googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, May 31, 2017
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    speaker photo
    Founder & CEO, BlackCloak
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: 119

    This session is for Advisory Council Members only.

    8:00 am
    SecureWorld PLUS Part 1 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    President, CISSP, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 111

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    8:00 am
    SecureWorld PLUS Part I – Building a Successful Information Security Awareness Program
    • session level icon
    SecureWorld PLUS registrants ONLY
    speaker photo
    CSO, Security Mentor; Former CISO, State of Michigan
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 101

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    8:00 am
    [SecureWorld PLUS] Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 110

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:30 am
    Digital Analytics and Privacy: Recent Events and Trends
    • session level icon
    speaker photo
    Partner, Alston & Bird LLP
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 115

    Innovation in data analytics technologies continues at an extraordinary pace. Privacy professionals must both apply existing legal concepts and track new regulations in analyzing these emerging technologies. This session will discuss the privacy regulatory environment for data analytics and will focus on recent developments and trends.

    8:30 am
    SentinelOne: The Next Generation of Endpoint Solutions
    • session level icon
    speaker photo
    Sr. Director of Security Solutions, SentinelOne
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: 113

    We will cover why the endpoint is at the center of almost every breach today and why that fact will not change. We will also discuss the current state of endpoint defense and why the traditional approach of prevention are sinking faster than the titanic. In addition, we will touch on various approaches and categories of “Next-Generation” endpoint defense. In the end, you should be armed with the information you need to move forward with the right “Next-Generation” endpoint solution that will fit your need to combat the latest 0-days and APTs.

    8:30 am
    Ransomware Response – Rejecting the Threat
    • session level icon
    speaker photo
    Executive Consultant, CGI
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 117

    Ransomware is among the hottest topics in the list of cybersecurity concerns for 2017. Chasing after ransomware components requires constant attention and often yields results that are inconclusive or too late. This session will focus on the protection from the harm threatened by a ransomware attack.

    8:30 am
    Paving the Way to AppSec Program Success
    • session level icon
    How to build a scaleable enterprise-wide application security program.
    speaker photo
    Sr. Application Security Architect , Metro Atlanta Chapter of ISSA
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Ballroom C

    This presentation offers a fundamental approach to creating a foundation for an application security program that holistically addresses findings by creating a conduit between the information security teams—who often discover the issues—and the development teams, who know the application better than anyone and can re-mediate issues in the best possible fashion.

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    LUNCH KEYNOTE: Cybersecurity 2.0 - Controls, Governance, and Business Reimagined
    • session level icon
    speaker photo
    Founder & CEO, BlackCloak
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Our backs are up against a wall of never ending breaches, blame, and ineffective controls. Hear from not only a thought leader, but someone with operation experience as a CISO, General Counsel, and Chief Privacy Officer today as we will discuss new controls, how to lead and govern along side the Board, and how to enable business through better cybersecurity.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    10:15 am
    ACP Chapter Meeting and Presentation - Open to all Attendees
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 12:00 pm
    Location / Room: Ballroom D

    Interested in your local associations? Join ACP for their chapter meeting and presentation.
    Presentation Details Coming Soon

     

    11:15 am
    Surviving the Siege: Medieval Lessons in Modern Security
    • session level icon
    Discover the 2017 SecureWorld Theme
    speaker photo
    President, CISSP, O'Leary Management Education
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 115

    Warfare and the arts of intrusion have advanced considerably since the Middle Ages, but in many ways the principles of fortification we use today remain the same. The great castles of antiquity were ingeniously designed with multiple layers of physical security to protect their inhabitants from persistent, even advanced enemy threats. Their carefully planned and creative defensive measures provide rich metaphors, both positive and negative, for today’s cyber guardians. On the other hand, clever, daring, sometimes brilliant offensive strategies and tactics have historically breached battlements thought to be unassailable. Come join us as we examine lessons that can be applied to securing our own sophisticated digital fortresses.

    11:15 am
    Wombat Security: State of the Phish: Understanding End User Behaviors Towards Phishing
    • session level icon
    speaker photo
    Chief Architect, Wombat Security, a division of Proofpoint
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 117

    Hear direct feedback from infosec professionals on the latest phishing exploits and vulnerabilities in their organizations and how they are protecting themselves and, learn about the most devastating types
    of phishing emails used and how to prevent them.

    11:15 am
    Cisco: The Way We Work Has Changed. Has Your Security?
    • session level icon
    speaker photo
    SE Manager, Cloud Security, Cisco
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 113

    By 2018, Gartner estimates that 25% of corporate data traffic will bypass the perimeter. As organisations evolve their IT stack, traditional security approaches/architectures need to be reconsidered. This interactive session will review some of the new risks introduced by SaaS/IaaS adoption and show how to effectively mitigate these risks using new approaches to security architecture. Presenters will review best practices around the transition of a security architecture itself to the cloud, utilizing customer case studies.

    11:15 am
    ACM/IEEE/AIS/IFIP Joint Task Force on Cybersecurity Education Update
    • session level icon
    Gain an understanding of planned cybersecurity curriculum efforts by industry groups.
    speaker photo
    Associate Professor, Kennesaw State University
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 112

    The CSEC2017 Joint Task Force on Cybersecurity Education is developing curricular guidance for undergraduate degree programs in cybersecurity. This overview of the JTF with a review of the work thus far will share plans for next steps. Your opportunity for engagement will be explained, and time for Q&A will conclude the talk.

    11:15 am
    Finding Your Own Vulnerabilities (Before Attackers & Auditors Do)
    • session level icon
    speaker photo
    Fellow and Director of Cybersecurity, Fluor
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Ballroom C

    Organizations can often struggle to identify and address vulnerabilities in their environment, whether for network devices, servers, workstations, IoT devices and other hosts. This presentation covers a number of “quick wins” in vulnerability management for the wide range of devices seen on corporate and home networks today.

    12:00 pm
    Advisory Council LUNCH Round Table - (VIP / Invite Only)
    • session level icon
    speaker photo
    CEO & Co-Founder, TruSTAR Technology
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 119
    12:15 pm
    LUNCH KEYNOTE: Defending the Nation in Cyber Space
    • session level icon
    Former Director of Operations at U.S. Cyber Command
    speaker photo
    Major General, U.S. Air Force (Retired)
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    The Russians hacked the election, the Chinese are stealing our trade secrets, the Iranians and North Koreans see cyber as the ultimate asymmetric attack vector against the United States. Every day, the country’s critical infrastructure is under attack—financial services, the electric grid, oil and gas, telecommunications, transportation. As the former Director of Operations at U.S. Cyber Command, Maj Gen (Ret) Brett Williams is one of the few speakers available who can talk with the credibility that comes from being on the front lines of defending the Nation in cyberspace. General Williams unique combination of both military and private sector experience, provides a clear understanding of the nation-state cyber threat and how it could impact business interests in every sector.

    1:15 pm
    Panel: Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
    Panelists:
    RJ Sudlow, DHG
    Mike Van Doren, Sonatype
    Jerrod Piker, Check Point Security
    Matthew Farr, Varonis
    Kevin Clark, Sayers
    Moderator: Jow DiBiase, Interface

    1:15 pm
    Panel: Extortion as-a-Service? Ransomware and Beyond
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Ballroom C
    1:15 pm
    Sumo Logic: Advanced Security Analytics – Detect, Respond, Comply
    • session level icon
    speaker photo
    Director of Product Marketing, Security & Compliance, Sumo Logic
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 117

    Advanced security analytics reduces noise and operational intelligence to help security professionals address the tsunami of data of today’s modern applications.

    2:15 pm
    (ISC)2 Chapter Meeting
    • session level icon
    Open to All Attendees
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Ballroom D

    Join (ISC)2 for a meet and greet. This session is intended for members and non-members.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    How to Up-Level Your Skills to Enhance Your Career
    • session level icon
    speaker photo
    vCISO, Confidential
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 113

    Up-Level Your Hard and Soft Skills to Turbo-Charge Your Career

    3:00 pm
    Improving Your Security Awareness Campaign With Analytics
    • session level icon
    speaker photo
    Sr. Director, Business Security Office, Automatic Data Processing
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Ballroom C

    Managing a security awareness program in a large organization requires careful application of time, resources and money. This session will focus on metrics and analytics used in real-world security awareness campaigns.

    3:00 pm
    Meet Your FISMA Requirements: Cybersecurity Calendar, Risk Management Framework & NIST Security Controls
    • session level icon
    speaker photo
    Senior Agency Information Security Officer, SAISO, GA Department of Juvenile Justice
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 115

    How does the FISMA ACT effect contractors and state & local government doing business with the federal government? Building the Cybersecurity calendar to track compliance requirements and understanding NIST’s Risk Management Framework, including security controls.

    3:00 pm
    CloudPassage: Figuring Out Security and Compliance in the Agile Age
    • session level icon
    speaker photo
    Cloud Security Architect, CloudPassage
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 112

    Today’s enterprise business leaders demand speed and flexibility in technology delivery. Application development has been decentralized in most enterprises, now scattered across dozens or more independent technology teams. Adoption of cloud infrastructure, agile application development, containerization, devops, on-demand technology delivery, and other agility-oriented technologies enable this trend. While a plus for business units, security and compliance functions are often disrupted dramatically by never before seen levels of distribution, speed, and autonomy in application development and delivery. In this session, Jason Lancaster from CloudPassage will discuss trends, challenges, and strategic foundations for evolving security to harmonize with this now-unstoppable evolution in I.T. Delivery.

    3:00 pm
    Information Security at the White House in the 1990’s
    • session level icon
    Good security practices have not changed over time.
    speaker photo
    CIO, Georgia State Defense Force, Former CIO, The White House
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 117

    I was the CIO/CISO equivalent for President Clinton at the White House and had to deal with pre-Y2K Information Security and Information Technology. Security and Technology sure has changed over the last twenty years or has it? I would argue that good Information Security practices are still the same and really have not changed over the last twenty years. Why is that? What lessons can we learn by looking back at ourselves twenty years ago?

    3:00 pm
    SecureWorld PLUS Part 2 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    President, CISSP, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 111

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    3:00 pm
    SecureWorld PLUS Part II – Building a Successful Information Security Awareness Program
    • session level icon
    SecureWorld PLUS registrants ONLY
    speaker photo
    CSO, Security Mentor; Former CISO, State of Michigan
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 101

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    3:00 pm
    [SecureWorld PLUS] Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 110

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
  • Thursday, June 1, 2017
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    SecureWorld PLUS Part 3 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    President, CISSP, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 111

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    8:00 am
    [SecureWorld PLUS] Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 110

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part III – Building a Successful Information Security Awareness Program
    • session level icon
    SecureWorld PLUS registrants ONLY
    speaker photo
    CSO, Security Mentor; Former CISO, State of Michigan
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 101

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful tool kits are covered.

    8:30 am
    Data Breach Digest – Perspective is Reality
    • session level icon
    speaker photo
    Digital Forensics Investigator, Verizon RISK Team
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 113

    Data breaches are complex affairs. Response activities are proportionately complex involving various stakeholders with slightly different perspectives. This presentation covers the 2017 “Data Breach Digest – Perspective is Reality”; a compendium of data breach scenarios told from different stakeholder points of view covering their decisions, actions and crucial lessons learned.

    8:30 am
    Security Roadmap for Next Generation of Payments
    • session level icon
    speaker photo
    Chief Technology Officer, PCI Security Standards Council
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 115

    As new cyber threats emerge, and advances in technology change the way we conduct payments and secure them, we must develop security strategies to protect sensitive data, improve how we authenticate, and simplify PCI compliance where possible. Please join us to discuss how payment security is evolving to prevent the capture of account information for fraudulent purposes and to learn what the PCI Council is doing in 2017 to facilitate the next generation of payment security.

    8:30 am
    IoT Cybersecurity: Evolution, Risks and Executive Responsibilities
    • session level icon
    speaker photo
    Principal, Advisory Services, Ernst & Young LLP
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Ballroom C

    The focus of this talk is the connected product ecosystem (IoT) and the blurring of traditional boundaries that requires a “true” end to end security strategy. Topics will include evolution of IoT products, impact on companies who use IoT devices, supply chain risks, and management and board responsibilities.

    8:30 am
    InfraGard Atlanta Quarterly Meeting: Do You Need an Insider Threat Mitigation Program?
    • session level icon
    Open to All Attendees
    speaker photo
    Strategic Partnership Coordinator, FBI
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Keynote Theater

    There is an ongoing and concerted effort to steal the trade secrets of U.S. businesses. Such trade secrets include proprietary technology, product prototypes, R&D, merger & acquisition plans, market expansion plans, customer lists & pricing, and so much more. This poses not only a threat to the reputation and viability of a targeted business, but to U.S. economic security. Though our companies tend to invest heavily in security to “keep the bad guys out”, do you adequately invest in the effort to detect and disrupt threats posed by those already inside your company. This PPT presentation will provide an analysis of Insider Threat cases, stress the need for an Insider Threat Mitigation Program, and highlight the components of a successful Mitigation Program.

    Intended Audience: Personnel positioned to effect change within the organization regarding the protection of trade secrets.

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    OPENING KEYNOTE: Intelligence and Cybersecurity: Toward a More Effective Public / Private Partnership
    • session level icon
    speaker photo
    CNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Col. Cedric Leighton’s keynote presentation will cover the following:

    – Overview of the Cyber Threat based on publicly available intelligence
    – Why current Intelligence Community structure needs to be re-vamped for the Cyber Age
    – How intelligence agencies should be working with private companies
    – It’s about new legislation AND changing mindsets and cultures
    – The new relationship between the US Intelligence Community and US companies in the Cyber Age – a vision for the future

    10:15 am
    ISSA Meeting & Presentation: The Challenges of Managing an MSSP SOC With Some Wins as Well
    • session level icon
    Open to All Attendees - Coffee & Soda Provided
    speaker photo
    Security Analysis Manager II, Cyber Threat Analysis Center (CTAC) at SecureWorks
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Ballroom D

    Are you thinking of building out an internal SOC for your company or purchasing the services of an MSSP? I will be discussing the challenges I have seen over the past two years of managing security analysts along with some “WINS”. What are the current trends in hiring security analysts? How do you balance training for new hires and current employees? How do you ingest events / logs from the different systems and incorporate a workflow process? Clients are very important in an MSSP environment, so how do you keep the client happy yet still maintain a functioning workflow? One of the most rewarding “WINS”, personally, is watching employees grow professionally and develop into security experts. Another few examples of “WINS” can include the threat intel lifecycle driven by clients and the ability to access large data sets to conduct security research.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:15 am
    [Radware] Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Security Evangelist, North America, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 113

    Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    11:15 am
    You’ve Issued the Risk Letter-Now What?
    • session level icon
    speaker photo
    Cybersecurity Director, Gannett Fleming
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 112

    The principle reason for managing risk in an organization is to protect the mission and assets of the organization. In this interactive session, we will explore ways to deal with the business when they refuse to mitigate the risks and/or accept them.

    11:15 am
    The Wake Up Call – Proven Principles to Counter Active Shooters and Terrorist Attacks
    • session level icon
    speaker photo
    President, DRACO GROUP
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Ballroom C

    Violence and terrorism are on the rise worldwide. There is no place on Earth where an Active Shooter is stopped faster than in Israel. This is due to the implementation of simple principles which can be utilized here too, to prevent and stop high violent events.

    11:15 am
    Security Risks and Mitigation Strategies
    • session level icon
    speaker photo
    Information Security Instructor/Consultant, Gwinnett Technical College
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 117

    How does a cybersecurity leader communicate to non-cybersecurity experts the value of a program and all the expense that goes along with implementing information security activities? This session will help explore how an organization can overcome these challenges using knowledge and experiences as a basis for guided action.

    11:15 am
    Trend Micro: Anatomy of a Ransomware Attack and Why It Matters
    • session level icon
    speaker photo
    Chief Cybersecurity Officer, Trend Micro
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 115

    Cyber criminals can hijack your business by encrypting your data and holding your systems hostage until you pay up. Hackers use ransomware like CryptoLocker and CryptoWall to target a wide range of organizations like yours, demanding thousands of dollars. Find out how you can protect your business from ransomware security threats. Join Ed Cabrera, Chief Cybersecurity Officer at Trend Micro, as he outlines the latest criminal underground threats and best practices to protect your data and systems.

    12:00 pm
    Advisory Council LUNCH Roundtable - (VIP / Invite ONLY)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 119
    12:15 pm
    LUNCH KEYNOTE: Cisco - Threat Evolution: Effective Defense Against Increasingly Innovative Attackers
    • session level icon
    speaker photo
    Technical Leader, Cisco Talos
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    People responsible for defending networks realize that the security threat landscape is constantly changing. Understanding how threats evolve is critical to building better defenses. In this presentation, we will discuss threats Talos has recently identified and illuminate some of the latest attacker.

    1:15 pm
    Panel: Knowledge is Power (Encryption)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Encryption: the translation of data into a secret code. Very much like the codes that Elisebeth Friedman had cracked against the rum runners and bootleggers during the Prohibition days. Our heroine was able to smash their codes and determine when the next shipments were scheduled to arrive stateside. Knowledge truly was power as Friedman was able to effectively predict the future through her diligent code breaking. The level of sophistication may have changed but the point of encryption was and still is to safeguard the data from those that are not part of the group. Our experts will discuss the importance of using encryption to keep our information secure as well as address some of the best practices and pitfalls to watch out for.

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Ballroom C

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
    Panelists:
    Yasser Fuentes, Bitdefender
    Jay Miller, Red Seal
    Brandon Meyer, enSilo
    Moderator: Larry Wilson

     

    1:15 pm
    ASDFED Meeting and Presentation: Fairy Tales to Facts: Digital Forensics Quest for the Truth
    • session level icon
    Open to All Attendees
    speaker photo
    Cybersecurity & Privacy Professional
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:30 pm
    Location / Room: Ballroom D

    Fairy tales can teach us much about how the world works. The stories of our youth act as guiding principles for professionals within the Data Protection & Privacy realm. Modern “Happily Ever Afters” are the goal of Digital Forensics and eDiscovery professionals as we quest for truth and not tales. Finding information contained within the 1s and 0s of a drive or network share is our ultimate objective. This presentation leads you off the yellow brick road and onto the journey where the Facts live.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Newton’s Laws of Privacy and Security
    • session level icon
    speaker photo
    Cybersecurity & Privacy Professional
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 113

    Does Data follow the same laws as Newtonian Physics? This presentation will be a discussion of how the motion of thought and data follows the physical laws, and how this affects business. If you’ve ever experienced a Third-Gravitating Body, this is for you.

    3:00 pm
    Culture Is What People Do When No One Is Looking - Corporate Culture and Its Impact on Security
    • session level icon
    Culture Eats Security Issues for Breakfast
    speaker photo
    Founder & CEO, American Club, U.S. Chamber of Commerce
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Ballroom C
    3:00 pm
    Anatomy of a Cyber-Heist: Examples of Advanced Cyber Risks
    • session level icon
    speaker photo
    Managing Director, UHY Consulting
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 115

    One click is all it takes. Bring your A-game! This presentation will take you through how cyber crooks are getting away with some big pay days. We will explore techniques in use demonstrating an increasingly high level of sophistication, patience, and planning, so you can better plan your defenses.

    3:00 pm
    Business Resiliency in a Cyber World
    • session level icon
    Effectively Apply Incident Management Techniques
    speaker photo
    Director, Business Resiliency, Automatic Data Processing
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 117

    Managing cyber incidents can prove difficult at best. When technology is unavailable does traditional business resiliency techniques apply, or has this school of thought of having plans available become outdated?

Exhibitors
  • ACP Atlanta
    Booth: 220

    The Atlanta Chapter was formed in August of 2006. It includes Continuity Professionals from all areas of the Business Community and the Public Sector. As ACP’s local presence in the Atlanta metro region, our chapter embraces and seeks to promote the mission and goals of the parent organization. Being a member of the Atlanta Chapter of ACP brings many benefits:
    • The opportunity to network with experience individuals who often have addressed some of the same challenges you face in your organization.
    • The opportunity to hear real examples of solutions that have been implemented in other organizations.
    • The opportunity to network for career opportunities.

  • ARMA Boston
    Booth: TBD

    ARMA International is a not-for-profit organization representing the RIM profession. Its primary purpose is the advancement of the profession and the professional through advocacy, education and professional development.

    ARMA International members include records and information managers, MIS and ADP professionals, imaging specialists, archivists, hospital administrators, legal administrators, librarians, corporate counsel, compliance professionals, and educators. ARMA, its chapters, and its members are dedicated to helping individuals, organizations, and government agencies successfully meet the challenges of the increasingly complex records and information management field.

  • Avecto
    Booth: 310

    Avecto is a leader in Privilege Elevation and Delegation Management. Since 2008, the company has enabled over 8 million users to successfully work without admin rights, enabling many of the world’s biggest brands to achieve the balance between overlocked and underlocked environments.

    Avecto’s Defendpoint software has been deployed in the most highly regulated industries, enabling organizations to achieve compliance, gain operational efficiency and stop internal and external attacks.

    Defendpoint combines privilege management and application control technology in a single lightweight agent. This scalable solution allows global organizations to eliminate admin rights across the entire business – across Windows and Mac desktops and even in the data center.

    Actionable intelligence is provided by Defendpoint Insights, an enterprise class reporting solution with endpoint analysis, dashboards and trend data for auditing and compliance.

  • Binary Defense
    Booth: 210

    Binary Defense is a managed security services provider and software developer with leading cybersecurity solutions that include SOC-as-a-Service, Managed Detection & Response, Security Information & Event Management, Threat Hunting and Counterintelligence. Binary Defense believes its unique approach resolves infosec’s biggest challenges such as limited in-house security expertise, lack of innovative resources and the significant budgetary and time investment required to ensure protection from today’s threats.

  • Centrinet
    Booth: 310

    Centrinet is the leading solutions advisor of emerging technologies. We are IT subject matter experts who also speak business. We take the time to learn your company inside and out, aligning your needs and goals to prescribe an IT solution that best supports your company’s initiatives. Our success comes from yours.

    Centrinet provides a full range of solutions and professional services, all designed to enable your IT department to increase productivity, decrease expenses, improve efficiency and simplify your technology needs. In short, we help you do more with less.

  • Check Point Software Technologies
    Booth: 200

    Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • Cisco
    Booth: 330

    Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.

  • CloudPassage
    Booth: 320

    CloudPassage® Halo® is the world’s leading agile security platform that provides instant visibility and continuous protection for servers in any combination of data centers, private clouds and public clouds. Halo uses minimal system resources; so layered security can be deployed right at every workload – servers, instances and containers.

  • CyberRisk Solutions
    Booth: 310

    Knowing that Cyber Security is about so much more than just technology, CyberRisk Solutions focuses specifically on People, Processes, and Facilities and how that integrates with Technology to create a truly secure environment.

    CyberRisk Solutions provides Enterprise Risk Management strategic consulting, project outsourcing, staffing and managed solutions to reduce the risk of cyber loss and increase operational efficiency for the SMB market across financial services, healthcare, energy and other verticals.

  • CyberTrend
    Booth: n/a

    CyberTrend is a monthly business technology magazine for C-level executives, business owners, and affluent entrepreneurs. CyberTrend covers a broad range of technologies, companies, and solutions. Topics include mobility, security, data analytics, networking, communications, energy efficiency, and storage, among many others. Any technology that helps businesses become more efficient, improve ROI, and stay ahead of the competition is a fit for CyberTrend. CyberTrend helps readers understand the technologies that impact their organizations and make educated decisions when investing in new solutions.

  • EC-Council
    Booth: 334

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • InfraGard
    Booth: 236

    InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of individuals, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.

    The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.

  • IronNet
    Booth: 332

    IronNet is a Cybersecurity / Behavior Analytics Product and Cyber Services company started by former NSA Director Keith Alexander (retired 4-star General). IronDefense, our behavior analytics system, brings real-time visibility and cutting edge analytics to customer networks to discover the most elusive threats, then ranks them by risk through an expert system to amplify analyst capabilities.

  • ISACA
    Booth: 214

    As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

  • ISC2
    Booth: 235

    ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, ISC2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation, The Center for Cyber Safety and Education™.

  • ISSA Metro Atlanta Chapter
    Booth: 226

    The ISSA Metro Atlanta chapter has developed over the years into one of the largest ISSA chapters worldwide and the largest IT Security organization in the Metro Atlanta area. The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.

  • Ixia, a Keysight Business
    Booth: 308

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Juniper
    Booth: 304

    Our customers don’t set out to build networks. They build on ideas that reinvent, reimagine, and improve the world around them. It makes sense that we should begin there, too.

    Through our passion for creating high-performing networks, Juniper extends knowledge, collaboration, and human advancement in industries around the world—such as energy, healthcare, education, and many others.

    While our innovative product and services portfolio evolves continuously, we need to reach farther to secure our customers’ long-term success. We’re looking beyond the horizons of today’s business challenges, and the technology future we see is built on real-time service integration. That means everything we develop must align with our vision.

  • LogRhythm
    Booth: 208

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • Mission Critical
    Booth: 200

    Mission Critical Systems is an information technology security reseller and integrator focused only on security solutions. We have been providing top quality security products and consulting services throughout the Southeast United States and Caribbean since 1997.

    Our mission is to provide best-in-breed data and network security products and expert services that will reduce our client’s exposure to information theft and destruction. We advocate a comprehensive approach to information security—evaluating all aspects of an organization’s vulnerabilities from internal compromises to external threat. We can provide your organization with the tools, controls and training to secure your infrastructure. Our sales and engineering professionals will work with you to design and implement strategies to address your complex information security challenges.

    Mission Critical Systems is a Woman Owned Business and Equal Opportunity Employer.

  • MobileIron
    Booth: 326

    MobileIron stands out from other MDM vendors by providing expanded EMM capabilities to IT organizations that need to secure mobile devices, applications and content. The MobileIron Enterprise Mobility Management (EMM) solution is a mobile security platform that secures data-at-rest on mobile devices, in applications, and in cloud storage, as well as data-in-motion as it moves between corporate networks, devices, and storage repositories.

    MobileIron’s mission is to enable modern enterprises to secure and manage information as it moves to mobile and to the cloud, while preserving end-user privacy and trust. With MobileIron, IT teams can achieve more than just its mobile device management objectives – they can secure corporate information wherever it lives while preserving the sanctity of employee privacy. MobileIron achievements include:

  • OneLogin
    Booth: 306

    OneLogin manages and secures millions of identities around the globe by bringing speed and integrity to the modern enterprise with an award-winning Identity & Access Management (IAM) solution. Our Trusted Experience Platform secures connections across users, devices, and applications, helping enterprises drive new levels of business integrity, operational velocity, and team efficiency across all their cloud and on-premise applications.

  • PhishLabs
    Booth: 333

    PhishLabs™ is the leading provider of 24/7 cybersecurity services that protect against threats that exploit people. The company is trusted by top organizations worldwide, including 4 of the 5 largest U.S. financial institutions. PhishLabs combines proprietary technology, intelligence, and human expertise to rapidly detect, analyze, and stop targeted cyberattacks before they impact organizations. Additionally, the company provides robust threat intelligence that strengthens existing cyber defenses and optimizes threat prevention. Leading organizations partner with PhishLabs to more effectively disrupt targeted cyberattacks, prevent data breaches, and reduce online fraud.

  • Radware
    Booth: 328

    Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.

  • RSA a Dell Technologies Company
    Booth: 222

    RSA Business-Driven Security™ solutions provide organizations with a unified approach to managing digital risk that hinges on integrated visibility, automated insights and coordinated actions.  With solutions for rapid detection and response, user access control, consumer fraud protection, and integrated risk management, RSA customers can thrive and continuously adapt to transformational change.

  • Sayers
    Booth: 222

    At Sayers, we have more than 30 years of experience in providing personalized IT services and solutions. We bring an in-depth knowledge of the most innovative technologies which allows us to diagnose your problems, create a personalized plan, and implement the exact solutions to help your business overcome its most difficult IT challenges. Sayers mission is to help clients solve their business challenges with innovative IT solutions. Our success is founded on building strong relationships with our clients and going above and beyond to help those clients succeed.

  • Secureworks
    Booth: 234

    Dell Secureworks is a global provider of intelligence-driven information security solutions exclusively focused on protecting its clients from cyberattacks. Dell SecureWorks’ solutions enable organizations to fortify their cyber defenses to prevent security breaches, detect malicious activity in real time, prioritize and respond rapidly to security breaches and predict emerging threats.

  • SentinelOne
    Booth: 314

    SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.

  • Silent Circle
    Booth: 300

    Silent Circle is a leader in enterprise privacy, delivered through a revolutionary mobile platform of devices, software, and services, starting with ZRTP to build a fundamentally different mobile architecture. For more information, please visit silentcircle.com.

  • Skybox Security
    Booth: 222

    Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.

  • Sumo Logic
    Booth: 232

    Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world.

  • TAG
    Booth: 218

    It’s a new world for tech, and the Technology Association of Georgia (TAG) has emerged as a world-class membership organization and an engine for economic development for the state of Georgia. TAG’s mission is to educate, promote, influence and unite Georgia’s technology community to foster an innovative and connected marketplace that stimulates and enhances Georgia’s tech-based economy.

    TAG TODAY:
    35,000+ Members
    2,000+ Member Companies
    200+ Events per year
    33 Societies

  • TechTarget
    Booth: n/a

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Trend Micro
    Booth: 316

    Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.

  • TrustedSec
    Booth: 308

    TrustedSec is a leader in attack intelligence and security advisory services. Our team of highly talented, skilled, senior consultants sets us apart from other commodity-service security companies. We form partnerships with our number one goal to help you holistically improve your security program. You’ll find that working with us amounts to more than “just another engagement”—it’s establishing an understanding with your organization, and working to make you more secure, and better as a whole.

     

  • Unisys
    Booth: 208

    Unisys is a global information technology company that specializes in providing industry-focused solutions integrated with leading-edge security to clients in diverse markets. Unisys combines experienced security consulting, Stealth micro-segmentation security solutions and efficient managed security services to deliver dramatic improvement in security posture and operational efficiencies.
    Visit http://unisys.com/security for more information.

  • Veristor
    Booth: 340

    At VeriStor, we design, implement and manage IT solutions that fuel business productivity. As an end-to-end solutions provider, VeriStor specializes in enterprise data storage, virtual infrastructure, public, private and hybrid cloud services, migration, and technology financing. Headquartered in Atlanta, VeriStor delivers solutions nationwide to enterprise and mid-market companies in all industries including financial services, manufacturing, healthcare, education and federal, state and local government. To learn how VeriStor can help you achieve an IT infrastructure that accelerates business growth, improves efficiencies and reduces costs, visit: http://www.veristor.com

  • Wombat Security Technologies
    Booth: 338

    Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS cyber security education solution includes a platform of integrated broad assessments, and a library of simulated attacks and brief interactive training modules, to reduce employee susceptibility to attack, even phishing attacks, over 80%.

  • Ziften
    Booth: 206

    Ziften delivers all-the-time visibility and control for any asset, anywhere – client devices, servers, and cloud VMs – whether on-network or remote; connected or not. Our SysSecOps platform empowers enterprises, governments, and MSSPs to quickly repair endpoint issues, reduce their overall risk posture, speed threat response, and increase operations productivity.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Dr. Christopher Pierson
    Founder & CEO, BlackCloak

    Dr. Chris Pierson is the Founder & CEO of BlackCloak, a pioneer of personal digital protection for corporate executives, high-profile and high-net-worth individuals and their families. Chris has been on the front lines of cybersecurity, privacy protection, and fighting cybercrime in both the public and private sectors over 20 years. At the Department of Homeland Security, Chris served as a special government employee on their Cybersecurity and Privacy Committees. He’s also spent time as the Chief Privacy Officer for Royal Bank of Scotland, the world’s 3rd largest bank, as the Chief Information Security Officer for two prominent FinTechs, and as President of the Federal Bureau of Investigation’s Arizona InfraGard. Chris is also a Distinguished Fellow of the Ponemon Institute, a globally recognized keynote speaker & cybersecurity thought leader, and is frequently quoted by the media on cybersecurity & privacy topics.

  • speaker photo
    John O'Leary
    President, CISSP, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award.

  • speaker photo
    Dan Lohrmann
    CSO, Security Mentor; Former CISO, State of Michigan

    Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker, and author. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington D.C. to Moscow. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. In 2017, Dan was awarded the cybersecurity breakthrough CISO of the year for global security products and services companies.

    He led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO), and Chief Information Security Officer (CISO) roles in Michigan.

    Dan currently serves as the CSO and Chief Strategist for Security Mentor, Inc., where he leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting, and workshops for end-users, managers, and executives in the public and private sectors. He has advised senior leaders at the White House, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses, and non-profit institutions.

    Dan has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

    He is the author of two books: "Virtual Integrity: Faithfully Navigating the Brave New Web" and "BYOD For You: The Guide to Bring Your Own Device to Work." He is the co-author of the upcoming (November 2021) Wiley book, "Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from the Inevitable."

    Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    David Keating
    Partner, Alston & Bird LLP

    David Keating is one of the co-leaders of the Privacy and Security Practice at Alston & Bird. David’s practice is focused on advising clients on privacy and security issues arising along the entire data lifecycle. He assists clients with compliance strategies, policy development and implementation, data monetization and data use analyses, new product development, and privacy enforcement matters. Particular areas of focus include emerging technologies and European Union data protection, including GDPR readiness and remediation.

  • speaker photo
    Nick Schilbe
    Sr. Director of Security Solutions, SentinelOne

    Avid Video game player turned video game hacker turned professional hacker. Joined WhiteHat Security at a young age and quickly became the head of their Threat Research Center. While at WhiteHat, Nick performed penetration tests on thousands of websites while creating new attack techniques to evolve the WhiteHat Sentinel platform. In 2014 during one of the most profound years for enterprise breaches, Nick started focusing his research on malware and endpoint related threats due to the massive increase in attacks in that space. This research led Nick to SentinelOne, where he became a core team member responsible for helping design and deploy a product to protect against the evolving threat landscape.

  • speaker photo
    Michael Corby
    Executive Consultant, CGI

    Mr. Corby has more than 40 years in IT strategy, operations, development and security. He is the founder of (ISC)², Inc. the organization that established the CISSP security professional credential. A frequent Secureworld speaker and author, he was CIO for a division of Ashland Oil and for Bain & Company.

  • speaker photo
    Damien Suggs
    Sr. Application Security Architect , Metro Atlanta Chapter of ISSA

    Mr. Suggs is a leader in the IT Security area and is the current president of the Metro-Atlanta ISSA chapter. He served as president for seven years; however, during his eleven-year relationship with the Metro-Atlanta ISSA chapter he assisted the chapter grow in roles such as Director of Membership, Director of Training, Conference Chair and Chapter Secretary. Mr. Suggs holds twenty IT security certifications including the CISSP, SANS GPEN, MSCE, CCNA, CCNA, and CCNE.

  • speaker photo
    Dr. Christopher Pierson
    Founder & CEO, BlackCloak

    Dr. Chris Pierson is the Founder & CEO of BlackCloak, a pioneer of personal digital protection for corporate executives, high-profile and high-net-worth individuals and their families. Chris has been on the front lines of cybersecurity, privacy protection, and fighting cybercrime in both the public and private sectors over 20 years. At the Department of Homeland Security, Chris served as a special government employee on their Cybersecurity and Privacy Committees. He’s also spent time as the Chief Privacy Officer for Royal Bank of Scotland, the world’s 3rd largest bank, as the Chief Information Security Officer for two prominent FinTechs, and as President of the Federal Bureau of Investigation’s Arizona InfraGard. Chris is also a Distinguished Fellow of the Ponemon Institute, a globally recognized keynote speaker & cybersecurity thought leader, and is frequently quoted by the media on cybersecurity & privacy topics.

  • speaker photo
    John O'Leary
    President, CISSP, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award.

  • speaker photo
    Kurt Wescoe
    Chief Architect, Wombat Security, a division of Proofpoint

    As Chief Architect at Wombat Security, Kurt is responsible for ensuring Wombat's software and systems are built on a sound foundation. He brings over 10 years of experience in engineering, across multiple industries. He also serves as a faculty member in the School of Computer Science’s master’s program in e-Business at Carnegie Mellon University. Kurt earned his M.Sc. in E-Commerce from CMU, and a B.S. in Computer Engineering from the University of Pittsburgh.

  • speaker photo
    Mark Stanford
    SE Manager, Cloud Security, Cisco

    Mark Stanford is a 22-year vet of the security industry, running the gamut of positions: from crypto engineer to solutions architect to manager/director of SE’s. He’s had the opportunity to work with incredible teams and great technology with several companies, including F-Secure, Blue Coat, F5, FireEye, and currently Cisco Cloud Security. Exposure to these teams/tech has allowed him to experience a multitude of strategic initiatives and take part in security design/implementation in almost every sized company/vertical. Hobbies include malware analysis, threat analytics, threat hunting, security architecture, cycling, golf and family.

  • speaker photo
    Herbert Mattord
    Associate Professor, Kennesaw State University

    Herbert Mattord, Ph.D., CISM, CISSP completed 26 years of IT industry experience before joining the faculty at Kennesaw State University in 2002. He was formerly with Georgia-Pacific Corporation. He is on the Faculty at Kennesaw State University with the rank of Associate Professor, teaching Information Security, Cybersecurity, and Information Systems.

  • speaker photo
    Michael Holcomb, Moderator
    Fellow and Director of Cybersecurity, Fluor

    Michael Holcomb is the Fellow and Director of Information Security for Fluor, one of the world's largest construction, engineering, and project services companies with 60,000 employees around the world. In his role at Fluor, Michael is responsible for vulnerability management, incident detection/response, penetration testing and industrial controls for the global organization. He also teaches cybersecurity as an adjunct instructor at Greenville Technical College and helps students, career transitioners, and others that are new to cybersecurity.

  • speaker photo
    Paul Kurtz
    CEO & Co-Founder, TruSTAR Technology

    Paul Kurtz is an internationally recognized expert on cybersecurity and the current CEO of TruSTAR Technology. Paul began working cyber security issues on the National Security Council at the White House in the late 1990s. He served in senior positions on the White House's National Security and Homeland Security Councils under Presidents Clinton and Bush and advised President Obama on cybersecurity during his transition into office. During his service, Paul was Special Assistant to the President and Senior Director for Critical Infrastructure Protection on the White House’s Homeland Security Council (HSC). He joined the HSC from the National Security Council (NSC) where he was both Senior Director for National Security in the Office of Cyberspace Security and a member of the President’s Critical Infrastructure Protection Board. He served on the NSC as a Director of Counterterrorism from 1999-2001, and helped manage the response to the September 11 terrorist attacks.

    Since leaving government, Paul has held numerous private sector cybersecurity positions and is currently the Co-founder and CEO for TruSTAR Technology. Paul is a regularly sought-after speaker and expert for the media, and served as an on-air consultant for CBS News.

    Paul’s work in counterterrorism has long-influenced his approach to cybersecurity. Specifically, it highlighted the need to improve information sharing and collaboration among those involved in detecting and responding to cyber threats. His remarks will be grounded in the past year’s most critical challenges and what we learned from our response to them, including the cyber attacks on the Ukraine power grid and the onslaught of cyber attacks targeting critical health care facilities.

  • speaker photo
    Brett Williams
    Major General, U.S. Air Force (Retired)

    Major General (Ret) Brett Williams co-founded IronNet Cybersecurity and is the President of the Operations, Training and Security Division. Providing strategic vision and the foundational security platform solutions for IronNet, General Williams also serves as the Chief Security Officer responsible for product, enterprise and physical security. His division provides security analytics, hunt operations, and threat analysis and intelligence support for the IronNet Cyber Operations Center, as well as product training and support for client operations centers.

    A highly experienced combat fighter pilot, General Williams held several significant command positions during his 33-year career with the U.S. Air Force. As Director of Operations for U.S. Cyber Command, General Williams was the architect of DoD's operational approach to cyberspace operations. He was responsible for the operations and defense of DoD networks, and offensive cyberspace operations in support of U.S. strategic objectives. General Williams also served as Director of Operations (A30) at the Pentagon, leading more than 1,300 Airmen and civilians stationed worldwide; and as Director of Communications, Command and Control for U.S Pacific Command.

    As an authority on cybersecurity, General Williams has appeared on NBC's Meet the Press with Chuck Todd, ABC's This Week with George Stephanopoulos and MSNBC's The Last Word with Lawrence O'Donnell. In addition, he conducts cyber-risk training seminars for corporate boards as a faculty member of the National Association of Corporate Directors. He earned a BS in Computer Science from Duke University and three additional graduate degrees in management and national security studies.

  • speaker photo
    Mark Bloom
    Director of Product Marketing, Security & Compliance, Sumo Logic

    Mark Bloom has more than 15 years of experience in sales, marketing and business development across financial services and high tech industries. His previous roles include Cisco, Compuware, SonicWall/Dell, Trend Micro and more.

  • speaker photo
    Cheri Sigmon
    vCISO, Confidential

    Leveraging 21 years of experience in leadership, information security and workforce development, as a Chief Information Security Officer (CISO), Office of the Secretary of Defense (OSD), Cheri secured sensitive military networks/communications/technology. The Joint Staff; USSTRATCOM Joint Task Force-Global Network Operations; Headquarters Air Combat Command; US Joint Forces Command. Retired US Air Force officer, Clemson University alum, native of York, SC.

  • speaker photo
    Cameron Michelis
    Sr. Director, Business Security Office, Automatic Data Processing

    Cameron currently serves as Senior Director of the ADP Business Security Office, has over 20 years of experience in Information Security, Data Science and Incident Management. Cameron holds a BS in Mathematics from the University of Florida, multiple professional certifications and is a member of the SANS Institute GIAC Advisory Board.

  • speaker photo
    David Missouri
    Senior Agency Information Security Officer, SAISO, GA Department of Juvenile Justice

    David Missouri is a former federal Information System Security Officer for the Department of Labor, Wage & Hour, currently a State of Georgia Senior Agency Information Security Officer. David is the Vice President of Governance for the ISACA Atlanta chapter. He holds a Master of Science in Information Systems degree.

  • speaker photo
    Jason Lancaster
    Cloud Security Architect, CloudPassage

    Jason Lancaster is a Cloud Security Architect at CloudPassage where he helps customers implement security automation solutions in DevOps and Cloud environments. Jason has over eighteen years of experience working in information security. Previously he lead a team of researchers with Hewlett Packard Enterprise Security Research publishing research on threat actors and their tactics, techniques, and procedures. Prior to this role at HP, he spent 10 years at TippingPoint focused on network security.

  • speaker photo
    Mark Gelhardt
    CIO, Georgia State Defense Force, Former CIO, The White House

    Colonel Gelhardt, at the pinnacle of his military career was selection to work at The White House as the CIO, supporting President Clinton, the VP, the White House Staff, and the U.S. Secret Service managing all the classified automation and telecommunications. Colonel Gelhardt is a combat veteran. Colonel Gelhardt is a well-known speaker and the author of “My time at the Clinton White House”. Since retiring from active service, Colonel Gelhardt has volunteer with many different service organizations. Currently he is the Chief Information Officer for the Georgia State Defense Force and all volunteer force keeping your state safe.

  • speaker photo
    John O'Leary
    President, CISSP, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award.

  • speaker photo
    Dan Lohrmann
    CSO, Security Mentor; Former CISO, State of Michigan

    Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker, and author. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington D.C. to Moscow. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. In 2017, Dan was awarded the cybersecurity breakthrough CISO of the year for global security products and services companies.

    He led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO), and Chief Information Security Officer (CISO) roles in Michigan.

    Dan currently serves as the CSO and Chief Strategist for Security Mentor, Inc., where he leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting, and workshops for end-users, managers, and executives in the public and private sectors. He has advised senior leaders at the White House, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses, and non-profit institutions.

    Dan has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

    He is the author of two books: "Virtual Integrity: Faithfully Navigating the Brave New Web" and "BYOD For You: The Guide to Bring Your Own Device to Work." He is the co-author of the upcoming (November 2021) Wiley book, "Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from the Inevitable."

    Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    John O'Leary
    President, CISSP, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Dan Lohrmann
    CSO, Security Mentor; Former CISO, State of Michigan

    Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker, and author. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington D.C. to Moscow. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. In 2017, Dan was awarded the cybersecurity breakthrough CISO of the year for global security products and services companies.

    He led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO), and Chief Information Security Officer (CISO) roles in Michigan.

    Dan currently serves as the CSO and Chief Strategist for Security Mentor, Inc., where he leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting, and workshops for end-users, managers, and executives in the public and private sectors. He has advised senior leaders at the White House, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses, and non-profit institutions.

    Dan has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

    He is the author of two books: "Virtual Integrity: Faithfully Navigating the Brave New Web" and "BYOD For You: The Guide to Bring Your Own Device to Work." He is the co-author of the upcoming (November 2021) Wiley book, "Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from the Inevitable."

    Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

  • speaker photo
    John DuMont
    Digital Forensics Investigator, Verizon RISK Team

    John DuMont is a Senior Investigative Response Consultant for the Verizon RISK Team. In this capacity, John responds to an array of cybersecurity incidents, performs forensic examinations, and assists organizations in implementing IR policies and procedures. Prior to Verizon, John worked as a defense contractor performing computer network defense.

  • speaker photo
    Troy Leach
    Chief Technology Officer, PCI Security Standards Council

    : Troy Leach is the Chief Technology Officer for the PCI Security Standards Council. In his role, Mr. Leach partners with Council representatives, Participating Organizations and industry leaders to develop comprehensive standards and strategies to secure payment card data and the supporting infrastructure. He is a congressional subject matter expert on payment security and holds advanced degrees from Syracuse University in network management and information security.

  • speaker photo
    M.J. Vaidya
    Principal, Advisory Services, Ernst & Young LLP

    M.J. Vaidya is a Partner/Principal in the Advisory Services
    practice of Ernst & Young (EY) LLP. He has over 20 years of
    experience including holding CISO positions at Fortune 10 and
    Fortune 200 companies. He also previously held leadership
    positions at PwC, Deloitte, and Accenture. M.J. has provided
    security and technology services in the Americas, Europe, and
    Asia. His industry experience includes financial services, life
    sciences & health care, manufacturing, entertainment & media,
    hospitality, and public sector.

    M.J. has been a speaker at multiple industry conferences
    including SecureWorld, the National Cybersecurity Awareness
    Launch, New York City Cyber Infrastructure Protection, ISACA,
    NG Security Summit, and ISSA. He was recently selected as an
    Aspen Institute Scholar and received the ATP Award for
    Enterprise Innovation. M.J. holds a Mechanical Engineering
    degree from New York University, MBA from St. John’s
    University, Harvard Business School Publishing Online
    Certification for Leadership, and retains multiple security /
    technology certifications. He is currently an adjunct professor at
    New York University where he teaches in the cyber security
    Master's degree program.
    In his role, M.J. advises clients on business driven cyber security
    including security strategy, board level education, IT risk
    management, security function transformation, governance,
    cloud security, IoT / connected product security, and security
    operations.

  • speaker photo
    Matteo Valles
    Strategic Partnership Coordinator, FBI

    Matteo Valles has been a Special Agent with the FBI for 30 years. His office of assignments have included Anchorage, AK; Boston, MA; Washington D.C.; Gulfport, MS; Vienna, Austria; Nairobi, Kenya; and now Atlanta, GA.
    While based in Nairobi, Kenya for 3 years, SA Valles was in-charge of all FBI operations in East Africa, to include Somalia, Kenya, Rwanda, and other countries.
    In addition to his day to day investigative and managerial responsibilities, he is a certified Hostage Negotiator, former SWAT Team member, and has been teaching Interview & Interrogation techniques for 25+ years.
    He is currently the Strategic Partnership Coordinator for the FBI responsible for outreach efforts with private companies throughout Georgia. His extensive and diverse experiences with the FBI around the world have positioned him to increase awareness within the private sector on matters such as Espionage, Theft of Trade Secrets, Foreign Intelligence Recruitment Efforts, the Insider Threat, Counter Proliferation, and the Active Shooter.
    Prior to joining the FBI, he earned a CPA license and worked at a Big-Four public accounting firm. He has 4 children, 3 of which are currently attending Universities in Georgia.

  • speaker photo
    Col. Cedric Leighton
    CNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC

    Cedric Leighton is a CNN Military Analyst and a retired United States Air Force Colonel. On CNN, he has provided incisive commentaries on the Israel-Hamas War, the War in Ukraine, the U.S. withdrawal from Afghanistan, and numerous other conflicts around the world. His analysis has been seen by millions of viewers around the world and provided much needed context to some of the most pressing national security issues of our time. As a U.S. Air Force officer, Colonel Leighton served at U.S. Special Operations Command, the Joint Staff, and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star. After serving 26 years as a U.S. Air Force Intelligence Officer, Col. Leighton founded a strategic risk consultancy and became the co-founder of CYFORIX, where he advises multinational businesses on developing better cyber strategies designed to reduce risk and unpredictability.

  • speaker photo
    Joshua Horne
    Security Analysis Manager II, Cyber Threat Analysis Center (CTAC) at SecureWorks
  • speaker photo
    Ron Winward
    Security Evangelist, North America, Radware

    As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America.
    Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
    Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
    Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
    Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation.

  • speaker photo
    Tamika Bass
    Cybersecurity Director, Gannett Fleming

    Tamika Bass is an Information Security professional with more than 17 years’ experience in information security, including information security governance and risk management. Tamika is passionate about improving communication and understanding of information security in the industry. Tamika is an active speaker, college professor and enjoys spending her time educating technical staff on the importance of communicating effectively in the Information Technology space. Tamika holds the following certifications: CISA,CRISC, HCISPP, CBCP.

  • speaker photo
    Ariel Siegelman
    President, DRACO GROUP

    Certified by GA POST as a firearms and Defensive Tactics instructor and by the Israeli government as an instructor of Counter Terrorism, Tactical Firearms, and Krav Maga. Operated in a Special Operations Unit in the Israeli military and is regarded as an international expert in the mitigation and response to violent confrontation, especially Active Shooter.

  • speaker photo
    Meenaxi Dave
    Information Security Instructor/Consultant, Gwinnett Technical College

    Meenaxi Dave is an experienced Information Security educator with proven success developing, delivering and evaluating IT security training programs. She holds her Masters in Computer Science from the University of Memphis and a Diploma in Cybersecurity from GTC. She also holds professional certifications in CISSP, CEH, COMPTIA Security+, Network+, and Linux+. She is on the board for the TAG and the ISSA.

  • speaker photo
    Ed Cabrera
    Chief Cybersecurity Officer, Trend Micro

    Eduardo E. Cabrera is a trusted advisor and a proven cybersecurity leader. He is responsible for analyzing emerging cybersecurity threats to develop innovative and resilient enterprise risk management strategies for Fortune 500 clients and strategic partners. Before joining Trend Micro, he was a 20-year veteran of the United States Secret Service with experience leading information security, cyber investigative, and protective programs in support of the Secret Service integrated mission of protecting the nation’s critical infrastructure and its leaders.

    He is a guest lecturer at New York University Polytechnic Institute, Computer Science and Engineering Department and was a contributing subject matter expert on law enforcement; cyber security strategy and policy; and computer forensics and network intrusion incident response for the 2014 Risk and Responsibility in a Hyperconnected World; 2012 Homeland Security Advisory
    Council Task Force on Cyber Skills Report; and 2012 Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector. He is a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Auditor (CISA).

  • speaker photo
    Jaeson Schultz
    Technical Leader, Cisco Talos

    Jaeson Schultz is a Technical Leader for Cisco Talos Security Intelligence & Research Group. Cisco's
    Talos Group is dedicated to advancing the state-of-the-art of threat defense and enhancing the value of
    Cisco's security products. Jaeson has over 20 years’ experience in Information Security.

  • speaker photo
    Phillip Mahan
    Cybersecurity & Privacy Professional

    Phillip loves to tell stories and has decades of experiences in Security, Privacy, and Technology to use for tales. With enough letters to fill a full serving of alphabet soup (although mostly C’s, I’s, P's, and S’s), he walks through data protection and privacy with an eye to making the world a better place for data to live.

  • speaker photo
    Phillip Mahan
    Cybersecurity & Privacy Professional

    Phillip loves to tell stories and has decades of experiences in Security, Privacy, and Technology to use for tales. With enough letters to fill a full serving of alphabet soup (although mostly C’s, I’s, P's, and S’s), he walks through data protection and privacy with an eye to making the world a better place for data to live.

  • speaker photo
    John Waid
    Founder & CEO, American Club, U.S. Chamber of Commerce

    John Waid is the Founder & CEO of C3-Corporate Culture Consulting. C3 believes that in companies it's all about people and how they behave. Culture is the driving force behind this. Security is a systemic issue and needs an approach that focuses on people's daily behaviors to solve this.

  • speaker photo
    David Barton
    Managing Director, UHY Consulting

    David Barton is a Managing Director with UHY Consulting and practice leader of the Technology, Risk, and Compliance practice, which provides cybersecurity consulting and compliance services focused around information technology. He has over 30 years of practical experience in information systems and technology risk and controls.
    David is frequently asked to speak at national and regional events, such as SecureWorld and the Cloud Security Alliance Congress. He is the primary author of the CSA position paper on AICPA Service Organization Control Reports. He regularly provides his input and opinions for national publications such as Compliance Week, Accounting Today, and the Atlanta Journal Constitution.
    David holds an MBA and BS in Business Administration from Appalachian State University. He is Certified in Risk and Information Systems Control (CRISC), received the Certified Information Systems Auditor (CISA) designation in 1988, and is a member of the Atlanta chapter of the Cloud Security Alliance. David has active civic memberships with the Atlanta chapter of the Porsche Club of America and the Tire Rack Street Survival® program for teen driver education. He is also a certified high-performance driving instructor and former Porsche Club racer.

  • speaker photo
    Kim Jackson
    Director, Business Resiliency, Automatic Data Processing

    Kim Jackson is a certified business resiliency professional with over 20 years of experience in incident management, disaster recovery, and business continuity, with a specialization in program development. Kim has successfully created programs for several major banking entity's, as well as large insurance and financial firms to ensure the viability of the organization during an event. Kim currently is the Director of Business Resiliency with ADP, where she continues to drive overall resiliency and incident management for the organization. Kim holds a Bachelor of Arts, and MBA in Economics, and is an avid runner.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes