal. In addition, she was named a finalist in the “Wavemaker of the Year” by Team Women. In 2017, she was named “Young Alumna of the Year” by Marquette University. In 2015, she was named “40 Under 40” by the Milwaukee Business Journal. TLJ resides in Medina, Minnesota, with her husband and 3 kids: 10, 7 and 5.
- Michael BlahaSr. Director, Cloud Operations, NucleusHealth
Michael Blaha is currently Sr. Director of Cloud Operations and Security at NucleusHealth. Throughout his career, Michael has made a focus of integrating security and cloud native principles into his delivery and operations teams in both the healthcare payer and healthcare Software-as-a-Service space.
- Jack Freund, PhDDirector, Risk Science, FAIR Institute
Dr. Jack Freund is a leading voice in cyber risk measurement and management. He is an expert at building relationships to collaborate, persuade, and sell information risk and security programs. Jack is currently serving as Director, Risk Science at RiskLens and previously worked for TIAA as Director, Cyber Risk. Jack holds a PhD in Information Systems and has been named an IAPP Fellow of Information Privacy. Jack’s book on quantifying risk (Measuring and Managing Information Risk: A FAIR Approach) was inducted into the Cybersecurity Canon in 2016. Jack’s writings have appeared in the ISSA Journal and he currently writes a column for the @ISACA newsletter.
- Joshua CarlsonData Privacy and Technology Law Attorney, The Carlson Firm
Joshua Carlson is a privacy lawyer but also is a technologist and understands sytem engineering, he has for a long time held his CISSP, CIPP, CIPP/G, CIPP/E and provides guidance and advisory to organizations around the world.
- Dr. Ben EdwardsSr. Data Scientist, Cyentia Insitute
Dr. Benjamin Edwards joined Cyentia at the beginning of 2019 as hire #1. He was formerly with IBM Research, where he worked in applying advanced machine learning techniques to solve real world security problems and shaped the next generation of analytical security models. Before that he received his Ph.D. from the University of New Mexico with a research focus that blended the fields of security, data science, and complex systems. His work has lead to a better understanding of global attack trends, the effects of security interventions, and even nation state cybersecurity policy.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes