- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Tuesday, May 23, 20239:00 am[PLUS Course] Developing a Ransomware Program Using the MITRE ATT&CK FrameworkSr. Cybersecurity Consultant, Wilson CyberRegistration Level:
- SecureWorld Plus
9:00 am - 3:00 pmLocation / Room: 119Ransomware is a type of malicious software, or malware, that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return. Ransomware attacks can cause costly disruptions to operations and the loss of critical information and data. You can unknowingly download Ransomware onto a computer by opening an email attachment, clicking an ad, following a link, or even visiting a website that’s embedded with malware.
Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the frequency of attacks remains consistent. Since early 2018, the incidence of broad, indiscriminate Ransomware campaigns has declined, but losses from Ransomware attacks have increased significantly, according to complaints received by FBI case information. Although state and local governments have been particularly visible targets for Ransomware attacks, threat actors have also targeted health care organizations, industrial companies, and the transportation sector.
This course helps organizations design, build, update, maintain a comprehensive Ransomware Program.
Course Outline:
Part 1: Ransomware Overview – The Current Threat Landscape
- What is ransomware and how does it work?
- How ransomware attacks have changed—from 2016 to today
- Today’s ransomware attacks: big game hunting
- Ransomware attacks against critical infrastructure
- Ransomware and cyber insurance
Part 2: Ransomware Attacks and the MITRE ATT&CK Framework
- Discuss ransomware attack stages (initial access, lateral movement, privilege escalation…)
- Review the MITRE ATT&CK Framework (tactics, techniques, procedures)
- Map ransomware attack stages to the MITRE Attack Framework
Part 3: Ransomware Controls Frameworks, Guides, and Best Practices
- NIST IR 8374: Cybersecurity Framework Profile for Ransomware Risk Management
- CISA MS-ISAC Ransomware Guide
- NIST SP 1800-25: Identifying and Protecting Assets Against Ransomware & Other Destructive Events
- NIST SP 1800-26: Detecting and Responding to Ransomware & Other Destructive Events
- NIST SP 1800-11: Recovering from Ransomware & Other Destructive Events
Part 4: Building a Ransomware Program Based on the NIST Risk Management
- Step 1: Prepare – Essential activities to prepare the organization for a ransomware attack
- Step 2: Categorize– Architect, design, organize critical systems, information, and security tools
- Step 3: Select – Choose the ransomware controls (i.e., CISA_MS-ISAC Ransomware Guide)
- Step 4: Implement – Using security tools / sensors to apply ransomware controls to critical assets
- Step 5: Assess – Determine if controls are in place, operating as intended, producing desired results
- Step 6: Authorize – Communicate ransomware program / assessment with executive management
- Step 7: Monitor – Continuously monitor
- Wednesday, May 24, 20237:30 amRegistration openRegistration Level:
- Open Sessions
7:30 am - 4:30 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 4:30 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amA Whole Lotta BS (Behavioral Science) About CybersecurityExecutive Director, National Cybersecurity AllianceRegistration Level:- Open Sessions
8:00 am - 8:50 amLocation / Room: 118Let’s be honest: people can frustrate us. They don’t always do the things we’d like, and they often do some things we’d rather they didn’t. New research from the National Cybersecurity Alliance reveals insights about the public’s attitudes and beliefs about security. We’ll explore the 2022 “Oh Behave! Cybersecurity Attitudes and Behaviors Report,” and some of the findings may surprise you! We’ll also give you practical, actionable advice on how you can better communicate to influence the behavior change you want to see.
8:00 amAdvisory Council Roundtable Breakfast – (VIP / Invite only)Discussion Topic: PCISensitive Information Analyst, USAARegistration Level:- VIP / Exclusive
8:00 am - 8:50 amLocation / Room: 119This roundtable discussion is for our Advisory Council members only
9:00 am[Opening Keynote] Lean On Me: Effective Interdepartmental Communication in Modern TimesCybersecurity Director, Gannett FlemingRegistration Level:- Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterIt is now more important than ever for security professionals to communicate effectively with team members and business stakeholders at all levels, both in-person and virtually. Interdepartmental communication and collaboration can increase compliance and maintain a safe and secure organization. This session focuses on fostering effective communication and collaboration across various departments within the organization.9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:15 amZero Trust: Context and the Data LifecycleDirector, Privacy Program, GoTo FoodsRegistration Level:- Conference Pass
10:15 am - 11:00 amLocation / Room: 116Session description coming soon.
10:15 am[Panel] Making the Cybersecurity Music: Navigating Challenges and Opportunities in Today's InfoSec LandscapeDirector, Cybersecurity Risk, Privacy & Compliance, PGA Tour SuperstoreGlobal Head of Cyber Security (CISO), Mandarin Oriental Hotel GroupAVP, Chief Security Office, AT&TRegistration Level:- Open Sessions
10:15 am - 11:00 amLocation / Room: COver the last few years, the workforce and the way we work has entirely shifted and evolved. Much like conducting a grand orchestra, cybersecurity executives are now called upon to more than just conduct procedures and make “good music.” Listen to local cybersecurity executives who are in the trenches navigating the “new normal,” the threats impacting the industry, and their different key takeaways and lessons learned along the way. This discussion is followed by a live Q&A, so come prepared to ask your local executives your burning workforce questions!10:15 amShift-Left, Shield Right: Real-Time Cloud Workload Protection in a CNAPP WorldDirector, Product Marketing - Cloud, SentinelOneRegistration Level:- Open Sessions
10:15 am - 11:00 amLocation / Room: 118The cloud is big business, and so it is increasingly in the crosshairs of threat actors. The challenge is that cloud security is a multi-faceted puzzle, ripe with acronyms and jargon. Join SentinelOne as we speak plainly about cloud defense in depth, from build time to runtime. We will examine the role of cloud workload protection (CWPP), why real-time CWPP is so important, and offer recommendations to accelerate innovation and operate securely.
11:10 amThe Need for Business CertificatesCISO, Needling WorldwideRegistration Level:- Conference Pass
11:10 am - 11:55 amLocation / Room: 116Session description coming soon.
11:10 am[Panel] There's a Bad Moon on the Rise – Are You Ready?Identifying the Current Threat LandscapeCo-Founder & CEO, Horizon3.aiSr. Solutions Engineer, LookoutSr. Regional Manager, CloudflareCybersecurity Director, Gannett FlemingRegistration Level:- Open Sessions
11:10 am - 11:55 amLocation / Room: CLike the main character in the 1981 horror movie, An American Werewolf in London, cybercriminals continue to morph into something evil, lurking in the night (and day) to cause harm to people, organizations, and governments. Cue the Creedence Clearwater Revival song, Bad Moon Rising.
The cybersecurity community is smart and more than capable of thwarting bad actors, fangs and all. They have tools, technologies, partnerships across private and public entities, and solution vendors to help them along the way. Don’t forget about the consultants working hard to stay ahead of those wanting to do harm, as well.
Hear our panelists’ views on the current threat landscape, solutions they have to offer, and ideas they have for turning a bad moon into a harvest moon.
11:10 amDeriving Insight from Threat Actor InfrastructureSecurity Engineer, Team CymruRegistration Level:- Open Sessions
11:10 am - 11:55 amLocation / Room: 118From proactively hunting for unknown attacker infrastructure, to placing the exploitation of vulnerabilities on a timeline often obscured by large spikes in activity, this talk will explore ways in which we can enrich our understanding of the threat landscape beyond that which is shared in threat feeds and reports.
12:00 pm[Lunch Keynote] Credentials Are the New RCECo-Founder & CEO, Horizon3.aiRegistration Level:- Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterToday’s attackers don’t need to exploit your vulnerable applications or pry through your abundance of security solutions to get to your crown jewels. Instead, they’re using your stolen credentials to silently move throughout your network to access your private data without you even knowing it. Credential-based attacks are becoming the new Remote Code Execution (RCE), and even worse, these weaknesses are not detected by vulnerability scanners, endpoint detection, and most penetration tests. In fact, attackers don’t hack in, they log in.
Whether it’s reused or weak passwords, misconfigured or default security settings, or just poor security hygiene across the entire organization, defenders must understand how these attacks work so they can adequately manage their risk.
Join Snehal Antani, CEO of Horizon3.ai, where he’ll discuss our research team’s findings and discoveries about how these attacks progress, what is the catalyst, what is the result, and what you need to do to prevent falling victim to this attack vector.
During this session, you will learn how attackers:
- Use OSINT and password spraying to breach perimeters without ever targeting CVEs
- Land and expand with legitimate credentials, then poison assets that can snowball to complete domain compromise
- Pivot to your expanding cloud attack surface, finding cloud credentials in SMB drives and then compromising cloud services
- Exploit the lack of MFA to compromise business email enabling more targeted phishing attacks
As the session wraps up, you’ll hear remediation guidance that you need to implement today.
12:00 pmAdvisory Council Roundtable Lunch (VIP / Invite only)Current AI Risks and Benefits: A CISO Guide to the Good, the Bad, and the Ugly!Field CISO, Check Point Software TechnologiesRegistration Level:- VIP / Exclusive
12:00 pm - 12:45 pmLocation / Room: 119Roundtable discussion for SecureWorld Advisory Council members, hosted by Pete Nicoletti of Check Point.
In this very up to the date session, Pete will discuss how the CISO and Security staff need to be the leaders to address issues and risks that are increasing every day. The Good: how to leverage AI tools to increase your competitive advantages and speed up product development, improve documentation and training, and more. We’ll also discuss the upsides and advantages to leveraging AI-based tools to fight off zero days and bad guy created AI based phishing attacks. Then we change to mood to the Bad: the risks of corporate users leveraging AI tools to have compliance and security events. We’ll discuss how hackers are using these tools to write new malware and create hyper-targeted attacks. Then the Ugly: talking about the future. There will be staff reductions, hacks, outages, and the potential for bad AI to morph into SKYNET.
12:45 pmNetworking BreakRegistration Level:- Open Sessions
12:45 pm - 1:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pmWhere Are We with Securing Critical Infrastructure?Fellow & Director of Cybersecurity, FluorRegistration Level:- Conference Pass
1:15 pm - 2:15 pmLocation / Room: 118The need for cybersecurity in critical infrastructure environments (e.g., energy pipelines, power plants, nuclear facilities, petrochemical sites, water treatment plants) is at critical levels. In this discussion, we’ll be looking at the current state of cybersecurity in these types of ICS/OT environments.
1:15 pm[Panel] Lucy in the Cloud with DiamondsSecuring Your Cloud EnvironmentSr. Director, Head of Cloud Sales, UptycsSr. Solutions Engineer, FortraDirector of Education, ISSA AtlantaCIO, Esquire Deposition Solutions, LLCRegistration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: CCan you “imagine” if The Beatles, when first starting out, had to deal with having their catalog of music hacked, stolen, and held for ransom simply because it was in an unsecure cloud setting? While it is possible for that to happen with their hit-laden collection of songs today, it’s merely a tiny example of how businesses operate at a minimum in a hybrid cloud environment—many in a cloud-only platform.
With that comes security issues and another major area which cybersecurity professionals must work diligently to protect.
Our panel of experts share the good, the bad, and the ugly of operating in a cloud environment, what it takes to make the move to hybrid or multi-cloud successful, how to protect data from insider and outsider threats, and what it takes to provide the support DevOps teams need.
2:15 pmNetworking BreakRegistration Level:- Open Sessions
2:15 pm - 2:30 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:30 pmBack to the Basics: Don't Be Distracted by the Shiny Objects and BuzzwordsCISO, Paradies LagardèreRegistration Level:- Conference Pass
2:30 pm - 3:15 pmLocation / Room: 116Are information security programs learning the lessons from organizations in the news? Probably not, as many of the reported breaches are due to failures of basic information technology processes. Simply put, organizations are failing at fundamental security tasks which if implemented would lead to fewer breaches and greater security for their data.
We will explore the basics, why they matter, and when failure to implement the basics led to breaches.
2:30 pmISSA Chapter Meeting [Open to all attendees]Empowering Digital Citizens at HomeCSO, Castle Black; Founder, Savvy Cyber Kids; NACD Board Leadership FellowRegistration Level:- Open Sessions
2:30 pm - 3:15 pmLocation / Room: DSession description coming soon.
2:30 pmSecuring User Access with Comprehensive Identity ManagementRegional Sales Engineer, CrowdStrikeRegistration Level:- Open Sessions
2:30 pm - 3:15 pmLocation / Room: 118Identity management is crucial for securing user access across an organization’s IT infrastructure. A comprehensive identity management platform provides a unified view of user identities and access rights, allowing administrators to easily manage user access, detect and remediate identity-related threats, and enforce access policies. This presentation will provide an overview of the key features and benefits of a modern identity management platform and demonstrate how it can help organizations to enhance their security posture and protect against the latest identity-based threats
3:15 pmNetworking Break and Dash for PrizesRegistration Level:- Open Sessions
3:15 pm - 3:45 pmLocation / Room: Exhibitor HallVisit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.
Participating sponsors will announce their Dash for Prizes winners. Must be present to win.
3:15 pmHappy HourSponsored by UptycsRegistration Level:- Open Sessions
3:15 pm - 5:00 pmLocation / Room: Exhibitor HallJoin your peers for conversation and complimentary beer, wine, soda, and hors d’oeuvres. This is a great opportunity to network with other security professionals from the area, and to discuss the hot topics from the day.
Generously sponsored by Uptycs. A drink ticket is included on your attendee badge.
3:45 pmCyber World on Fire: A Look at Internet Security in Today’s Age of ConflictCNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLCRegistration Level:- Conference Pass
3:45 pm - 4:15 pmLocation / Room: DThis informative session analyses the growing threat of cyberattacks and risks to internet security in today’s world. Col. Leighton explores the various types of attacks and vectors, including how bad actors can impact businesses and individuals. The session also examines the role of governments and international organizations—partnering with public and private businesses—in protecting against cyber threats.
Col. Leighton describes how nefarious actions are becoming increasingly more sophisticated and widespread, with hackers targeting not just large corporations but also smaller businesses and even individuals. He emphasizes the need for organizations to take proactive measures to protect their networks and data, including investing in advanced security technologies and providing regular training to employees.
He shares examples of cyber activity—good and bad; offensive and defensive—from Ukraine, China, and around the globe.
3:45 pmCyversity Chapter Meeting - Open to all attendeesTopic: Bridging the Women Leadership Gap in CybersecurityHead of Security, Riot GamesChief Risk Officer, BakktDeputy Chief Privacy Officer, Centers for Disease Control and PreventionAtlanta Chapter President, CyversityRegistration Level:- Open Sessions
3:45 pm - 4:30 pmLocation / Room: CThe latest (ISC)² Cybersecurity Workforce Study revealed that the percentage of women in cybersecurity has slightly increased to ~24%; however, these numbers continue to leave much to be desired. While men still outnumber women in the cybersecurity profession and salary disparity still exists, women in the field are obtaining leadership positions in higher numbers.
Join us for a panel of extraordinary women leaders who will share their journey and engage in a discussion on ways to succeed and advance in the cybersecurity industry.
- Atlantic Data Security + TrellixBooth: 340
Since 1993, Atlantic has been representing industry leading security products to help get customers to an acceptable level of IT security risk. Atlantic works extensively with both large enterprises and SMB markets, understanding their business goals before any solution is recommended. Atlantic’s strict focus ensures that customers receive the highest level of both service and support.
Trellix is a global company redefining the future of cybersecurity. The company’s open and native extended detection and response (XDR) platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix’s security experts, along with an extensive partner ecosystem, accelerate technology innovation through machine learning and automation to empower over 40,000 business and government customers. More at https://trellix.com.
- AvertiumBooth: 120
Avertium was born from 4 award-winning cybersecurity firms in 2019. Today, helping mid-to-enterprise organizations protect assets and manage risk is our only business. Our mission is to make our customers’ world a safer place so that they may thrive in an always-on, connected world.
- Check Point Software TechnologiesBooth: 320
Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.
- CloudflareBooth: 100
Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company. It empowers organizations to make their employees, applications, and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.
Powered by one of the world’s largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations—from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.
Learn more about Cloudflare’s connectivity cloud at cloudflare.com/connectivity-cloud. Learn more about the latest internet trends and insights at radar.cloudflare.com.
- CrowdStrikeBooth: 300
CrowdStrike sets the standard for cybersecurity in the cloud era. The CrowdStrike Falcon® platform protects and enables the people, processes, and technologies that drive modern enterprise, delivering superior protection, better performance, reduced complexity, and immediate time-to-value. CrowdStrike secures the most critical areas of enterprise risk—endpoints and cloud workloads, identity, and data—to keep organizations ahead of today’s adversaries and stop breaches.
- CRESTBooth: 160
CREST is an international not-for-profit accreditation and certification body that represents and supports the technical information security market. CREST provides internationally recognised accreditations for organisations and professional level certifications for individuals providing penetration testing, cyber incident response, threat intelligence, and Security Operations Centre (SOC) services.
- Cyversity Atlanta ChapterBooth: 210
Our mission is to achieve the consistent representation of women and underrepresented minorities in the cybersecurity industry through programs designed to diversify, educate, and empower. Cyversity tackles the “great cyber divide” with scholarship opportunities, diverse workforce development, innovative outreach, and mentoring programs.
- EndaceBooth: 130
Customers choose Endace products for one primary reason: they deliver, where competitor products fail. Whether it is capture accuracy, fidelity of time stamps, write-to-disk performance or speed of traffic retrieval, Endace is famous for delivering the very best performing products. Telcos, broadcasters, governments, defence departments, investment banks and many other large enterprises trust our products to help them manage their critical data networks.
- Envision Technology AdvisorsBooth: 800
Envision Technology Advisors is a business and technology consultancy specializing in Digital Transformation, Cybersecurity, Business Continuity, Infrastructure Consulting, Web Design and Development, and much more. With offices in Rhode Island and the Boston area, Envision serves clients throughout New England and beyond.
- FortanixBooth: 220
Fortanix provides a developer and cloud-friendly key management and encryption solution to keep data secure at the application level. Fortanix DSM exclusively manages complete confidential computing environment & enclave lifecycle, including creation, deployment, monitoring, & auditing.
- FortraBooth: 510
HelpSystems has long been known for helping organizations become more secure and autonomous. However, over the years, our customers have shared with us that it has gotten harder and harder to protect their data. As technology plays an increasingly important role in the way organizations operate, cyberthreats are evolving to become more powerful than ever before. If there’s one thing we’ve learned from being in an industry where the only constant is change, it’s that being adaptable is the best way to grow in the right direction. So we’ve listened to our customers’ concerns, problem-solved, and delivered with impressive results. Consequently, we’re a different company today — one that is tackling cybersecurity head-on.
That’s why HelpSystems is now Fortra, your cybersecurity ally. We’re bringing the same people-first support and best-in-class portfolio that you’ve come to expect from HelpSystems, only now we’re unified through the mission of providing solutions to organizations’ seemingly unsolvable cybersecurity problems. We offer leading solutions like data security, infrastructure protection, managed services, and threat research and intelligence. Throughout every step of our customers’ journeys, our experts are determined to help increase security maturity while decreasing the operational burden that comes with it. Because our team puts the same level of care into protecting our customers’ peace of mind as their precious data.
We’re driven by the belief that nothing is unsolvable.
We’re tenacious in our pursuit of a better future for cybersecurity.
We are Fortra. - Horizon3.aiBooth: 530
Horizon3.ai’s mission is to help you find and fix attack vectors before attackers can exploit them. NodeZero, our autonomous penetration testing solution, enables organizations to continuously assess the security posture of their enterprise, including external, identity, on-prem, IoT, and cloud attack surfaces.
Like APTs, ransomware, and other threat actors, our algorithms discover and fingerprint your attack surface, identifying the ways exploitable vulnerabilities, misconfigurations, harvested credentials, and dangerous product defaults can be chained together to facilitate a compromise.
NodeZero is a true self-service SaaS offering that is safe to run in production and requires no persistent or credentialed agents. You will see your enterprise through the eyes of the attacker, identify your ineffective security controls, and ensure your limited resources are spent fixing problems that can actually be exploited.
- ISC2 AtlantaBooth: 110
ISC2 Atlanta chapter encompasses the Atlanta Metro area. Our chapter program provides members a forum to facilitate the exchange of knowledge and ideas, development of leadership and professional skills, and advancement of information systems security. We also provide our members with access to a variety of industry resource and educational programs to keep our members informed of the latest advances in technology and techniques.
Our mission is to advance information security in local communities throughout Atlanta, Georgia, by providing our members and other security professionals with the opportunity to share knowledge, grow professionally, educate others, and collaborate on projects.
- ISACA AtlantaBooth: 550
The aim of the ISACA Atlanta Chapter is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help further promote and elevate the visibility of the IT audit, risk, control and security professions throughout the local area.
Nearing its 50th year, ISACA is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its half-million engaged professionals in information and cyber security, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology.
- ISSA Metro Atlanta ChapterBooth: 500
The ISSA Metro Atlanta chapter has developed over the years into one of the largest ISSA chapters worldwide and the largest IT Security organization in the Metro Atlanta area. The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.
- KeysightBooth: 240
Keysight’s portfolio of network security solutions simulate threats, eliminate blind spots, taking control of a rapidly-changing attack surface. Be a hero, not a headline, by proving your network is secure simulating attacks, exposing gaps early, and course correct with step-by-step fixes; protecting users and applications with increased the efficiency, performance, and reliability of your security systems; patrolling every packet eliminating vulnerable blind spots and decrypt threats hiding in SSL traffic; and practice your cyber skills enhancing your security and attack response skills against real-world threats.
- LookoutBooth: 200
Lookout is a cybersecurity company that makes it possible for individuals and enterprises to be both mobile and secure. With 100 million mobile sensors fueling a dataset of virtually all the mobile code in the world, the Lookout Security Cloud can identify connections that would otherwise go unseen—predicting and stopping mobile attacks before they do harm.
- National Cybersecurity AllianceBooth: 350
Our alliance stands for the safe and secure use of all technology. We encourage everyone to do their part to prevent digital wrongdoing of any kind. We build strong partnerships, educate and inspire all to take action to protect ourselves, our families, organizations and nations. Only together can we realize a more secure, interconnected world.
- NetskopeBooth: 650
The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.
- Recorded FutureBooth: 150
Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.
- SentinelOneBooth: 250
SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.
- Skybox SecurityBooth: 425
Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.
- Team CymruBooth: 630
Team Cymru’s mission is to save and improve human lives. We are unrivalled across three disciplines; digital business risk platforms, free to use community services and support services to over 143 Government CSIRT teams.
Our business risk and threat intelligence platforms empower global organizations with unmatched Threat Reconnaissance and Attack Surface Management capabilities to meet the challenges of today’s cyber threats.
Community Services equip those who run the internet to defend it from criminals who wish to disrupt and cause harm, and CSIRT enables Governments the tools to outmaneuver nation state threat actors.
Since 2005, our reputation remains unchallenged.
- TechTargetBooth: n/a
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- ThreatLockerBooth: 410
ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com
- UptycsBooth: 230
Inspired by CRM and business process analytics, the Uptycs vision is to empower security teams with the same real-time decision making, driven by structured telemetry and powerful analytics.
By providing a unified view of cloud and endpoint telemetry from a common solution, making every user and platform action auditable, and having an open and extensible API, we eliminate black-box operations, reduce tool sprawl, and ultimately arm modern defenders with the insights they need across their cloud-native attack surfaces.
- ZeroFoxBooth: 830
Using diverse data sources and artificial intelligence-based analysis, the ZeroFox Platform identifies and remediates targeted phishing attacks, credential compromise, data exfiltration, brand hijacking, executive and location threats and more. The patented ZeroFox SaaS technology processes and protects millions of posts, messages and accounts daily across the social and digital landscape, spanning LinkedIn, Facebook, Slack, Twitter, Instagram, Pastebin, YouTube, mobile app stores, the deep & dark web, domains, email and more.
Led by a team of information security and high-growth company veterans, ZeroFox has raised funding from NEA, Highland Capital, Intel Capital, Hercules Capital and others, and has collected top industry awards such as Red Herring Top 100 North America, the SINET16 Champion, Dark Reading’s Top Security Startups to Watch, Tech Council of Maryland’s Technology Company of the Year and the Security Tech Trailblazer of the Year.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Lisa PlaggemierExecutive Director, National Cybersecurity Alliance
Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.
- Kevin Chalk, ModeratorSensitive Information Analyst, USAA
- Tamika BassCybersecurity Director, Gannett Fleming
Tamika Bass is an Information Security professional with more than 17 years’ experience in information security, including information security governance and risk management. Tamika is passionate about improving communication and understanding of information security in the industry. Tamika is an active speaker, college professor and enjoys spending her time educating technical staff on the importance of communicating effectively in the Information Technology space. Tamika holds the following certifications: CISA,CRISC, HCISPP, CBCP.
- Phillip MahanDirector, Privacy Program, GoTo Foods
A standard biography for Phillip would mention his years of experience in Privacy, Security, Governance, and Audit. It would tell of the business sectors he has worked with, and perhaps even the companies and professional organizations he’s been affiliated with for the last 25+ years. This is not the standard bio.
Telling stories and pulling connections together from places unexpected.
Using Poetry, Literature, and Fairy Tales to make points understood by those not in the tech field. When speaking at conferences, he aims to take the listeners on a journey leading them somewhere they weren’t expecting when the story began.
Phillip prefers people thinking of him more as someone who looks at the world differently but will help to get you where you need to be.
- Alicia Laing ClarkeDirector, Cybersecurity Risk, Privacy & Compliance, PGA Tour Superstore
Alicia Laing Clarke is the Director of Cyber Security, Risk and Privacy (Head of Security) for PGA Tour Superstores. Alicia oversees PGA Tour Superstore (PGATSS) Cyber Protection, Risk, Compliance and Privacy of all PGATSS assets and data. She is responsible for protecting PGATSS from cyber activities and leading PGATSS’s response to cyber threats. Prior to assuming the role of Head of Security, Mrs. Laing Clarke was the Director of Risk and Vulnerability Management within the ACI Worldwide of the largest financial processor and services provider. Where she led and oversaw the development of cyber capabilities for all the ACI Worldwide running the vulnerability and penetration testing program. Mrs. Laing Clarke 20+ years security experience stem from various industries ranging from financial, retail, transportation, non-profit and health care. She has a strong background in developing security strategy and roadmaps and risk assessments. She has extensive knowledge and exposure in many network security techniques and solutions such as vulnerability assessment, key management and compliance, privacy, secure configuration, vendor management, BCP/BIA/DR, and other security technologies. She also provides subject matter expertise support for information security related issues to the business clients and to help identify pragmatic security solutions.
Mrs. Laing Clarke obtained her first degree which was a Bachelor of Science and Minor in Mathematics from CUNY Hunter College; as well as master’s in information security from James Madison University. She has acquired several security certifications that have demonstrated mastery as a Certified Information System Security Professional (CISSP), CIS Auditor (CISA), and CIS Manager (CISM). Mrs. Laing Clarke is a wife, mother of two, loves to shop and travel the world.
- Will DeMarGlobal Head of Cyber Security (CISO), Mandarin Oriental Hotel Group
- Rebecca Finnin, ModeratorAVP, Chief Security Office, AT&T
Rebecca Finnin is an Assistant Vice President in the Chief Security Office of AT&T. During her tenure, she has served in a variety of information security and privacy roles.
Ms. Finnin has led teams to embed security features into the software defined network, developed tools to allow DevOps teams to self-identify relevant security requirements, secured AT&T contributions and use of open-source software, built applications to automatically derive a software bill of materials, performed vulnerability assessments of software and infrastructure, and delivered development projects to meet privacy requirements. Her current role involves assisting with product development efforts to turn unique AT&T solutions into secure new product offerings.
Prior to AT&T, Ms. Finnin spent almost a decade in public accounting and consulting at Deloitte.
- Rick BosworthDirector, Product Marketing - Cloud, SentinelOne
Rick Bosworth is an engineer turned product manager and marketer, bringing an uncommon technical perspective to enterprise GTM strategy and execution for almost two decades. At SentinelOne, his focus in cybersecurity—in particular cloud workloads, IoT, and user endpoint security—has provided expertise to the rapidly-evolving challenges across multiple fronts.
- Snehal AntaniCo-Founder & CEO, Horizon3.ai
Snehal Antani is CEO and Co-founder of Horizon3.ai, a cybersecurity company using AI to deliver Red Teaming and Penetration Testing as a Service. He also serves as a Highly Qualified Expert for the U.S. Department of Defense, driving digital transformation and data initiatives in support of Special Operations.
- Andy OlpinSr. Solutions Engineer, Lookout
Andy is a seasoned cybersecurity professional with more than 20 years in the field. At the Walt Disney Company, Andy was a compliance and security architect, managing solutions for Disney's broad portfolio of businesses. He moved on to be a solutions architect for MobileIron and now Lookout, where he has been for the past five years.
- Gary WalderichSr. Regional Manager, Cloudflare
Gary has more than 25 years' total IT industry experience, with the last 21 years focused on security. In addition, he has spent seven of those years as an SE Manager and SE Director. Gary currently works for Cloudflare supporting enterprise solutions for companies in the Southeast region.
- Tamika Bass, ModeratorCybersecurity Director, Gannett Fleming
Tamika Bass is an Information Security professional with more than 17 years’ experience in information security, including information security governance and risk management. Tamika is passionate about improving communication and understanding of information security in the industry. Tamika is an active speaker, college professor and enjoys spending her time educating technical staff on the importance of communicating effectively in the Information Technology space. Tamika holds the following certifications: CISA,CRISC, HCISPP, CBCP.
- Kyle KrejciSecurity Engineer, Team Cymru
Kyle Krejci is a highly skilled and experienced Security Engineer at Team Cymru with over a decade of experience in Network Security and Engineering. He has a strong background in the field of cybersecurity and is passionate about using his expertise to help organizations better protect themselves against cyber threats.
Kyle has gained a reputation in the industry for his exceptional ability to conduct threat analysis research, and his findings have been published in several leading publications. He is also a sought-after speaker at cybersecurity conferences, where he shares his insights on the latest trends and best practices for protecting against cyber threats.
In addition to his professional work, Kyle is an advocate for maintaining a healthy work-life balance. He understands the importance of prioritizing personal time and spending his free time with his family or staying current on the latest cybersecurity news and developments.
- Snehal AntaniCo-Founder & CEO, Horizon3.ai
Snehal Antani is CEO and Co-founder of Horizon3.ai, a cybersecurity company using AI to deliver Red Teaming and Penetration Testing as a Service. He also serves as a Highly Qualified Expert for the U.S. Department of Defense, driving digital transformation and data initiatives in support of Special Operations.
- Pete Nicoletti, ModeratorField CISO, Check Point Software Technologies
Pete Nicoletti has 31 years of IT and MSSP experience and has been a hands-on CISO for the last 18 years and recently joined Check Point as Field CISO of the Americas.
Pete’s experience and leadership was most recently at Cybraics Defense as CISO. This company is an advanced Artificial Intelligence and Machine Learning Analytics formed as a DARPA funded project. Pete is the former CISO of Hertz Global, successfully protecting the brand in over 150 countries, 20,000 employees, and 10,000 locations. Pete led Virtustream’s (now a Dell company) efforts as CISO to achieve FedRAMP and NIST 800-53 certification in record time and hosted dozens of US Federal Agencies on its most secure cloud design. Pete started the MSSP, security consulting, Pen/Vulnerability Testing Teams as VP of Security engineering at Terremark and successfully guided these services migration in the Verizon purchase. Pete has been a local S. Florida trailblazer for many years, starting a wireless ISP, a network engineering company and an award-winning CRM-telephony Integration Company.
Pete is a founder, leader, and member of numerous security groups and is a Board Member and Board Advisor. In 2017, Pete was honored to be selected as a “Top 100 Global Chief Security Officers.” Pete’s cloud security deployments and designs have been rated by Garter as #1 and #2 in the world, and he literally “wrote the book” on secure cloud reference designs as published in Intel Press: “Building the Infrastructure for Cloud Security: A Solutions View.”
- Michael HolcombFellow & Director of Cybersecurity, Fluor
Michael Holcomb is the Fellow and Director of Information Security for Fluor, one of the world's largest construction, engineering, and project services companies with 60,000 employees around the world. In his role at Fluor, Michael is responsible for vulnerability management, incident detection/response, penetration testing and industrial controls for the global organization. He also teaches cybersecurity as an adjunct instructor at Greenville Technical College and helps students, career transitioners, and others that are new to cybersecurity.
- Paul McBratneySr. Solutions Engineer, Fortra
Paul came to security after many years working in hosting and managed services. He has a background in Windows Administration, networking, and public cloud.
- Larry HoltDirector of Education, ISSA Atlanta
- Jim Ballowe, ModeratorCIO, Esquire Deposition Solutions, LLC
- Michael MarsilioCISO, Paradies Lagardère
Michael Marsilio is the Information Security and Compliance Officer for Paradies Lagardère, where he is responsible for information security, risk management, privacy and compliance. Michael plays a strategic role in protecting Paradies Lagardère IT resources, infrastructure and information assets, and helps drives global security initiatives. He has more than 25 years of experience in building and managing security and compliance programs for both public and private companies and has a substantial track record in PCI, PII, PHI, IT General Controls and developing cybersecurity policy for financial, retail and legal organizations.
Prior to joining Paradies Lagardère, Michael was the Global Director and CISO at DTI (now Epiq), the industry leader in the legal e-discovery space. Taking the organization’s security program from a green field to ISO 27001 certified data centers globally.
- Ben HalpertCSO, Castle Black; Founder, Savvy Cyber Kids; NACD Board Leadership Fellow
Ben Halpert is a man on a mission: to educate and empower today’s digital citizens in the workplace, at schools, and at home. By day, he is the CSO at Castle Black providing individuals cybersecurity, online privacy, and digital hygiene services with 24/7 human support. By night, he champions cyber ethics education throughout society via the 501(c)3 nonprofit Savvy Cyber Kids he founded in 2007.
Ben enjoys being on boards of organizations looking to enhance value and organizational resilience for the stakeholders they serve. Ben is honored to speak and keynote at conferences and events worldwide. He has presented at the World Economic Forum, NACD directorship training, RSA Security Conference, GISEC Global, InfoSec World, SecureWorld, Cyber Future Foundation, IEEE, ACM, CSO50, CIO/CISO Summits and many other events over his career. Ben was invited to present at TEDxKids@Vilnius (Raising Savvy Cyber Kids) and TEDxSaintThomas (Technology addiction and what you can do about it). Based on his early research and experience in the then emerging field of Cloud Computing,
Ben was invited to publish Auditing Cloud Computing: A Security and Privacy Guide through John Wiley & Sons. Ben was a contributing author to Readings and Cases in the Management of Information Security and the Encyclopedia of Information Ethics & Security, wrote the security column for Mobile Enterprise Magazine and has contributed to seven NIST special publications. Page 1 of 3 Through Savvy Cyber Kids, Ben provides cyber ethics educational and awareness sessions for parents, teachers, and students – from preschool through high school.
Ben is the award-winning author of The Savvy Cyber Kids at Home children’s book series (The Family Gets a Computer, The Defeat of the Cyber Bully, and Adventures Beyond the Screen). As a trusted voice on a variety of cyber security issues, Ben has made numerous TV and radio appearances and has been featured in newspapers and magazines such as The New York Times, Wired, Bloomberg, BBC, Kiplinger, Good Morning America, Good Day Atlanta, CNN HLN, Fox News, RogersTV, RTVI, 11 Alive, WSB-TV, among others.
- Justin JordanRegional Sales Engineer, CrowdStrike
As a skilled cybersecurity specialist with over 15 years of experience, Justin has honed his expertise in privileged access, identity security, and Endpoint Security Solutions. His background spans various industry-leading companies, including BeyondTrust, FireEye, and CrowdStrike. As a subject matter expert and advisor, he has contributed to the development of security solutions and offered best practices guidance for prominent global clients. His diverse experience encompasses network engineering, vulnerability assessments, and working as a Senior Engineer with an MSSP, equipping him with a comprehensive understanding of the cyber threat landscape.
- Happy Hour
- Col. Cedric LeightonCNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC
Cedric Leighton is a CNN Military Analyst and a retired United States Air Force Colonel. On CNN, he has provided incisive commentaries on the Israel-Hamas War, the War in Ukraine, the U.S. withdrawal from Afghanistan, and numerous other conflicts around the world. His analysis has been seen by millions of viewers around the world and provided much needed context to some of the most pressing national security issues of our time. As a U.S. Air Force officer, Colonel Leighton served at U.S. Special Operations Command, the Joint Staff, and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star. After serving 26 years as a U.S. Air Force Intelligence Officer, Col. Leighton founded a strategic risk consultancy and became the co-founder of CYFORIX, where he advises multinational businesses on developing better cyber strategies designed to reduce risk and unpredictability.
- Nicole DoveHead of Security, Riot Games
Nicole Dove is an award-winning cybersecurity leader, university lecturer & host of the Urban Girl Corporate World podcast.
As Head of Security for Riot Games, she is responsible for building a scalable security program including a team of BISOs to support the company’s expansion into entertainment, music and esports.
Nicole performed voice over work on two Grand Theft Auto titles, attended the 2016 White House Summit on the United State of Women, won the 2021 EWF Woman of Influence Award and completed Cybersecurity Leadership studies at Harvard University.She produces and hosts the Urban Girl Corporate World podcast, creates Cybersecurity courses for LinkedIn Learning, is a frequent guest on tech podcasts and has given keynotes at tech conferences and organizations including Facebook, Yale School of Management, RSA, OWASP, Deloitte Consulting, and Goldman Sachs.
- Susan LamChief Risk Officer, Bakkt
Susan Lam is a resourceful and multi-disciplined senior Enterprise Risk Management and Governance leader with a proven track record for developing and leading strategic initiatives and innovations in dynamic and fast-paced environments. She is currently the Chief Risk Officer at Bakkt responsible for Enterprise Risk Resilience which comprised of the Enterprise Risk Management and Cybersecurity programs. One of Susan’s primary responsibilities is to work with the various risk domain owners to proactively identify and address risks that may otherwise derail the company’s ability to meet its business goals and objectives. Prior to joining Bakkt, Susan was the VP for Security, Risk, and Compliance supporting Fiserv’s Digital Payments and Risk Solutions business. Susan also worked at Equifax as the VP of Information Security and Risk Management where led a team of Business Information Security Officers (BISO) supporting business units and overseeing the Merger & Acquisition process.
- Jarell OshodiDeputy Chief Privacy Officer, Centers for Disease Control and Prevention
Jarell Oshodi is a licensed attorney, Certified Information Privacy Professional (CIPP/US), and Certified Information Privacy Manager (CIPM) with more than 12 years of experience helping a range of government agencies in privacy and data governance roles. She has worked at the Department of Veterans Affairs, the National Institutes of Health, and the Department of Justice, and currently at the Centers for Disease Control and Prevention as the Deputy Chief Privacy Officer. She is the Privacy Director for a non-profit called Black Girls in Cyber where she partnered with Google and IAPP to provide the privacy curriculum for their first Privacy Cohort that will enable 12 women to become Certified Information Privacy Technologists (CIPTs) and get jobs in the privacy field. She has also served as a keynote speaker, provided privacy awareness workshops, and created on-demand e-learning training modules for Fortune 500 companies.
She has used her expertise over the years to develop a proprietary privacy framework that teaches data privacy best practices within global organizations. Her trainings and workshops help companies enhance privacy compliance, build trust, and create a competitive edge. Her e-learning modules have helped create thousands of privacy champions around the world.
She holds a Bachelor of Science in Finance from Hampton University where she graduated magna cum laude and was honored as a 40 under 40 alumna. She also holds a Juris Doctorate from Mercer University. She is a proud New Orleans native living right outside Atlanta with her husband and two boys.
- Cassandra Dacus, ModeratorAtlanta Chapter President, Cyversity
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes