- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Thursday, March 18, 20218:00 amExhibitor Hall openRegistration Level:
- Open Sessions
8:00 am - 9:00 amLocation / Room: Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amAdvisory Council RoundtableGetting Third-Party Risk Management Right During the PandemicRegistration Level:- VIP / Exclusive
8:00 am - 8:50 amThis session is for SecureWorld Advisory Council members by invite only.
Managing cybersecurity risks arising from third parties is a continuous process. Organizations must stay focused and vigilant during the third-party risk assessment process, especially during the current pandemic situation, to ensure they stay protected. We will discuss some of the key risk areas that may be impacted: cybersecurity, supply chain, reputational, regulatory, strategic, operational, financial, and financial fraud.
8:15 amNot Just a Checkbox Anymore: InfoSec Policies that Drive Accountability and Security-MindednessSr. Director, Information Security, Sleep NumberRegistration Level:- Open Sessions
8:15 am - 8:55 amSecurity policies are a foundational requirement of any security program. Most of us have them, auditors review them, and we update them annually. That is a good start, but are your policies working for you in a way that advances your security program? A well-designed policy structure coupled with strategic communication, training, and processes will enable organizational clarity, gain executive buy-in, drive accountability, and even help advance security culture.
Tina Meeker, CISSP, CIPP/US, and Sr. Director of Information Security for Sleep Number, will share proven practices to help you take your policy design and operational practices to the next level (or build from scratch) based on her experience in this space for over 15 years across several organizations across various industries.
In this session, you will learn how to:
- Architect a policy structure that fits your organization’s needs
- Gain buy-in from the top and key stakeholders early and often
- Identify key stakeholders to develop and deliver custom messaging (and training if needed) and drive ownership and accountability
- Establish a simple “policy operations” process to help capture challenges and exceptions and to ensure proper visibility to risks
- Evolve policy over time, staying in line with business capabilities and priorities
8:15 amThe Challenge of Detecting Threats in the CloudVP of Solutions, SecuronixRegistration Level:- Open Sessions
8:15 am - 8:55 amDetecting threats in the cloud presents several challenges: dealing with new technologies and facing new threat scenarios, exacerbated by the COVID-19 accelerated cloud adoption. Gartner indicates that organizations have been expanding their adoption of cloud security-oriented tools, such as Cloud Security Posture Management (CSPM) and Cloud Access Security Broker (CASB), as they try to keep cloud-related threats under control. However, not all organizations have an interest in adopting all these added technologies, and even when they do, the challenge of integrating them into their security monitoring infrastructure remains.
Join this discussion to learn:
- What are the differences between traditional threats and cloud threats?
- How to align your security monitoring architecture to the new cloud monitoring requirements
- How to optimize cloud security monitoring with a cloud-first SIEM approach
8:15 amA Modern Approach to Information ProtectionSr. Director, Enterprise Security Strategy, ProofpointRegistration Level:- Open Sessions
8:15 am - 8:55 amData Loss Prevention (DLP) solutions alone can no longer address today’s data privacy requirements. Customer PII data is the most often lost or stolen data, and more than half of these breaches involve malicious attacks. Challenges like increasing threat activity, difficulty protecting a remote workforce, and accelerating migration of data to cloud platforms make it harder to secure data and comply with privacy regulations—especially when analysts need multiple tools to investigate data leakages. So how can you better protect your company in 2021?
9:00 am[Opening Keynote] Security as an Innovation LabSystem VP & CISO, SSM HealthRegistration Level:- Open Sessions
9:00 am - 9:45 amTraditionally, security is seen as a cost center. What if we could flip that on its head by using security concepts to drive business revenue? Every department would want the security team at the table. In this session, I’ll talk about innovative ways to draw positive attention to information security in a way that makes people want to give time and resources to security.
9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:00 amLocation / Room: Exhibitor FloorVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:00 amEnemies Among Your Friends: Vendor Management in a Post SolarWinds WorldChief Security Officer & Technology Lead, Trexin GroupCo-Founder & Managing Partner, XPAN Law PartnersRegistration Level:- Open Sessions
10:00 am - 10:30 amWe have had one of the most seismic shifts in the world of data privacy and cybersecurity in the SolarWinds breach. In this single incident, we see the convergence of what security and data privacy experts have been railing about for years: namely, the terrifying reality of prolonged access to a system and a robust supply chain breach.
One of the most important considerations in cybersecurity does not involve your own direct network security; it involves your partners and vendors. You are only as strong as the weakest link in your vendor chain. The ease, convenience, and cost effectiveness of outsourcing certain business functions frequently overshadows the potential pitfalls lurking in using outside third parties and vendors.
This presentation will include technology and legal perspectives as we “unpack” the SolarWinds breach. Providing interplay between the two worlds, we will begin with a technology overview of the “reach of the breach,” then discuss the legal ramifications in terms of contractual obligations, insurance coverage, and regulatory issues. Finally, we will discuss the steps your organization needs to take to ensure that any partners or vendors with access to your network systems or company data are meeting (at least) a minimum level of security requirements. We will go through the steps involved in a vendor management program and explain how to get started (or how to get better) at managing vendors.
10:00 amAchieving the Security Data LakeVP, Solution Architecture, ChaosSearchRegistration Level:- Open Sessions
10:00 am - 10:30 amLocation / Room: 103The promise of the Security Data Lake is to provide a centralized, massively scalable repository for ALL data relevant for the Security Operations team, enabling many core functions required by the modern enterprise—monitoring and alerting, threat hunting, advanced persistent threat protection, DDoS mitigation, and many others. But the quest to achieve it has been a rocky one, as infrastructure complexity has prevented most teams from achieving the vision.
This session will explain the benefits of achieving a true security data lake, explain the previous barriers that companies have faced, and describe a new approach which is allowing companies to achieve the vision, and finally put the Security Data Lake at the heart of their overall Security Architecture.
10:00 amTop 4 Reasons Why Privileged Access Management Implementations FailChief Strategy Officer, RemediantRegistration Level:- Open Sessions
10:00 am - 10:30 amIt is shocking that, year over year, stealing credentials is still the top tactic used by attackers to breach organizations. Why is this still happening? Hint: It isn’t only because of weak passwords. Organizations have invested heavily into privileged access management (PAM) technologies, but these solutions have struggled to address the problem for five key reasons. In this discussion, we will address the gaps in current access management approaches but, more importantly, show you how to quickly close the gaps and significantly reduce security risks without disrupting your current investments or systems.
Join Remediant in this discussion to:
- Learn the five reasons why privileged access management implementations fail
- Identify areas in your IAM program where you can reduce admin access risk
- Capitalize on existing investments, while improving your risk posture
Presentation level: TECHNICAL (deeper dive including TTPs)
10:30 amNetworking BreakRegistration Level:- Open Sessions
10:30 am - 10:45 amVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:45 amBusiness Continuity Planning: The SequelVP & CISO, Provation MedicalRegistration Level:- Open Sessions
10:45 am - 11:15 amOne year into the pandemic, we’ve battle tested our business continuity plans. What worked and what do we need to adjust? Now, get ready for the sequel. Organizations now need to consider collecting and tracking key metrics of employee health and safety, especially for those returning to the office. Join Milinda Rambel Stone, Vice President & CISO at Provation Medical, as she discusses the next plan your organization may need: how to securely collect and protect employee health and safety data.
10:45 amConquering Cloud ComplexityCTO, RedSeal NetworksRegistration Level:- Open Sessions
10:45 am - 11:15 amCloud security is hard, not least because cloud platforms change so quickly. This talk presents several lessons learned from security teams struggling to get their arms around the sprawl of modern infrastructure, using practical analogies from pandemics and earthquakes.
10:45 amFrom Zero to Full Domain Admin: The Real-World Story of a Ransomware AttackChief Security Scientist & Advisory CISO, DelineaRegistration Level:- Open Sessions
10:45 am - 11:15 amFollowing in the footsteps of a cybercriminal and uncovering their digital footprint. This is a journey inside the mind of an ethical hacker’s response to a ransomware incident that brought a business to a full stop, and discovering the evidence left behind to uncover their attack path and the techniques used. Malicious attackers look for the cheapest, fastest, stealthiest way to achieve their goals. Windows endpoints provide many opportunities to gain entry to IT environments and access sensitive information. This session will show you the attacker’s techniques used and how they went from zero to full domain admin compromise that resulted in a nasty ransomware incident.
11:15 amNetworking BreakRegistration Level:- Open Sessions
11:15 am - 11:30 amVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
11:30 amMaking the Complex Consumable: Conducting the Information Security SymphonyDirector, Information Security, DatasiteRegistration Level:- Open Sessions
11:30 am - 12:00 pmInformation Security programs protect complex businesses. Learn how to keep it simple.
Securing your organization can be daunting—further complicated by a global pandemic. You enter a new organization and you need to build a Security team and a practice. Where do you start? Your business, Board, colleagues, leadership, and stakeholders all have expectations. Do not get overwhelmed. Learn how to leverage your resources to orchestrate an Information Security program.
Presentation level: MANAGERIAL (security and business leaders)
11:30 amThe Implementation Journey of Zero Trust and SASE: Realizing the BenefitsVP, CSO - Cloud Security Transformation, NetskopeRegistration Level:- Open Sessions
11:30 am - 12:00 pmMost organizations have a hybrid implementation of cloud and on-prem services. With the rapid adoption of business digitalization and expanding remote work force, how do we consolidate controls and enhance the security of the systems?
In this hybrid mode, enterprises need speed, visibility, security, and reliability without compromise. Enter the secure access service edge, better known as SASE. It’s inevitable that SASE implementations and Zero Trust implementations will provide a more comprehensive security capability to truly support digital transformation. How can your organization best position itself for the transition?
In this session, James Christianson will discuss:
· How to migrate your security controls to take advantage of SASE
· Reducing cost while increasing your security posture
· Implementing a road map for SASE / Zero Trust11:30 amHow to Effectively Manage the Modern Risks of Open Source CodePrincipal Security SME, Horizon3.aiRegistration Level:- Open Sessions
11:30 am - 12:00 pmToday’s modern applications depend on of a substantial amount of open source components and third-party libraries, and developers acknowledge that utilizing open source allows them to focus more on unique code attributes instead of recreating what’s already been successfully established. Although organizations acknowledge a heightened level of security, license, and operational risk, unfortunately, many don’t effectively track or manage open source throughout their entire code base and cannot consistently address the widening hazards they face.
As a result, organizations desire automated, repeatable processes for open source usage, risk management, and vulnerability remediation that fit within modern development environments.
In this session, attendees will hear recommendations from Stephen Gates, Checkmarx SME, on how to effectively implement an approach to:
- Identify open source with confidence
- Minimize open source security and license risks
- Prioritize exploitable vulnerabilities
- Accelerate informed remediation
- Integrate and automate open source analysis
Presentation level: MANAGERIAL (security and business leaders)
12:00 pmNetworking BreakRegistration Level:- Open Sessions
12:00 pm - 12:15 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
12:15 pmThe Unified Controls FrameworkVice President, Information Security Strategy, Innovation and Analytics, Allstate Insurance CompanyRegistration Level:- Open Sessions
12:15 pm - 1:00 pmIn this presentation, Mia Boom-Ibes, Allstate Vice President, will explore the Secure Software Development Life Cycle and how you can deliver secure products—making the easy thing the right thing to do for your product development teams.
You’ll get examples that you can put into practice, and leave armed with the knowledge and skills on how to improve code quality and gain transparency into the residual risks. The presentation will also cover a future focus on the unified control framework program and how the world of secure software development is innovating to stay in front of emerging threats.
12:15 pmGet Beyond Compliance and Achieve Real Data SecuritySVP, Strategy and Imperva Fellow, ImpervaRegistration Level:- Open Sessions
12:15 pm - 1:00 pmTo keep pace with the database activity explosion that has accompanied recent rapid technology innovations, organizations must rethink their strategy for securing their data assets. A strategy designed to meet compliance requirements is not enough. Organizations need to develop new approaches that augment traditional agent-based monitoring to achieve real data security today and in the future.
We’ll provide insight into how you can automate data collection and monitoring so you may apply more resources to identifying non-compliant behavior and orchestrating rapid responses, regardless of where your data is or the size of your data estate.
12:15 pm[Panel] Workforce 2.0: The New NormalSr. Director, Product Management, SynopsysDirector, Sales Engineering, SpyCloudSolutions Architect, OktaRegistration Level:- Open Sessions
12:15 pm - 1:00 pmOur panelists will discuss the continued challenges with managing the remote workforce securely. Whether people go back to an office again is up in the air, but InfoSec and Operations must have processes and technology in place to keep the business running with an acceptable risk. Bring your questions for our panel.
1:00 pmNetworking BreakRegistration Level:- Open Sessions
1:00 pm - 1:15 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pmThe Intersection of the Cyber and Biological PandemicsPresident, Rimage Corporation; CSRO, Equus HoldingsRegistration Level:- Open Sessions
1:15 pm - 2:00 pmThe world changed overnight, and we adapted to it, but so did the hackers and cybercriminals. We are seeing a new breed of cyber mercenaries for hire, hackers for hire, ransomware-as-a-service (RAAS), and enterprise-level tools and servers to help manage this new Dark Web of consulting services. This is why we are all players in the new game of WWD even if we do not know it.
The false security we wrap ourselves in—hoping the other guy, tool, or services we have invested in, even at the lowest level that will protect us—is fleeting. The Dark Web is becoming the e-commerce for obtaining off the shelf roadmaps to your systems architecture, the data you hold, the tools and processes needed to access your environment—physical, logical, and your R&D.
All animals, including humans, are wired to either fight or flight when challenged. The new predators on the planet include a hybrid of human-animal that is adopting new tools that leverage AI/ML, pitting offense and defense with no evolutionary road map and little remorse for the outcome.
Presentation level: TECHNICAL (deeper dive including TTPs)
1:15 pm[Panel] Ransomware, BEC Attacks, and Insider Threats - What's Next?Vice President of Security, Code42Global Principal Engineer, CorelightSr. Business Consultant, Cybersecurity, Honeywell Building SolutionsVP of Solutions, SecuronixRegistration Level:- Open Sessions
1:15 pm - 2:00 pmEven a pandemic didn’t slow the roll of hackers and other nefarious groups. Ransomware and BEC attacks are at an all-time high, and insider threats (malicious and unknowing) are on the rise, as well. It seems if a dollar is to be had, someone is trying to take it. So, how do we arm our clients, partners, and coworkers with the tools they need to identify these next-level threats?
1:15 pm[Panel] Let's Talk About CloudsDirector of Technology - Office of the CTO, ImpervaChief Security Strategist, Tenable, Inc.Advisory CISO, Cisco; Former CISO, The Ohio State UniversityRegistration Level:- Open Sessions
1:15 pm - 2:00 pmIt’s been a year now since many companies were forced to adopt cloud services or perish. For many, this was a huge shift and a leap of faith. This discussion will cover lessons learned, positives we have uncovered, and some of the new alphabet soup relating to cloud—CASB, SaaS, IaaS, etc.
2:00 pmNetworking BreakRegistration Level:- Open Sessions
2:00 pm - 2:15 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:15 pmOffice, Home, or Hybrid: Manage and Secure Endpoints Anywhere, AnytimeExecutive Sales Manager, baramundi Software USA Inc.Registration Level:- Open Sessions
2:15 pm - 3:00 pmCyberattacks have quadrupled since the beginning of the pandemic. Lots of endpoints are currently on their own when it comes to being managed and protected. What will happen when these machines come back to the office, or are they coming back at all? This presentation will address the different scenarios that companies may encounter and how to resolve them by automating their endpoint management.
2:15 pmFaking It: Stopping Impersonation Attacks with Cyber AIDirector, Email Security Products, DarktraceRegistration Level:- Open Sessions
2:15 pm - 3:00 pmToday, 94% of cyber threats still originate in the inbox. “Impersonation attacks” are on the rise, as artificial intelligence is increasingly being used to automatically generate spear-phishing emails, or digital fakes, that expertly mimic the writing style of trusted contacts and colleagues.
Humans can no longer distinguish real from fake on their own, and businesses are increasingly turning to AI to distinguish friend from foe and fight back with autonomous response.
In an era when thousands of documents can be encrypted in minutes, “immune system” technology takes action in seconds—stopping cyber threats before damage is done.
Find out how in this session.
3:00 pm[Closing Keynote] Adapting in the Wild: How Businesses, Their CISOs, and IT Organizations Have Responded to COVID-19Former CISO, City of Chicago; President, Bradford Garrett GroupRegistration Level:- Open Sessions
3:00 pm - 3:45 pmIT professionals have had an incredible front row seat to one of the most extensive and lengthy business continuity plan (BCP) exercises we’ve ever seen, so in many ways, this has been a case study in resilience—both of systems and the human spirit. The pandemic fundamentally altered how people worked, and IT was the enabler.
The audience will gain insights as to how COVID-19 has impacted the IT field and how CISO organizations have had to shift their responsibilities during the pandemic. Tina will reflect on considerations for employees returning from the wild and share what steps companies can take to improve their risk management posture moving forward.
Presentation level: MANAGERIAL (security and business leaders)
- Aqua SecurityBooth:
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed. Aqua customers are among the world’s largest enterprises in financial services, software, media, manufacturing and retail, with implementations across a broad range of cloud providers and modern technology stacks spanning containers, serverless functions, and cloud VMs.
- baramundi software USA, Inc.Booth:
baramundi Software provides companies and organizations with efficient, secure, and cross-platform management of workstation environments.
The baramundi Management Suite (bMS) combines all important features for Endpoint Management: Patch Management, Software Deployment, OS-Installation, Enterprise Mobility Management, Vulnerability Assessment, and more. bMS optimizes IT management processes by automating routine tasks and providing an extensive overview of the status of the network and endpoints. In doing so, it relieves pressure on IT administrators and ensures that users always have the necessary rights and applications on all platforms and form factors; whether on PCs, servers, notebooks, mobile devices or Macs.
Over 3,000 customers around the world benefit from nearly two decades of experience and the easy-to-use software solution.
- ChaosSearchBooth:
ChaosSearch delivers on the true promise of data lakes, instantly turning a company’s own cloud object storage into a hot, robust, streamlined analytics engine. We make it surprisingly easy for businesses to gain insights from terabytes to petabytes of data, quickly and at minimal cost. Founded in 2017, ChaosSearch is headquartered in Boston, MA.
- Checkmarx Inc.Booth:
Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.
- CiscoBooth:
Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.
- Code42Booth:
Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.
- CorelightBooth:
Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com
- Cybercrime Support NetworkBooth:
Cybercrime Support Network (CSN) is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime. CSN’s mission is to improve the plight of Americans facing the ever growing impact of cybercrime by bringing together national partners to support cybercrime victims before, during, and after.
- DarktraceBooth:
Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.
The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.
- GigamonBooth:
Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com.
- HoneywellBooth:
Honeywell International Inc. is a publicly-traded conglomerate headquartered in Charlotte, North Carolina, United States that produces commercial and consumer products, engineering services and aerospace systems.
- ImpervaBooth:
Imperva is a leading provider of data and application security solutions that protect business-critical information in the cloud and on-premises. Cybercriminals constantly change their tactics. But what they are after, and how they ultimately make money, doesn’t change. They are after data. They make their money through extortion, via DDoS and ransomware, and through theft via data breaches. Today, data and applications are the fundamental assets of any enterprise. Data are the intellectual property and apps are what run the business. Imperva has a singular purpose: protect these critical assets from the ever-changing attacks of the cybercrime industry.
- NetskopeBooth:
The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.
- OktaBooth:
Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.
- ProofpointBooth:
Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.
Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.
- Recorded FutureBooth:
Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.
- RedSealBooth:
By focusing on cybersecurity fundamentals, RedSeal helps government agencies and Global 2000 companies measurably reduce their cyber risk. With RedSeal’s cyber terrain analytics platform and professional services, enterprises improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif.
- RemediantBooth:
Founded in the heart of San Francisco, Remediant offers an industry leading Privileged Access Management (PAM) solution we call SecureOne. Our innovative and enterprise-class cybersecurity solution enables real-time monitoring, Zero Trust protection of privileged accounts and Just-In-Time Administration (JITA) across IT/Security/Cloud ecosystems. We protect organizations from stolen credentials being used against them, which is the number one attack vector across all breaches. To learn more, please visit: www.remediant.com
- SecuronixBooth:
Securonix is redefining threat detection and response for today’s hybrid cloud, data-driven enterprise. Securonix Next-Gen SIEM and XDR are powered by the most advanced analytics and built on a scalable, flexible cloud native architecture. Securonix leverages behavioral analytics technology that pioneered the UEBA category to reduce noise, prioritize high fidelity alerts, and enable fast and precise response to insider and cyber threats.
- SpyCloudBooth:
SpyCloud is the leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts worldwide. Our award-winning solutions proactively defeat fraud attempts and disrupt the criminals’ ability to profit from stolen information. Learn more & check your exposure at spycloud.com.
- SynopsysBooth:
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
- TechTargetBooth:
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- TenableBooth:
Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.
- ThycoticBooth:
Thycotic empowers more than 10,000 organizations around the globe,
from small businesses to the Fortune 500, to protect privileged accounts. We make enterprise-level privilege management accessible for everyone by eliminating dependency on complex security tools and prioritizing productivity, flexibility and control. You’ll achieve more with Thycotic – even in your first 30 days -than with any other privilege security tool.
- Tina MeekerSr. Director, Information Security, Sleep Number
Tina is currently the Sr. Director of Information Security at Sleep Number Corporation and has held executive cybersecurity leadership positions at Best Buy, Shutterfly, and Target Corporation. Tina holds a B.A. in Organizational Behavior from St. Scholastica and an MBA from Augsburg University. Tina also maintains active CISSP and CIPP/US certifications and is an adjunct cybersecurity instructor at Dunwoody College in Minneapolis, and serves on their advisory board. She is also currently the Vice President of the newly-formed Minnesota Chapter of the WiCyS (Women in CyberSecurity) National Organization.
- Mike StacySr. Director, Enterprise Security Strategy, Proofpoint
Mike works with customers and oversees technical strategy for areas which include cloud security, advanced email defense, SOAR, browsing security, and SDP. Prior to joining Proofpoint, Mike held numerous technical leadership and product strategy roles across a variety of solutions.
- Gary S. ChanSystem VP & CISO, SSM Health
Gary S. Chan helps organizations innovate, stay secure, and meet compliance using information security as the vehicle. He has architected anti-fraud systems for state agencies, led the information security teams for a large-cap technology company, leads the information security department for a large multi-state healthcare system, owns an information security consulting company, and is an evaluator and mentor for cybersecurity start-ups. He served as President of the FBI St. Louis Citizens Academy Alumni Association and is on the board of the Greater St. Louis Area Association of Certified Fraud Examiners. An adaptable individual with international experience, Gary has been based out of Asia, Europe, and the U.S. and has a refined ability to resolve conflict through negotiations and mediations. He holds four security certifications and a degree in Electrical Engineering & Computer Science from MIT.
- Glenn KapetanskyChief Security Officer & Technology Lead, Trexin Group
Glenn Kapetansky has a passion for building systems, organizations, and teams, and has done so across a number of business sectors, technologies, and roles. For over 20 years, Glenn has advised senior executives and built teams throughout the delivery cycle: strategy, architecture, development, quality assurance, deployment, operational support, financials, and project planning. His credentials were earned in such diverse industries as healthcare, finance, energy, consumer products, and telecommunications. Glenn's current focus areas—as Senior Principal and Chief Security Officer at Trexin Group—are agile management, data protection, and audit/regulatory compliance.
Glenn speaks and publishes on occasion. He has been named numerous times in various Who's Who, and is a repeat recipient of Bell Labs' Arno Penzias Award for Innovation in the Marketplace. He is active in CIO Roundtables, CISO Chicago, the Chicago Life Sciences Consortium, and the Technology Leaders' Association. Glenn's certifications and memberships include IEEE, ISC2 (CISSP), ISACA (CISA), and ITIL (SM).
- Rebecca RakoskiCo-Founder & Managing Partner, XPAN Law Partners
Rebecca L. Rakoski is the managing partner at XPAN Law Partners, LLC. Rebecca advises her clients on a proactive, multi jurisdictional approach to identify and address data privacy and cybersecurity compliance gaps and potential liabilities. She uses her extensive experience to work with her clients to create and tailor a security and privacy governance program that fits their specific needs in order to limit their regulatory exposure.
Rebecca counsels and aggressively defends public and private corporations, and their boards, during data breaches and responds to state/federal regulatory compliance and enforcement actions. As an experienced litigator, Rebecca has handled hundreds of matters in state and federal courts. Rebecca skillfully manages the intersection of state, federal, and international regulations that affect the transfer, storage, and collection of data to minimize her client's litigation risks.
Rebecca regularly negotiates complex contractual provisions that are impacted by domestic and international data privacy regulations including the California Consumer Privacy Act of 2018, and the European Union's General Data Protection Regulation. She understands how the nature of the data can affect the role her client plays in the data transaction and uses that knowledge to mitigate corporate liability.
As a thought leader in the area of data privacy and cybersecurity, Rebecca serves on the New Jersey State Bar Association's Cyber Task Force. Rebecca is Vice-Chair Elect for the New Jersey State Bar Association's Bankruptcy Law Section.Rebecca has been appointed and served in multiple highly complex litigation matters by the New Jersey Superior Court as a Special Master in the areas of technology and eDiscovery. She also served on the Complex Business Litigation Committee that drafted and revised the New Jersey Court Rules involving electronic discovery. Rebecca was on the eDiscovery committee of her prior law firm and created its eDiscovery subgroup.
Rebecca is on the Board of Governors for Temple University Health Systems and is also the Acting Dean of Online Learning and an adjunct professor at Drexel University’s Thomas R. Kline School of Law.
- JD SherryChief Strategy Officer, Remediant
JD Sherry is a seasoned technology executive and is responsible for providing vision and awareness regarding the latest trends in cybersecurity, risk and compliance. Well-versed in enterprise security and data center architecture, as a former practitioner and CEO, JD has successfully implemented large-scale public, private, and hybrid clouds emphasizing security architecture best practices to meet strict compliance standards.
Over the last decade, he has established himself as a trusted senior advisor for the protection of Payment Card Industry (PCI), Health Information Privacy Act (HIPAA), and Personally Identifiable Information (PII) data. JD interfaces regularly with TV/media/press to provide expert insight on the state of cybersecurity and how individuals and organizations can adequately protect themselves from loss. JD has held Top Secret clearance and has an MBA/IT degree from Jones University and a B.S. degree from the University of Nebraska.
- Milinda Rambel StoneVP & CISO, Provation Medical
Milinda Rambel Stone is an executive security leader with extensive experience building and leading security programs, including Information Security Governance, Vulnerability Management, Incident Investigation & Response, Security Awareness, and Risk Management & Compliance. With significant experience in creating and managing large-scale information security programs in technology, healthcare, and financial services, today Milinda puts this expertise to work as a VP and CISO at Provation Medical.
- Mike LloydCTO, RedSeal Networks
Dr. Mike Lloyd has more than 25 years of experience in the modeling and control of fast-moving, complex systems. He has been granted 21 patents on security, network assessment, and dynamic network control. Before joining RedSeal, Mike Lloyd was Chief Technology Officer at RouteScience Technologies (acquired by Avaya), where he pioneered self-optimizing networks. Mike served as principal architect at Cisco on the technology used to overlay MPLS VPN services across service provider backbones. He joined Cisco through the acquisition of Netsys Technologies, where he was the senior network modeling engineer.
Dr. Mike Lloyd holds a degree in mathematics from Trinity College, Dublin, Ireland, and a PhD in stochastic epidemic modeling from Heriot-Watt University, Edinburgh, Scotland.
- Joseph CarsonChief Security Scientist & Advisory CISO, Delinea
Joseph Carson has more than 25 years of experience in enterprise security, an InfoSec Award winner, author of "Privileged Account Management for Dummies" and "Cybersecurity for Dummies." He is a CISSP and an active member of the cyber community, speaking at conferences globally. He’s an advisor to several governments, as well as to critical infrastructure, financial, and maritime industries.
- Theodore PetersonDirector, Information Security, Datasite
Theodore Peterson, CISSP, has over 30 years of IT and Information Security experience. He has a BA from the University of Minnesota and an MBA from Augsburg College. He currently is the Director Information Security for Datasite.
- James ChristiansenVP, CSO - Cloud Security Transformation, Netskope
James Christiansen is Netskope’s vice president of cloud security transformation and leader of the Global Chief Strategy Office. He is focused on enhancing Netskope’s global clients understand the challenges and solutions of cloud deployments by helping drive thought leadership in cloud security transformation.
James brings extensive expertise as a global leader in information security. Prior to joining Netskope, he was vice president CISO at Teradata where he led the global security, physical, and information security teams. Previously, James was vice president of information risk management at Optiv, chief information risk officer for Evantix, and CISO at Experian Americas, General Motors, and Visa International.
As a sought-after expert speaker on security, James has been featured at numerous prestigious events, including the Business Roundtable, Research Board, American Bar Association, American Banker, the RSA Conference, BankInfoSecurity, ISSA, ISACA, HIMSS, and MIS Training Institute. He has also been featured in The New York Times and quoted as an expert in USA Today, The Wall Street Journal, Reuters, United States Cybersecurity Magazine, Bloomberg, and Healthcare IT News.
James is a patent inventor and has received three innovation awards in cyber security, GRC, and cloud computing. He is the author of the Internet Survival Series and contributing author of CISO Essentials, as well as numerous industry papers.
- Stephen GatesPrincipal Security SME, Horizon3.ai
Stephen Gates brings more than 15 years of information security experience to his role as Principal Security SME at Horizon3.ai. He is a subject matter expert with an extensive hands-on background in security and is a well-known writer, blogger, presenter, and published author who is dedicated to conveying facts, figures, and information that brings awareness to the security issues all organizations face.
- Mia Boom-IbesVice President, Information Security Strategy, Innovation and Analytics, Allstate Insurance Company
Mia Boom-Ibes is Vice President, Security Innovation, Strategy and Analytics, ATSV for Allstate Insurance Company. In this role, she is responsible for Allstate's cybersecurity strategy and priorities. She manages relationships with key business and technology stakeholders to ensure alignment and oversees architectural standards to enable consistency across the enterprise.
Prior to becoming a vice president at Allstate in July of 2017, Mia was a director in Allstate Information Security with responsibility for setting the strategy and direction for information security governance, risk and compliance efforts across the corporation. She spearheaded the creation of the company’s first Enterprise Information Security Policy and Information Security Risk Management program aligned with industry best practices and frameworks. In addition, Mia has designed and built security governance programs to obtain or retain PCI compliance status at multiple institutions.
Mia began her Allstate career in 2012 as an information security compliance and consulting manager, quickly progressing to roles of increasing leadership. She previously served in information security roles at John Deere Financial, PwC Consulting and Discover Financial Services.
Mia holds CISSP and CISM certifications and bachelor’s degree from the College of Saint Benedict. As the proud mother of four sons, Mia leads an active lifestyle balancing her work responsibilities, learning new skills in mixed martial arts and enjoying time with her husband and children.
- Terry RaySVP, Strategy and Imperva Fellow, Imperva
Terry Ray is the SVP and Imperva Fellow for Imperva Inc. As a technology fellow, Terry supports all of Imperva’s business functions with his years of industry experience and expertise. Previously he served as Chief Technology Officer where he was responsible for developing and articulating the company’s technical vision and strategy, as well as, maintaining a deep knowledge of the Application and Data Security Solution and Threats Landscape.
Earlier in his tenure at Imperva, he held the role of Chief Product Strategist where he consulted directly with Imperva’s strategic global customers on industry best practices, threat landscape, application and data security implementation and industry regulations. He continues to operate as an executive sponsor to strategic customers who benefit from having a bridge between both company’s executive teams. He was the first U.S.-based employee, and during his 15 years at Imperva, he has worked hundreds of data security projects to meet the security requirements of customers and regulators from every industry.
Terry is a frequent speaker for RSA, ISSA, OWASP, ISACA, IANS, CDM, NLIT, The American Petroleum Institute, and other professional security and audit organizations in the Americas and abroad. Terry also provides expert commentary to the media and has been quoted in Security Week, SC Magazine, CBS News, the BBC, and others.
- Meera RaoSr. Director, Product Management, Synopsys
Ms. Meera Rao is a Senior Director of Product Management, focusing on DevOps solutions at Synopsys, Inc. Ms. Meera has over 20 years of experience in software development organizations in a variety of roles including Architect, Lead Developer, and Project Manager, and Security Architect. Ms. Meera has been working as a trusted adviser to Fortune 500 companies, helping them achieve realistic goals for practical CI/CD & DevSecOps. She advises organizations in defining, implementing, maturing, scaling and measuring DevSecOps. Ms. Meera is very passionate about getting more women working in the technology industry. Ms. Meera participates, presents, and speaks at several conferences, spreading her knowledge of security and the importance of women in the technology workforce. Meera was awarded the SecDevOps Trailblazer award from SecuritySerious in London in 2018. Meera was a finalist in the Computing Women in IT Excellence Awards 2019 for Role Model of the Year.
- C. Michael TracyDirector, Sales Engineering, SpyCloud
An experienced security architect, specializing in Identity Governance, Access Management, and Multi-Factor Authentication, C. Michael Tracy has over 20 years of diverse technology experience with roles at Microsoft, Wells Fargo Bank, HID Global, and DigitalPersona. At SpyCloud, C. Michael helps clients safeguard the identities of their employees, consumers, and suppliers.
- Christopher RencePresident, Rimage Corporation; CSRO, Equus Holdings
Christopher is President and CEO of Rimage Corporation. He has more than 25 years of experience leading global security and technology transformation for Accenture, FICO, Digital River, and EQ Holdings, with deep expertise in governance and compliance, business continuity and disaster recovery, cloud architecture computing, and sustainability. GDPR, DPO, CIPPE, CRISC, CISO, MBCP
- Tommy ToddVice President of Security, Code42
Tommy Todd is Vice President of Security at Code42 with over 20 years of cybersecurity experience, primarily focused on data privacy and data protection strategies. Prior to Code42, Tommy served in security roles at Symantec, Ionic Security, and Optiv, as well as many other firms. Throughout his career, he has acted as a leader, mentor, engineer, architect, and consultant to solve difficult data protection challenges. Tommy is passionate about data—both consumer and commercial—and strives to improve the security posture in organizations he works with.
- Alex KirkGlobal Principal Engineer, Corelight
Alex Kirk is an open source security veteran, with a combined 17 years at Sourcefire, Cisco, Tenable, and now Corelight, where he serves as Global Principal for Suricata. Formerly a malware zookeeper and IDS signature writer, today he spends his time helping SOC analysts and advising on security policy for government agencies, universities, and large corporations around the world.
- Chris ChristensenSr. Business Consultant, Cybersecurity, Honeywell Building Solutions
Chris Christensen is the Cybersecurity Business Consultant for Honeywell Building Solutions (Americas) and specializes in securing Operational Technology (OT) and Industrial Control Systems (ICS) Chris passionately believes that cybersecurity is everyone's shared responsibility and through awareness, education, accountability and positive reinforcement, everyone in an organization can work together to create a safer workplace and more secure society at large. Prior to joining Honeywell Chris worked in several high profile functions managing special projects in the State of Michigan where he served on the Homeland Security Advisory Council and the Homeland Security Preparedness Committee. He was responsible for crafting the first Cyber Disruption Response Plan for the State of Michigan which is still in use today. Chris is on the board of the Michigan InfraGard, he has Bachelor’s Degree from the University of Utah and a Juris Doctorate from Thomas M. Cooley Law School.
- Nathan WenzlerChief Security Strategist, Tenable, Inc.
Nathan Wenzler is the Chief Security Strategist at Tenable, the Cyber Exposure company. Nathan has over two decades of experience designing, implementing, and managing both technical and non-technical security solutions for IT and information security organizations. He has helped government agencies and Fortune 1000 companies alike build new information security programs from scratch, as well as improve and broaden existing programs with a focus on process, workflow, risk management, and the personnel side of a successful security program.
Nathan brings his expertise in vulnerability management and Cyber Exposure to executives and security professionals around the globe in order to help them mature their security strategy, understand their cyber risk, and measurably improve their overall security posture.
- Helen PattonAdvisory CISO, Cisco; Former CISO, The Ohio State University
With more years working in the Security, Risk, Privacy and Resiliency professions than she cares to say, Helen Patton advocates using information risk, security and privacy to enable the mission of organizations and to support society at large.
Helen is an Advisory CISO at Duo Security (now CISCO), where she shares security strategies with the security community. Previously, she was the CISO at The Ohio State University where she was awarded the ISE North American Academic/Public Sector Executive of the Year, and an Executive Director at JPMorgan Chase.
Helen actively encourages collaboration across and within industries, to enable better information security and privacy practices. She believes in improving diversity and inclusion in the workforce, and mentors people interested in pursuing careers in security, privacy and risk management.
Helen has a Master’s degree in Public Policy and has earned Certified Information Systems Auditor and Certified In Risk and Systems Control certifications from ISACA. She serves on the State of Ohio Cybersecurity Advisory Board and is a founding board member of the National Technology Security Coalition.
- Axel PetersExecutive Sales Manager, baramundi Software USA Inc.
Axel holds his degree in IT Management and has advised more than 300 small businesses and global enterprises in Europe and the U.S. on tools and strategies to keep technology infrastructure up-to-date, safe, and efficient. Now continuing that role at the baramundi U.S. headquarters in Framingham, MA, Axel is actively helping IT departments address today's practical and cost challenges in endpoint management.
- Mariana PereiraDirector, Email Security Products, Darktrace
Mariana is the Director of Email Security Products at Darktrace, with a primary focus on the capabilities of AI cyber defenses against email-borne attacks. Mariana works closely with the development, analyst, and marketing teams to advise technical and non-technical audiences on how best to augment cyber resilience within the email domain, and how to implement AI technology as a means of defense. She speaks regularly at international events, with a specialty in presenting on sophisticated, AI-powered email attacks. She holds an MBA from the University of Chicago, and speaks several languages including French, Italian, and Portuguese.
- Tina HauriFormer CISO, City of Chicago; President, Bradford Garrett Group
Tina is President of the Bradford Garrett Group. Her prior roles include CISO for the City of Chicago, Global CISO for AON, CIO for Kudoz.com, Director of Enterprise Risk Management for Discover Financial Services, and Global IT Security Program Manager for Perot Systems at Swiss Bank. As co-founder of the Chicago CISO Networking group, President Emeritus of the Chicago chapter of the ISSA, former Executive Board Member of AITP, and co-founder of the Chicago CISO of the Year Award program, she continuously works to elevate the position of, respect for, and viability of the role of the CISO. As a mentor, she works with others to achieve their objectives.
Tina is Adjunct Professor of IT Risk Management and a member of the Industry Advisory Board of the Master of Science in IT at the McCormick School of Engineering at Northwestern University. She holds an MBA from the Quinlan School of Business at Loyola University of Chicago, and a Bachelor's degree from Northwestern University. She has completed ongoing professional educational programs in Executive Financial and Strategic Leadership at Boston University, with the American Bankers Association, and Executive Education coursework at Northwestern University Kellogg School of Management. She is a also graduate of the Society of Information Management (SIM) Mid-Atlantic Regional Learning Forum.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes