googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, March 14, 2018
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    Advisory Council Roundtable Breakfast (VIP / Invite only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: 109

    Moderated discussion for SecureWorld Advisory Council members. By invite only.

    8:00 am
    SecureWorld PLUS Part 1 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 107

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    8:00 am
    SecureWorld PLUS Part 1 - Security’s New Know: Strategic Skills for the Digital Age
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company
    speaker photo
    CIO, Boston Red Sox
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 108

    Security’s Dark Age is coming to an end. A sub-set of organizations has moved beyond the misunderstandings, stigmatizations, dysfunctional economics and toxic mindsets regarding the practice of security. A new age is upon us – an age that requires new thinking, new skills and new practices. This session – part Harvard MBA-in-a-box, part Amish barn raising and part therapy session features Futurist Thornton May and a faculty of local experts detailing what the positive path to the future might look like.

    8:00 am
    [SecureWorld PLUS] Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 105

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:30 am
    What Really Works With Cyber Tabletop Exercises
    • session level icon
    speaker photo
    Sr. Principal, Security Risk Management, Verizon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 102

    A good Cyber Tabletop Program can consist of seminars/workshops, tabletop exercises, drills, multi-team functional exercises, a cyber range, and training. Come to this presentation to learn what really works from 12 years of experience designing and running cyber exercises. Bring your questions and your experiences to share with the audience too.

    8:30 am
    Security Breach Notification and Enforcement: A Challenging Landscape Becomes Even More Challenging
    • session level icon
    speaker photo
    Partner, Park Legal LLC
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 111

    As of May 25, 2018, as part of the EU General Data Protection Regulation (GDPR), all EU member states will require breach notification to the relevant supervisory authority (or authorities) within 72 hours. At the same time, the US breach notification laws are being updated to require notification in additional situations, and many new countries around the world are adopting notification laws. Given the short time frames for notification, the varying requirements for notifying individuals as well as a whole host of regulators, the likelihood of adverse media attention, and the potential for lawsuits, well-meaning organizations sometimes create additional risks for themselves when a breach occurs, based upon their lack of preparation, knowledge and training in this area. This presentation will discuss the GDPR breach notification requirements including the expectations of the European Commission and member states, as well as the growing assortment of other notification obligations across the US and world, and will include tips and recommendations for minimizing your organization’s risk.

    8:30 am
    Vendor Risk Management – Understanding and Managing 3rd Party Cyber Risk
    • session level icon
    speaker photo
    CISO, Lahey Health
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 104

    Now more than ever an effective Vendor Risk Management (VRM) Program should be a pillar of any Enterprise Risk Management strategy. The Cybersecurity risks that are inherent to your organization multiply exponentially whenever you introduce external vendors. In this session learn how to effectively audit, measure and continuously monitor your 3rd parties.

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    Opening Keynote: Risk & Security’s Bright Future: Mapping the Road Ahead
    • session level icon
    speaker photo
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    There has never been a better time to be a risk/security professional. Disruptive technologies fundamentally expand the “Art of the Possible;” reshape the solution provider ecosystem [with a new hierarchy of winners & losers]; and discombobulate expectations of how and by whom risk and security should be managed/led.

    In an entertaining and highly interactive session, Thornton May will share with attendees how leading Risk/Security Cartographers chart the future. Like the movers and shakers of the Renaissance, we stand on the shores of a new world –a Mundus Novus as Americo Vespucci labeled it in 1502.

    10:15 am
    ISACA Chapter Meeting Presenting: Adding Technical Cyber Skills To Your Governance and Audit Teams
    • session level icon
    Open to All Attendees
    speaker photo
    Strategic Account Executive, ISACA
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: 101

    Interested in your local associations? Join ISACA for a social meet & greet and chapter news.

    Chris DeMale, CFA, Executive with ISACA International, will be making a special visit to Ireland for a presentation on the latest technology and thought leadership regarding the CMMI Institute, COBIT 5, and Cybersecurity Platforms. Chris will be demonstrating the CMMI Cybermaturity Platform, offering us an exclusive, pre-release look at a cloud-based tool developed in conjunction with the input of hundreds of top cyber and audit teams around the globe. The tool provides over 3100 objectively-developed practice areas, which can be customized to the needs of your enterprise, and evaluates on a continuous basis compliance with the stated objectives to produce board-ready reports.

    Next Chris will discuss COBIT 5 and our strategies for successful implementation and evaluation from examples around the globe. Finally Chris will provide a demonstration of the CSX Cybersecurity Nexus Platform, a hands-on, cloud-based, performance-based, beginner-to-expert level tool for providing skills and assessment to your audit and cyber teams.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable: (VIP / Invite Only)
    • session level icon
    speaker photo
    CISO, Massachusetts Bay Transportation Authority (MBTA)
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 109

    This session is for the Boston Advisory Council / VIP only.

    11:15 am
    baramundi — Innovative Endpoint Management: A Holistic Approach to Vulnerability Management, Patching, OS Upgrades, and Software Distribution
    • session level icon
    speaker photo
    Executive Manager, baramundi software USA, Inc.
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 111
    Windows Fall Anniversary Update, Office 365 Migration, Vulnerability and Patch Management: Are any of these three topics causing your blood pressure to rise? This session will show you how you can automate OS migrations, software deployment projects, and effective security exploit management all from one easy to use Endpoint Management Suite. No university degree or nerd glasses required—buckle up!

     

    11:15 am
    Mimecast: Top 10 Ways to Improve Your Email Security
    • session level icon
    speaker photo
    Principal Security Strategist, Mimecast
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 110

    It is no secret that email-borne attacks by all types of malicious actors continue to be the preferred method to get in, around, and get data out of organizations. While there is no one technology or security control that can be applied to close this security gap, there are many things – at least 10! – that organizations can do to dramatically lower the risk of an email enabled data breach or security incident. In this session, I will go through what I consider to be the top 10 controls organizations can apply, while providing examples of how these controls work to stop certain types of email-borne attacks.

    11:15 am
    [Radware] Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Security Evangelist, North America, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 104

    Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    11:15 am
    The Path to Strategic Application Security
    • session level icon
    speaker photo
    Vice President Managed Services, GuidePoint Security
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 101

    Application Security is a critical function of any business that develops any of their own software. As we’ve seen in recent reports and studies, attacks against applications are a significant risk and are on the rise. Having a Strategic Application Security program as part of any business’s overall security program is becoming more and more important. We will discuss, how organizations are similar but have different Application Security needs, Application Security trends, Strategic Application Security and what it entails, and Application Security challenges we face. Attendees will leave with an understanding of Strategic Application Security and the steps an organization can take to begin to strategize and implement an Application Security program of their own.

    11:15 am
    View From the Top: The Board’s Role in Cybersecurity Oversight
    • session level icon
    speaker photo
    Director, E*Trade Financial
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    In recent board surveys, cybersecurity has been identified as one of the top concerns for corporate directors. From the vantage point of a public company director and risk committee chair, this presentation will discuss the role of the board in cybersecurity oversight, including:

    Board expectations and industry standards
    Integration with enterprise risk management
    Quantification of cyber risk
    Board-level cyber risk reporting and decision-making

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 109

    This session is for the Boston Advisory Council / VIP only.
    Lunch will be served.

    12:15 pm
    LUNCH KEYNOTE: Arbor Networks: Advanced DDoS – Complex, Targeted, Effective
    • session level icon
    speaker photo
    Vice President, ASERT and Global Pre-Sales, Arbor Networks
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.

    1:15 pm
    Panel: You’ve Got Burned! Now What? (Incident Response)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 103

    We’ve all heard the adage that it’s not if it happens but when you are inevitably breached… Do you have a plan? Even a framework to go off of? What do you include? Who do you include? How often should you be practicing this plan? Join our experts as they discuss incident response plans, who should be involved, best practices, and pitfalls.

    1:15 pm
    Massachusetts Cyber Education and Talent Ecosystem
    • session level icon
    speaker photo
    Vice President for Economic Development, University of Massachusetts President's Office
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:00 pm
    Location / Room: 104

    The University of Massachusetts, the Advanced Cyber Security Center, and industry partners in several technology sectors, has launched the Cyber Security Education Training Consortium. This nationally unique Consortium invites the participation of over 40 cyber security training and degree granting programs in the Commonwealth of Massachusetts to collectively address the high demand for talent in the rapidly growing field of cyber security. The goal of the Consortium is to leverage a network of higher education institutions and local security leaders to ensure we are producing top talent at scale and to make security careers more attractive and accessible in Massachusetts.

    1:15 pm
    Rapid7: Practical Strategies for Taking on the Modern Adversary
    • session level icon
    speaker photo
    Technical Product Manager, Rapid7
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm
    Location / Room: 102

    An attacker’s ability to go from vulnerability to exploit is faster than ever. Is your team ready to respond to an incident quickly and efficiently? In this session, we’ll go over methods and tactics for keeping your security program evolving as fast as your adversaries. From attacker behavior analysis to automation and orchestration, we’ll dive into today’s best practices.

    2:15 pm
    (ISC)2 Chapter Meeting and Presentation
    • session level icon
    Discover Your Local Associations - Open to All Attendees
    speaker photo
    Board Member, (ISC)2 Eastern Massachusetts; President, CyberSN
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:15 pm
    Location / Room: 101

    Interested in your local associations? Join (ISC)2 for a social meet & greet and chapter news.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Being Risk Aware in Cloud Adoption
    • session level icon
    speaker photo
    Risk Consultant, Cloud Security Alliance working groups contributor
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 102

    In spite of the benefits to be realized in Cloud, organizations are uneasy about the risks. It is important for organizations to be risk-aware since the impact could easily pass on to the existing /future clients. How can organizations exploit the risk in order to successfully adopt cloud?

    3:00 pm
    Automate Security or Die
    • session level icon
    Survival of the Fittest
    speaker photo
    CISO, Steward Health Care
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 104

    Cyber-criminals have industrialized their operations, these highly organized professionals seek to shut your business down mere minutes after exploitation and demand ransoms optimized to your industry and size. Join Esmond Kane as he discusses the necessity to build an agile and adaptive next-generation Security Operations Center to disrupt these ruthless entrepreneurs and to leverage three key emerging technologies: workload optimization, mature threat intelligence and management, and infrastructure integration and orchestration.

    3:00 pm
    Common Crypto Pitfalls
    • session level icon
    Doing crypto right is easier than you might think.
    speaker photo
    PhD Candidate / Research Assistant, Northeastern University
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 110

    Today we use cryptography in almost everywhere. From surfing the web over https, to working remotely over ssh. In modern crypto we have all the building block to develop secure application. However, we see instances of insecure code everywhere. Most of these vulnerabilities are not because of theoretic shortcomings, but due to bad implementation or a flawed protocol design. Cryptography is a delicate art where nuances matter, and failure to comprehend the subtleties of these building blocks leads to critical vulnerabilities. To add insult to injury most of the resources available are either outdated or wrong, and inarguably, using bad crypto more dangerous than not using it. In this talk we look at examples from real world applications and the most common cryptographic pitfalls.

    3:00 pm
    Security & Privacy Considerations for System Decommissioning & Hosting Migration
    • session level icon
    speaker photo
    CISO, Massachusetts Bay Transportation Authority (MBTA)
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 111

    With the continued growth and trust in cloud-based infrastructure and software services, many organizations are looking to retire on-premise solutions or migrate them to the cloud. Scott will present the security and privacy oversight, planning, and monitoring required for any system decommissioning or hosting migration effort involving regulated data with a focus on data retention, system sanitization, cloud migration, continuous monitoring, regulatory compliance and leadership accountability practices.

    3:00 pm
    Panel: Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 103

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.

    3:00 pm
    SecureWorld PLUS Part 2 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 107

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    3:00 pm
    SecureWorld PLUS Part 2 - Security’s New Know: Strategic Skills for the Digital Age
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company
    speaker photo
    CIO, Mitchell College
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 108

    Security’s Dark Age is coming to an end. A sub-set of organizations has moved beyond the misunderstandings, stigmatizations, dysfunctional economics and toxic mindsets regarding the practice of security. A new age is upon us – an age that requires new thinking, new skills and new practices. This session – part Harvard MBA-in-a-box, part Amish barn raising and part therapy session features Futurist Thornton May and a faculty of local experts detailing what the positive path to the future might look like.

    3:00 pm
    [SecureWorld PLUS] Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 105

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    4:00 pm
    Happy Hour Reception
    • session level icon
    Join GuidePoint and Partners for post SecureWorld social hour.
    Registration Level:
    • session level iconOpen Sessions
    4:00 pm - 7:00 pm
    Location / Room: Kings Dining & Entertainment

    Join GuidePoint and Partners for a social hour after Day 1 of SecureWorld. Come discuss the day’s events, network with security peers, and enjoy beverages, hors d’oeuvres, entertainment, and prizes.
    Register Now

    Kings Dining & Entertainment
    50 Dalton St, Boston, MA 02115
    4-7 p.m.

    Compliments of GuidePoint Security and PAvilion Partners: Agari, Bitglass, Crowdstrike, Exabeam, Expanse, Forescout, Gemalto, Insights, Okta, OneLogin, SentinelOne, Signal Sciences, Splunk, Symantec, Tenable, Varonis, Cybereason, Venafi, Cylance, Digital Shadows, Kenna, Gigamon, Virtisec, Security Scorecard, PKware, Checkmarx, Skybox, Guardicore, Netskope, Thales, Demisto, Imperva, Spirion

    6:00 pm
    Happy Hour Reception
    • session level icon
    Join Brainbabe and your fellow security professionals for beverages and appetizers, and support the desexualization of conferences while bridging the cybersecurity talent gap.
    speaker photo
    Founder and CEO, CyberSN and Secure Diversity
    Registration Level:
    • session level iconOpen Sessions
    6:00 pm - 9:00 pm
    Location / Room: Foley & Lardner LLP 111 Huntington Avenue #Suite 2500 Boston, MA 02199

    Join your peers for complimentary hors d’oeuvres, beverages, and conversation following Day 1 of SecureWorld. This is a great opportunity to network with other security professionals from the Boston area, and to discuss how we can create diversity and inclusion in the cybersecurity and tech industries.

    Learn more about Brainbabe and how the STEAM-Conference connection is working to desexualize conferences and trade shows while bridging the cybersecurity talent gap by providing jobs for all genders to STEAM students. Deidre Diamond will discuss how you can get involved and help.

    The cybersecurity profession is comprised of only 11% women, less than 6% of top CEOs are women, and 53% of women leave the cybersecurity industry in under 10 years. Together we can change these statistics.

    Register for this event – Space is limited

  • Thursday, March 15, 2017
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    SecureWorld PLUS Part 3 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 107

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    8:00 am
    SecureWorld PLUS Part 3 - Security’s New Know: Strategic Skills for the Digital Age
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company
    speaker photo
    CEO, Cedalion Partners
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 108

    Security’s Dark Age is coming to an end. A sub-set of organizations has moved beyond the misunderstandings, stigmatizations, dysfunctional economics and toxic mindsets regarding the practice of security. A new age is upon us – an age that requires new thinking, new skills and new practices. This session – part Harvard MBA-in-a-box, part Amish barn raising and part therapy session features Futurist Thornton May and a faculty of local experts detailing what the positive path to the future might look like.

    8:00 am
    [SecureWorld PLUS] Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 105

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:30 am
    Increase Your EQ, Grow Your Career, and Enjoy It!
    • session level icon
    speaker photo
    Founder and CEO, CyberSN and Secure Diversity
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 104

    Our Intelligence Quotient (IQ) levels are pre-determined at birth, however, our Emotional Quotient (EQ) is capable of evolving over the course of our entire lives. Studies have shown that it is EQ, more than IQ, that determines success. We will study and discuss the components of EQ and explore some of the ways that we can emphasize and encourage the growth of EQ skills to improve the hiring and retention of cybersecurity professionals. Much like our technical hard skills our soft skills can be learned and must be fostered constantly.

    8:30 am
    How Many Documents Do I Need?!?!?!
    • session level icon
    speaker photo
    Director, Audit and Compliance, CipherTechs, Inc.
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 110

    All regulations and standards require policies, but never tell you what is needed for the enterprise. They do not specify the type of documents needed to meet requirements. Building a document architecture that reaches into the future that will bend and support the business into the future is relatively easy.

    8:30 am
    InfraGard Chapter Meeting - Open to all Attendees
    • session level icon
    Presentation: Implementing a ‘Zero Trust’ Approach for Securing Your Enterprise Environments
    speaker photo
    VP & CISO, BJ's Wholesale Club
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Keynote Theater

    Discover your local associations – join InfraGard for their chapter meeting and presentation.

    Zero Trust is an architectural model that guides security teams on how to apply Zero Trust tenants to address the modern threat landscape. The model advocates a holistic approach to information security and puts special focus on processes and technologies that secure your data, wherever it resides. The objective is to strengthen data security and obfuscation – to limit risk derived from excessive user privileges and access. Benefits also include improved security detection and response with analytics and automation. Understanding key concepts at a high level is one thing.  Properly implementing the model can be much more challenging. This presentation will therefore examine each of the requirements for adopting a Zero Trust model across the entire security stack. Key considerations as you plan your Zero Trust programs will be covered in detail along with the benefits of a platform versus fragmented approach to establishing a mature Zero Trust architecture.

    8:30 am
    Measuring Defense With Offense
    • session level icon
    Understand how to make ATT&CK actionable
    speaker photo
    Cybersecurity Engineer, MITRE
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 102

    Measuring Defense with Offense will outline how to effectively assess an organization or security product via a common framework – specifically the ATT&CK knowledge base and adversary emulation.

    8:30 am
    Vetting Your Vendors
    Understanding the “Chain of Control” of Data, Security Pitfalls in Third-Party Contracts and Service Agreements
    speaker photo
    Founding Partner & Owner, Fischer Law, LLC
    Registration Level:
    8:30 am - 9:15 am

    One of the most important considerations in cybersecurity does not involve your own direct network security; it involves your partners and vendors. In the world of cybersecurity, you are only as strong as the weakest link in your vendor chain. The ease, convenience and cost effectiveness of outsourcing certain business functions frequently overshadows the potential pitfalls lurking in using outside third-parties and vendors. This presentation will discuss the steps your organization needs to take to ensure that any partners or vendors with access to your network systems or company data are meeting (at least) a minimum level of security requirements.

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    OPENING KEYNOTE: The Evolving Role of CISOs and Their Importance to the Business
    • session level icon
    speaker photo
    Chairman and Founder, Ponemon Institute
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    What is a CISO and what do they do? As the leader of cyber defense for an organization, the CISO is rapidly becoming indispensable for an organization’s survival. This presentation is based on interviews with senior level IT professionals at 184 companies in seven countries. The goal of the research is to better understand how CISOs work, what their concerns are, and how they are improving their effectiveness in managing risks to the enterprise.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 109

    This session is for our Advisory Council / VIP only.

    11:15 am
    The Gosh Darn Privacy Regulation (GDPR)
    • session level icon
    speaker photo
    CISO & VP, Information Security & Risk Management, Bright Horizons
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 103

    What you don’t know can hurt you. If you process any personal information from the European Union, then you need to worry about the Gosh Darn Privacy Regulation (GDPR). If you think you do not? How sure are you about that?

    11:15 am
    Trials and Tribulations of Identity Access Management
    • session level icon
    Lock it down! Making sure access is granted only to those who need it without losing your mind.
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 102

    Logical security is a key aspect of securing our environments, however it’s also known as the low hanging fruit of issues companies are facing in 2018. This discussion will focus on outlining the various components of a well secured IAM program and where to start and baby steps to lock down your enterprise. We’ll also discuss various industry tools to help automate these processes.

    11:15 am
    Wombat: State of the Phish™ 2018: – What Your Peers Are Doing to Reduce Successful Phishing Attacks
    • session level icon
    speaker photo
    Chief Architect, Wombat Security, a division of Proofpoint
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 110

    Join Wombat Security Technologies’ Vice President of Marketing, Amy Baker, as she discusses key findings from the 2018 State of the Phish™ Report. In this session you will gain insight into current vulnerabilities, industry-specific phishing metrics, and emerging threats. This collection of data is taken from tens of millions of simulated phishing attacks sent through Wombat’s Security Education Platform over a 12-month period, responses from quarterly survey’s, and an international survey of working adults who were queried about social engineering threats and their cybersecurity behaviors.

    11:15 am
    It’s Not You, Job Searching is Broken!
    • session level icon
    Job seeking and hiring processes are broken, let’s solve this problem; it’s a matter of national security.
    speaker photo
    Founder and CEO, CyberSN and Secure Diversity
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 104

    Cybersecurity professionals know that most recruiters do not speak cybersecurity and it causes passive cyber job seekers to pass over job postings, exacerbating the problem! Job postings do not accurately reflect responsibilities or jobs functions. Our community continues to posts the same five descriptions when there are at least 35 different job categories.

    In this workshop Deidre Diamond (CyberSN Founder and CEO) will share tactics and advice for hiring and job searching in cybersecurity. Job seekers will be empowered to self-market, evaluate recruiters, ace interviews, and successfully negotiate salary and hiring managers will receive expert cybersecurity hiring advice.

    11:15 am
    IOvations/Check Point: Cloudy with a Chance of Breach
    • session level icon
    speaker photo
    Strategic Engineering Manager, Check Point Software Technologies, Inc.
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 111

    Lessons learned and takeaways from our 250 most recent incident response cases related to migration to the cloud.

    12:00 pm
    Advisory Council Roundtable Lunch (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 109

    Moderated discussion for SecureWorld Advisory Council members. By invite only.

    12:15 pm
    [LUNCH KEYNOTE] Radware: The 10 Immutable Security Facts for 2020
    • session level icon
    speaker photo
    Security Evangelist, North America, Radware
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    A presentation of top 10 security facts that will disrupt established application and infrastructure security practices. A discussion centered around questions everyone is or should be asking in 2020:

    • What is the attack surface of the public cloud?
    • Why are NIDs, HIDs, and flow collectors not adapted for cloud based infrastructure and applications?
    • How to protect APIs and cloud native applications running in dynamic, end-to-end encrypted service meshes?
    • What is Next Gen WAF and when should I consider it?
    • What are automated threats and how to protect against the 4th generation bots?
    • Is deep learning an inexorable technology as attackers get automated and attacks more sophisticated?
    • What will be the impact of 5G on application security and availability?

    Presentation outline
    A top 10 is subjective in nature, but it wasn’t just pulled out of thin air. The 10 facts are based on trends in recent threats, my own security research, and discussions with CISOs and security leaders.

    The Top 10 security facts for 2019/2020:

    1. The Attack Surface of the Public Cloud is defined by Permissions
    2. The Insider thread of the Public Cloud is the Outsider
    3. HIDs, NIDs, and Flow Collectors are pointless for Securing Cloud-based Applications
    4. WAF does not keep up with Cloud Native Applications
    5. East-West Traffic is getting Encrypted
    6. Attackers are getting Automated
    7. Attacks are getting more Sophisticated
    8. APIs are the new Front-end
    9. Machine and Deep Learning become essential for Threat Detection
    10. 5G will fuel the next IoT Explosion

    Starting the discussion with an overview of the current threat landscape, illustrating with real-world incidents in following categories:

    1. Cloud infrastructure abuse
    2. Data breaches through publicly exposed S3 buckets
    3. Ransom of poorly secured cloud data services
    4. Cloud Infrastructure owning and wiping
    5. Cloudification of DDoS attacks
    6. Automated threats

    A quick run through of the top 10 security facts.

    The rest of the discussion will lead to the 10 facts and is organized in 4 chapters, each centering around a top of mind topic:

    1. Migrating to the cloud
    2. Cloud Native Applications
    3. Automated Threats
    4. 5G/IoT Intersection

    Each chapter is summarized with the top security facts that were demonstrated throughout the discussion

     

    1:15 pm
    Panel: Access Control – The End of the Password?
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    “Open Sesame!” Whether you recognize the term coming from Ali Baba or one of the forty thieves, this timeless password ranks up there with “password123” or “admin” on your home wireless router. Passwords were created to keep us safe or keep something safe for us. Back in the day you were able to look the person in the eye when they said the password. You knew (roughly) what you were getting, and you could perform a risk assessment (of sorts) on the speaker. Now, with some many ways at getting our information, the password is going the way of the dodo.  Is 2FA good enough? Zero Trust? Pass phrases? Perhaps your own voice is the password? I don’t know the answer, but I’d be willing to bet that some of the experts on this panel will be able to help you decide what to do with the password dilemma.

    1:15 pm
    Panel: The Battle for the Endpoint Continues (Endpoint Security)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 103

    What are you doing to keep the network safe for your employees? You’ve got your fancy next-gen firewall and some A/V, maybe even some biometrics or 2FA thrown in for safekeeping. We also keep hearing the IAM acronym thrown around. And what is Zero Trust? What are you missing? Oh, yeah… remote workers and IoT. Wouldn’t it be cool if you had someone to ask? Now you do. This panel will go through these questions and more. Join the group discussion as we address the challenges in endpoint and network security.

    1:15 pm
    Arbor Networks: Your DDoS Opportunity
    • session level icon
    speaker photo
    Sr. Partner, Consulting Engineer, Arbor Networks
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 104

    The nature of cybersecurity risk is constantly an unknown, or an approximation at best. With the possibility of DDoS as a smoke screen for a more damaging attack, businesses can no longer consider DDoS attacks as isolated or harmless events. DDoS attacks that coincide with network intrusion attempts, false logs, planted malware, and other indicators of compromise are not coincidental or accidental. Instead, businesses must consider a DDoS attack to be a sign of true danger.

    1:15 pm
    Trend Micro: Preparing Your Business for GDPR Compliance
    • session level icon
    speaker photo
    VP, Infrastructure Strategies, Trend Micro
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm
    Location / Room: 102

    The EU General Data Protection Regulation will soon be in effect for all businesses with access to the personal data of EU citizens. Join William Malik as he explores the concept of privacy and how its evolution has been spurred by technological disruptions throughout modern history. Examine key highlights in the journey of GDPR preparation – including assessing organizational risks, tackling high-volume data sources, designing a remediation strategy and leveraging your successes to build your brand and reputation. Special attention must be paid to the implications of GDPR on blockchain deployments, as well.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Parenting in the Digital Age: What’s New, What’s Now, What’s Next?
    • session level icon
    speaker photo
    CEO, KL Greer Consulting, Featured on: CNN, The O'Reilly Factor, Inside Edition, The Huffington Post, TIME Magazine, USA Today and more
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 103

    Studies show that kids ages 8-18 are spending an average of 7.5 hours a day in front of some screen. Today, working with and keeping our youth safe means being constantly aware of what they’re doing online. Discover and learn about the latest trends in social media and digital safety, along with how to facilitate a healthy relationship with technology.

    3:00 pm
    Medical Device Cybersecurity
    • session level icon
    Practical information on the evolving medical device cybersecurity ecosystem
    speaker photo
    Sr. Principal Cybersecurity Engineer, MITRE
    speaker photo
    Sr. Principal Scientist, MITRE
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 102

    The recent escalation of cyber-attacks and the potential for combined cyber and physical attacks means the healthcare industry must better secure itself. We’ll describe “whole of community” approaches to medical device vulnerability management and proactively developing regional plans that integrate cyber into overall emergency preparedness and response.

    3:00 pm
    Terrorism – What the Average Citizen Should Know
    • session level icon
    speaker photo
    CIO & CISO, BTE Partners
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 104

    This presentation will look at understanding terrorist networks and why these individuals are so hard to find.

    3:00 pm
    We Only Have One Job
    • session level icon
    A lighter presentation of the serious issues we encounter every day.
    speaker photo
    CISO, Cyber Guide LLC
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 110

    Everything is so serious about Information/Cyber Security but there are times we just need to Laugh.
    A lighter presentation of the serious issues we encounter everyday.

Exhibitors
  • A10 Networks
    Booth: 144

    A10 Networks (NYSE: ATEN) is a Secure Application Services™ company, providing a range of high-performance application networking solutions that help organizations ensure that their data center applications and networks remain highly available, accelerated and secure.

  • AccessIT Group + Check Point
    Booth: 333

    AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.

    AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.

  • ARMA Boston
    Booth: 378

    ARMA International is a not-for-profit organization representing the RIM profession. Its primary purpose is the advancement of the profession and the professional through advocacy, education and professional development.

    ARMA International members include records and information managers, MIS and ADP professionals, imaging specialists, archivists, hospital administrators, legal administrators, librarians, corporate counsel, compliance professionals, and educators. ARMA, its chapters, and its members are dedicated to helping individuals, organizations, and government agencies successfully meet the challenges of the increasingly complex records and information management field.

  • ACP – Greater Boston
    Booth: 376

    ACP is a professional organization that provides a forum for the exchange of information and experiences for business continuity leaders. We serve the greater Boston area, including Rhode Island and southern New Hampshire. Meetings are held on the second Wednesday of every month (except July & August). We invite you to attend our next meeting.

  • Alert Logic
    Booth: 450

    Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.

  • Anomali
    Booth: 116

    Anomali delivers earlier detection and identification of adversaries in your organizations network by making it possible to correlate tens of millions of threat indicators against your real time network activity logs and up to a year or more of forensic log data. Anomali’s approach enables detection at every point along the kill chain, making it possible to mitigate threats before material damage to your organization has occurred.

  • Arctic Wolf Networks
    Booth: 396

    Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOC™ service is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting, and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit  https://www.arcticwolf.com.

  • HPE Aruba Networking
    Booth: 322

    At Aruba, a Hewlett Packard Enterprise company, we believe the most dynamic customer experiences happen at the Edge—an office, a hospital, a school, or at home. It’s anyplace work gets done and data is generated by users, devices, and things across your network. Our mission is to help customers capitalize on these opportunities by providing secure edge-to-cloud networking solutions. We use AI-based machine learning to deliver simpler, faster, and more automated networks that analyze data to help businesses thrive.

  • ASIS
    Booth:

    ASIS International is the world’s largest membership association for security professionals. With hundreds of chapters across the globe, ASIS is recognized as the premier source for learning, networking, standards, and research. ASIS ensures its members and the security community have access to the intelligence and resources necessary to protect their people, property, and information assets. www.asisonline.org

  • baramundi software USA, Inc.
    Booth: 330

    baramundi Software provides companies and organizations with efficient, secure, and cross-platform management of workstation environments.

    The baramundi Management Suite (bMS) combines all important features for Endpoint Management: Patch Management, Software Deployment, OS-Installation, Enterprise Mobility Management, Vulnerability Assessment, and more. bMS optimizes IT management processes by automating routine tasks and providing an extensive overview of the status of the network and endpoints. In doing so, it relieves pressure on IT administrators and ensures that users always have the necessary rights and applications on all platforms and form factors; whether on PCs, servers, notebooks, mobile devices or Macs.

    Over 3,000 customers around the world benefit from nearly two decades of experience and the easy-to-use software solution.

  • Barkly
    Booth: 354

    Barkly is advancing endpoint security with the strongest, smartest protection delivered with simplicity. The Barkly Endpoint Protection Platform provides multi-vector attack blocking for exploits, scripts, executables, ransomware, and more, and has visibility into all levels of the system, including the CPU. Barkly is formed by an elite team of security and SaaS experts from IBM, Cisco, and Intel, backed by investors NEA and Sigma Prime, and independently certified for anti-virus replacement, HIPAA, PCI DSS & NIST. Learn more by visiting us at www.barkly.com, or follow us on Twitter @BarklyProtects.

  • Bay Pay Forum
    Booth: TBD

    The BayPay Forum, a Silicon Valley-based international network composed of over 14,000 payment and commerce executives, entrepreneurs and investors from thousands of different companies, serves as a forum to connect members in identifying and understanding the emerging trends and innovations in the industry.

  • Big Switch Networks
    Booth: 360

    Big Switch Networks is the next-gen networking company. Big Monitoring Fabric is an NPB that enables pervasive visibility and security across all workloads: physical, VM , container or cloud. Big Mon Inline enables pervasive security in the DMZ while offering lower-cost and SDN-centric operational simplicity. Tech partnerships include: A10, Palo Alto Networks, Symantec, FireEye, ExtraHop, Riverbed.

  • Binary Defense
    Booth: 316

    Binary Defense is a managed security services provider and software developer with leading cybersecurity solutions that include SOC-as-a-Service, Managed Detection & Response, Security Information & Event Management, Threat Hunting and Counterintelligence. Binary Defense believes its unique approach resolves infosec’s biggest challenges such as limited in-house security expertise, lack of innovative resources and the significant budgetary and time investment required to ensure protection from today’s threats.

  • BitSight
    Booth: 119

    BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog, or follow @BitSight on X.

  • BOMGAR
    Booth: 510

    Bomgar offers the most secure remote access and support technology on the planet. Each encrypted connection is outbound, so you can connect without VPN or firewall changes. You can leverage Active Directory and LDAPS to manage authentication, require multi-factor authentication, define more than 50 permissions for technicians and privileged users, and capture a detailed audit log of every remote connection.

  • Secure Diversity
    Booth: 432

    Seecure Diversity is an innovative non-profit organization with leaders that think out of the box who have created strategies & solutions in placing qualified women and underrepresented humans into cybersecurity roles. We foster gender diversity, equity, and inclusion in the cybersecurity industry through conferences, networking, mentoring, professional development, and community outreach. One of our primary goals is to raise awareness and increase the number of women and underrepresented humans in the cybersecurity workforce. Founded in 2015 by Deidre Diamond; our mission is the equal representation of women and men in the cybersecurity workforce by engaging and collaborating with organizations and businesses to improve the recruitment and retention of women; utilize marketing and social media platforms to raise awareness of women in cybersecurity careers; remove cybersecurity institutional barriers and innovate new strategies to leverage existing resources.

  • Brinqa
    Booth: 420

    Brinqa is a leading provider of unified risk management – enabling stakeholders, governance organizations, and infrastructure and security teams to effectively manage technology risk at the speed of business. Brinqa software and cloud services leverage an organization’s existing investment in systems, security, and governance programs to identify, measure, manage and monitor risk. With Brinqa, organizations are reducing response time to emerging threats, impact to business, and technology risk and compliance costs by over 50% through real-time risk analytics, automated risk assessments, prioritized remediation, actionable insights and improved communication.

  • Bugcrowd Inc.
    Booth: 452

    By combining the world’s most experienced team of bounty experts and the market’s only enterprise-grade bug bounty platform, Bugcrowd connects organizations to a global crowd of trusted security researchers to identify vulnerabilities—before the  adversaries do.

  • CA Technologies
    Booth: 160

    CA Technologies helps customers succeed in a future where every business— from apparel to energy— is being rewritten by software. With CA software at the center of their IT strategy, organizations can leverage the technology that changes the way we live— from the data center to the mobile device.

    Our business management software and solutions help our customers thrive in the new application economy by delivering the means to deploy, monitor and secure their applications and infrastructure. Our goal is to help organizations develop applications and experiences that excite and engage and, in turn, open up money-making opportunities for their businesses.

  • Carbon Black
    Booth: 320

    Carbon Black is Transforming Security Through Big Data and Analytics in the Cloud Growing trends in mobility and cloud have made the endpoint the new perimeter. New and emerging attacks are beating traditional defenses, and security teams are too reactive and held back by their technologies. Carbon Black is leveraging the power of big data and analytics to solve the challenges surrounding endpoint security. With the Cb Predictive Security Cloud platform, we are transforming cybersecurity to deliver a new generation of cloud-delivered security solutions designed to protect against the most advanced threats.

     

  • Cayden Security
    Booth: 603

    Cayden Security is a cybersecurity, IT risk management and compliance solutions provider with over 13 years of experience and partnerships. We provide cybersecurity products and consulting, as well as turnkey managed security services for third-party risk. We focus on your cybersecurity, IT risk management and compliance needs, so you can focus on your business.

  • Centrify
    Booth: 380

    Centrify provides unified identity management across data center, cloud and mobile environments. Centrify software and cloud-based Identity-as-a-Service (IDaaS) solutions leverage an organization’s existing identity infrastructure to enable single sign-on, multi-factor authentication, privileged identity management, auditing for compliance and mobile device management.
    Centrify customers can typically reduce their total cost of identity management and compliance by more than 50 percent.

  • Cloud Security Alliance (CSA)
    Booth:

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • CIOReview
    Booth: TBD

    CIOReview is a technology magazine that talks about the enterprise solutions that can redefine the business goals of enterprises tomorrow. It is the leading source that shares innovative enterprise solutions developed by established solutions providers, upcoming hot enterprises and is a neutral source for technology decision makers. Published from Fremont, California, CIOReview is an excellent platform for the enterprise to showcase their innovative solutions.

  • CrowdStrike
    Booth: 114

    CrowdStrike sets the standard for cybersecurity in the cloud era. The CrowdStrike Falcon® platform protects and enables the people, processes, and technologies that drive modern enterprise, delivering superior protection, better performance, reduced complexity, and immediate time-to-value. CrowdStrike secures the most critical areas of enterprise risk—endpoints and cloud workloads, identity, and data—to keep organizations ahead of today’s adversaries and stop breaches.

  • CSPi
    Booth: 334

    At CSPi we are committed to helping our customers meet some of computing’s most demanding performance, availability and security challenges.

    Today’s security teams receive a great deal of real-time information and intrusion alerts, generated from their security equipment and tools; yet, the volumes of data make it make it nearly impossible for incident response teams to validate a data breach. With our Myricom nVoy Series solution we offer our customers a new approach to cyber threat identification and investigation – a rapid breach response solution that identifies alerts associated with a specific asset and provides an extraction of the entire set of conversations associated with that breach.This detailed data is crucial in performing timely and accurate analysis needed to comply with data-privacy regulations such as GDPR, PCI DSS, HIPPA, SOX, and 48 different U.S. state laws related to PII.

  • CyberArk Software
    Booth: 324

    CyberArk (NASDAQ: CYBR) is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including 50 percent of the Fortune 500, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.

  • Cybereason
    Booth: 166

    Cybereason was founded in 2012 by a team of ex-military cybersecurity experts with the mission of detecting and responding to complex cyber-attacks in real time. Cybereason is the only Endpoint Detection and Response platform deployed in user space that detects both known and unknown attacks and connects isolated indicators of compromise to form a complete, contextual attack story. Cybereason’s behavioral analytics engine continuously hunts for adversaries and reveals the timeline, root cause, adversarial activity, related communication and affected endpoints and users of every attack. Cybereason provides security teams with actionable data, enabling fast decision making and proper response.

  • CyberSaint
    Booth: 119

    CyberSaint Security helps organizations streamline cybersecurity risk and compliance through its automated, intelligent integrated risk management platform. Based in Boston, Massachusetts, our team’s intellectual DNA winds deeply through leading academic, tech and investment communities, the White House, RSA, IBM, EMC, KPMG, MIT, Harvard, and more. With CyberStrong, CISOs’ cybersecurity programs are as actionable and measurable as any other business function, and security and business leaders align to build cybersecurity resilience and boost productivity. Our mission is to empower organizations to manage cybersecurity as a business function through the adoption of powerful technology that enables measurement, enhances communication and improves resiliency.

  • Cylance
    Booth: 146

    Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.

  • Darktrace
    Booth: 312

    Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.

    The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.

  • Delta Risk
    Booth: 130

    Delta Risk is breaking the mold for managed security, delivering Security Operations Center (SOC)-as-a-Service and security services that bridge the gap to a modern security approach. We enable any size organization to leverage our expert security operations team and respond to endpoint, network, and cloud security threats 24×7. ActiveEye, our proprietary platform, uses Security Orchestration Automation and Response (SOAR) to cut through the noise and address the most critical threats faster. The ActiveEye Portal is the cornerstone of our customer-centric approach, providing clients a transparent view into SOC activities and Key Performance Indicators (KPIs) that demonstrate the value of our co-managed security approach.

  • Demisto
    Booth: 337

    Demisto is the only Security Orchestration, Automation and Response (SOAR) Platform that combines orchestration, incident management and interactive investigation into a seamless experience. By using Demisto, security teams can build future-proof security operations to reduce MTTR, create consistent incident management processes, and increase analyst productivity.

  • Digital Guardian
    Booth: 381

    Digital Guardian provides the industry’s only threat aware data protection platform that is purpose built to stop data theft from insiders and outside adversaries. The Digital Guardian platform performs across the corporate network, traditional endpoints, mobile devices and cloud applications and is buttressed by a big data security analytics cloud service, to make it easier to see and block all threats to sensitive information.

  • Digital Shadows
    Booth: 152

    Digital Shadows monitors and manages an organization’s digital risk, providing relevant threat intelligence across the widest range of data sources within the open, deep, and dark web to protect their brand, and reputation.

  • Duo
    Booth: 150

    Duo was founded with the belief that security can only be effective if it is easy to use. Through that vision, Duo has built a world-class security platform that is actually enjoyable to use. Duo supports thousands of customers and millions of users in organizations like Accenture, Boston Medical, Emblem Health, Facebook, Toyota, Twitter, Virginia Tech, Yelp and others, and enjoys the highest NPS score in the industry.

  • EC-Council
    Booth: TBD

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Endgame
    Booth: 372

    Organizations spent $75 billion on security last year, yet they still face breaches at an alarming rate. Endgame exists to transform that paradigm and not accept breaches as the status quo.

    To solve these challenges, we can’t apply the same people, processes and technology and expect different results.

    We bring to bear the best across enterprise tech, security domain expertise, data science, user experience, and academia to challenge the industry-standard of what makes a good security product.

    That’s what we’re doing everyday at Endgame.

  • enSilo
    Booth: 374

    enSilo protects businesses around the world from data breaches and disruption caused by cyber attacks. The enSilo Endpoint Security Platform comprehensively secures endpoints in real-time pre- and post-infection without alert fatigue, excessive dwell time or breach anxiety while also containing incident response costs by orchestrating automated detection, prevention and incident response actions against advanced malware. enSilo’s patented approach stops advanced malware with a high degree of precision, provides full system visibility and an intuitive user interface and combines next-generation antivirus (NGAV), application communication control, automated endpoint detection and response (EDR) with real-time blocking, threat hunting, incident response, and virtual patching capabilities in a single agent. The platform can be deployed either in the cloud or on-premises and supports multi-tenancy.

  • Envision Technology Advisors
    Booth: 384

    Envision Technology Advisors is a business and technology consultancy specializing in Digital Transformation, Cybersecurity, Business Continuity, Infrastructure Consulting, Web Design and Development, and much more. With offices in Rhode Island and the Boston area, Envision serves clients throughout New England and beyond.

  • Exabeam
    Booth: 124

    Exabeam is a global cybersecurity leader that adds intelligence to every IT and security stack. The leader in Next-gen SIEM and XDR, Exabeam is reinventing the way security teams use analytics and automation to solve Threat Detection, Investigation, and Response (TDIR), from common security threats to the most critical that are difficult to identify. Exabeam offers a comprehensive cloud-delivered solution that leverages machine learning and automation using a prescriptive, outcomes-based approach to TDIR. We design and build products to help security teams detect external threats, compromised users and malicious adversaries, minimize false positives and best protect their organizations.

  • Extreme Networks
    Booth: 418

    Extreme Networks delivers software-driven networking solutions that help IT departments everywhere deliver the ultimate business outcome: stronger connections with customers, partners and employees. Wired to wireless, desktop to data center, on premise or through the cloud, we go to extreme measures for our customers, delivering 100% insourced call-in technical support.

  • Fidelis Cybersecurity
    Booth: 339

    Fidelis Cybersecurity is a leading provider of threat detection, hunting and response solutions. Fidelis combats the full spectrum of cyber-crime, data theft and espionage by providing full visibility across hybrid cloud / on-prem environments, automating threat and data theft detection, empowering threat hunting and optimizing incident response with context, speed and accuracy.

    By integrating bi-directional network traffic analysis across your cloud and internal networks with email, web, endpoint detection and response, and automated deception technology, the Fidelis Elevate platform captures rich metadata and content that enables real-time and retrospective analysis, giving security teams the platform to effectively hunt for threats in their environment. Fidelis solutions are delivered as standalone products, an integrated platform, or as a 24×7 Managed Detection and Response service that augments existing security operations and incident response capabilities. Fidelis is trusted by Global 1000s and Governments as their last line of defense. Get in the hunt. For more information go to www.fidelissecurity.com.

  • FireEye
    Booth: 106

    FireEye (https://www.fireeye.com/) is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 7,100 customers across 67 countries, including more than 45 percent of the Forbes Global 2000.

  • Forcepoint
    Booth: 118

    Forcepoint is transforming cybersecurity by focusing on what matters most: people’s behavior as they interact with critical data and systems. Forcepoint behavior-based solutions adapt to risk in real time and are delivered via a converged security platform, protecting the human point for thousands of enterprise and government customers. Our solutions include Cloud Security, Network Security, Data & Insider Threat Security.

  • ForeScout Technologies, Inc.
    Booth: 162

    ForeScout Technologies, Inc. has pioneered an agentless approach to network security to address the explosive growth of the Internet of Things (IoT), cloud computing and operational technologies (OT). We offer a highly scalable, heterogeneous platform that provides Global 2000 enterprises and government agencies with agentless visibility and control of today’s vast array of physical and virtual devices the instant they connect to the network. Our technology continuously assesses, remediates and monitors devices and works with disparate security tools to help accelerate incident response, break down silos, automate workflows and optimize existing investments. As of June 30, 2018, more than 2,900 customers in over 80 countries improve their network security and compliance posture with ForeScout solutions.

  • Fortinet
    Booth: 104

    Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.

  • Garland Technology
    Booth: 119

    Garland Technology provides the foundation to network visibility with a range of network TAPs and packet brokers. Our products deliver effective physical layer access for in-line and out-of-band monitoring solutions providing you access and visibility to see every bit, byte, and packetⓇ.Let us design your visibility plane, connecting your network and security tools.

  • Gemalto
    Booth: 148

    Today’s enterprises depend on the cloud, data and software to make decisive decisions. That’s why the most respected brands and largest organizations in the world rely on Thales to help them protect their most sensitive information and software wherever it is created, accessed or stored – from the cloud and data centers to devices and across networks. As the global leader in cloud and data protection, our solutions enable organizations to move to the cloud securely, achieve compliance with confidence, and create more value from their software in the devices and services used by millions of consumers every day.

  • Gemini Data
    Booth: 108

    Gemini provides Continuous Data Analysis. We translate data into knowledge using machine reasoning. With Gemini Enterprise, gain enterprise knowledge and awareness, focus on AI-powered analysis, and simplify management of big data platforms. Designed for modern architectures, Gemini Enterprise reduces complexity in the cloud or on premises. Gemini Data was founded and built by experts from Splunk, ArcSight, and RSA that understand the importance of building awareness across the enterprise. Find more information at geminidata.com or follow us on Twitter @geminidataco.

  • Gigamon
    Booth: 394

    Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com. 

  • GreatHorn
    Booth: 356

    GreatHorn is the leading next generation email security platform that protects organizations using Office 365 and G Suite from advanced threats, including targeted phishing attacks, business email compromise, malware and ransomware. Cloud native and built on machine learning and automation, GreatHorn delivers the industry’s most effective email security solution.

  • Global Cyber Alliance
    Booth:

    The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

  • GuidePoint Security LLC
    Booth: 118

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

  • HTCIA
    Booth: 602

    Investigators on the Leading Edge of Technology

    The High Technology Crime Investigation Association (HTCIA) was formed to provide education and collaboration to our global members for the prevention and investigation of high tech crimes. As such, we are an organization that aspires to help all those in the high technology field by providing extensive information, education, collective partnerships, mutual member benefits, astute board leadership and professional management. Association Mission: Provide education and collaboration to our global members for the prevention and investigation of high tech crimes.

  • HUB Tech
    Booth: 126

    HUB Tech partners with its clients becoming part of their support team. We work beside you to ensure you have a strategy that allows you to transform your Information infrastructure to keep up with the needs of your organization and your users. We have developed proprietary tools and strategies that have enabled us to lower cost and increase the quality of service to our client base, especially to state agencies, municipalities and school districts, where cost is a deciding factor in everyday decision making.

    Our mission is simple – to take full ownership for all that we do, to protect those who trust in us, and to make lifelong clients from every customer contact.

  • IBM Resilient
    Booth: 182

    In an industry focused on building walls, IBM Security is focused on creating an open, connected security ecosystem that leverages AI, cloud, orchestration and collaboration to help clients improve compliance, stop threats and grow their businesses securely. Our strategy reflects our belief that today’s defenses will not suffice tomorrow. It challenges us to approach our work, support our clients and lead the industry, allowing you to be fearless in the face of cyber uncertainty.

  • Institute of Internal Auditors (IIA)
    Booth:

    Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.

  • InfraGard Boston
    Booth:

    InfraGard is a United States government (FBI) and private sector alliance. InfraGard Boston was developed by the Boston FBI office in 1998 to promote protection of critical information systems. InfraGard provides formal and informal channels for the exchange of information about infrastructure threats and vulnerabilities. The purpose of the synergistic exchange is to allow members to better protect themselves and their corporate interests while enhancing the ability of the United States government to provide national security.

  • Integration Partners
    Booth: 406

    We know and understand you have options when choosing the right partner. Networking technology alone isn’t a differentiator, it’s how we do business with you. We’ve curated the best solutions not just to support IT needs, but to support your business strategy. Our culture is one that influences the customer experience. We never stop improving, and so we will never let you fall behind. From this simple and often overlooked practice, we believe the greatest customer relationships come from our mutual and shared strategies. Now just think… WHAT’S POSSIBLE.

  • IntraSystems
    Booth: 408

    IntraSystems is a highly respected IT consulting company, managed services provider, and systems integrator that specializes in the deployment and delivery of IT infrastructure, virtualization services, security, and cloud solutions. IntraSystems has the proven expertise in solving the many technology challenges that companies face today, such as keeping up with the evolving security landscape, migrating to the cloud, and compliance requirements.

  • IntSights
    Booth: 110

    IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the open, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world.

  • iovation
    Booth: 310

    iovation protects online businesses and their end users against fraud and abuse, and identifies trustworthy customers through a combination of advanced device identification, shared device reputation, device-based authentication and real-time risk evaluation. More than 3,500 fraud managers representing global retail, financial services, insurance, social network, gaming and other companies leverage iovation’s database of billions of Internet devices and the relationships between them to determine the level of risk associated with online transactions. The company’s device reputation database is the world’s largest, used to protect 15 million transactions and stop an average of 300,000 fraudulent activities every day. The world’s foremost fraud experts share intelligence, cybercrime tips and online fraud prevention techniques in iovation’s Fraud Force Community, an exclusive virtual crime-fighting network.

  • IOvations
    Booth: 376

    IOvations, founded in 2006, is a value added reseller focused on protecting the data, infrastructure and applications of our customers through a combination of services and products that extend to the end point, traditional network and cloud environment.  Some of the things that make us unique include multiple industry awards, a long history of working with clients who appreciate how easy we are to work with, and our strong engineering expertise providing value and thought leadership.

  • iRobot
    Booth: 602

    iRobot, the leading global consumer robot company, designs and builds robots that empower people to do more both inside and outside of the home. iRobot’s products, including the award-winning Roomba® Vacuuming Robot and the Braava® family of mopping robots, have been welcomed into millions of homes around the world and are hard at work every day helping people to get more done.

  • ISACA
    Booth: 392

    As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

  • ISC2
    Booth: 390

    ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, ISC2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation, The Center for Cyber Safety and Education™.

  • ISSA New England
    Booth: 374

    The Information Systems Security Association (ISSA) is an international organization providing educational forums, publications, and peer interaction opportunities that enhance the knowledge, skills, and professional growth of its members’ information security professionals. The primary goal of ISSA is to promote management practices that will ensure availability, integrity, and confidentiality of organizational resources.

    Since its inception in 1982, ISSA’s membership has grown to include more than 100 chapters around the world with members who represent a diverse collection of organizations, including major U.S. and international corporations, leading consulting firms, world-class educational institutions, and government agencies. From EDP audit and corporate security to contingency planning and disaster recovery, ISSA members are committed to protecting their organizations’ assets and resources.

    Visit the National Headquarter’s website at www.issa.org.

  • Ixia, a Keysight Business
    Booth: 404

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Jask
    Booth: 186

    JASK was founded in 2016 and is headed by industry leaders with decades of experience solving real-world SOC issues.

    With a mission to address the security gaps that restrict security modernization efforts, JASK’s world-class engineering and data science teams apply decades of hands-on experience to drive advancements in autonomous SOC technology.

    Backed by Battery Ventures, Dell Technology Ventures, TenEleven and Vertical Venture Partners, JASK is modernizing SOC operations for companies across the financial services, telecommunications, healthcare and government industries.

  • Jazz Networks
    Booth: 412

    Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.

  • Juniper
    Booth: 128

    Our customers don’t set out to build networks. They build on ideas that reinvent, reimagine, and improve the world around them. It makes sense that we should begin there, too.

    Through our passion for creating high-performing networks, Juniper extends knowledge, collaboration, and human advancement in industries around the world—such as energy, healthcare, education, and many others.

    While our innovative product and services portfolio evolves continuously, we need to reach farther to secure our customers’ long-term success. We’re looking beyond the horizons of today’s business challenges, and the technology future we see is built on real-time service integration. That means everything we develop must align with our vision.

  • Kaspersky
    Booth: 421

    We’re an independent global cybersecurity company that empowers people to make the most of technology and the endless opportunities it brings. Backed by our deep threat intelligence, security and training expertise, we give businesses the power to stay safe—and the confidence to accelerate their own success. With insights gained from our unique international reach, we secure consumers, governments and more than 270,000 organizations. We’re proud to be the world’s most tested and awarded cybersecurity, and we look forward to keeping your business safe. Bring on the future.

  • Lastline
    Booth: 189

    Lastline delivers innovative AI-powered network security that detects and defeats advanced threats entering or operating within a network. We protect network, email, cloud, and web infrastructures, minimizing the risk of damaging and costly data breaches with fewer resources and at lower cost.

  • LastPass
    Booth: 132

    LastPass is an award-winning password manager helping millions organize and protect their online lives, at home and at work. For businesses of all sizes, LastPass provides secure password storage and centralized admin oversight to reduce the risk of data breaches and remove password obstacles for employees. With customizable policies, secure password sharing, and comprehensive user management, LastPass gives IT the tools to strengthen password hygiene across the organization. Founded in 2008, LastPass is a product of LogMeIn (NASDAQ:LOGM).

  • Military Cyber Professionals Association (MCPA)
    Booth: 371

    The Military Cyber Professionals Association is dedicated to developing the American military cyber profession and investing in our nation’s future through STEM education. We are working towards an American military cyber profession that is accomplishing what our nation needs, expects, and deserves. Our goal is to secure cyberspace for military, economic, and private individual pursuits.

  • Menlo Security
    Booth: 142

    The Menlo Security approach delivers 100% safety via isolation — stopping the never-ending search for risky content, while delivering a seamless end-user experience. Deployed in a public or private cloud, the Menlo Security Isolation Platform reduces security complexity and increases scale by eliminating end-point software and out-dated appliances.

  • Mimecast
    Booth: 342

    Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.

  • Booth: TBD
  • Netanium
    Booth: 119

    Netanium is a trusted, Information Security consultant and solution provider, focused on helping organizations to overcome resource constraints & streamline their evolving security programs.
    Netanium works with organizations to streamline the technologies and processes that best fits its current infrastructure, resources, and security strategy. Netanium has over 15 years of experience focused on data management and managing cybersecurity risk.

  • NETSCOUT Arbor
    Booth: 368

    For 15 years, the world’s leading network operators across ISP, cloud and enterprise markets have relied on NETSCOUT Arbor for traffic visibility, advanced threat detection and DDoS mitigation. Through a combination of market-leading technology, elite security research, intuitive workflows and powerful data visualizations, NETSCOUT Arbor allows you to efficiently connect the dots to understand attack activity and to take action with confidence. See the threat, understand the risk and protect your business with NETSCOUT Arbor.

  • Netskope
    Booth: 122

    The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.

  • Nexum
    Booth: 508

    Nexum, Inc. is a cybersecurity and networking company that builds and secures global networks for organizations across multiple verticals around the world. In addition to its Chicago headquarters, Nexum has sales, training and support presence in Kentucky, Michigan, New Hampshire, Ohio, and Wisconsin, as well as the Security and Network Operations Command Centers (SNOCC) in New Mexico and Illinois.

  • Optiv
    Booth: 411

    Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.

  • PKWARE
    Booth: 603

    PKWARE protects the world’s data with smart encryption software and solutions. In use by more than 35,000 customers, including government agencies and global corporations, PKWARE’s easy-to-use security armors data itself and eliminates vulnerabilities wherever data is used, shared or stored.

    PKWARE offers the only data discovery and protection solution that locates and secures sensitive data to minimize organizational risks and costs, regardless of device or environment. Our software enables visibility and control of personal data, even in complex environments, making PKWARE a global leader in data discovery, security, and compliance.

  • Proofpoint
    Booth: 350

    Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.

    Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.

  • Qualys, Inc.
    Booth: 340

    Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 120 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

  • Radware
    Booth: 328

    Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.

  • Rapid7
    Booth: 332

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • Red River
    Booth: 314

    Red River’s Security Practice has nearly 20 years of experience helping federal and enterprise customers strengthen their security stance with strategically-integrated data- and network-centric physical and cyber security solutions designed to protect critical assets, enable situational awareness and simplify security management. We not only hold the coveted Cisco Master Security Specialization, but our highly-certified experts use a balanced approach that blends leading-edge technology, systems, policies and proven processes to deliver secure, effective solutions that offer complete protection and long-term value to our customers.

  • Recorded Future
    Booth: 186

    Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.

  • Resolve Systems
    Booth: 507

    Resolve Systems was founded by individuals with extensive experience in working with IT Operations, Security Operations, Network Operations and Customer Care. We are convinced that these teams need a more holistic and systematic approach for applying automation in a broad way to all incident resolution procedures.

    What makes us different is our ability to enable the automation of select steps in any engineer-driven resolution procedure, as well as embed specific content into any procedure on a step-by-step basis. The Resolve Software also includes real-time incident resolution collaboration, the ability to capture a record of every resolution, and a complete workflow for continuous procedure improvement.

  • Rook
    Booth: 452

    Rook Security provides 24/7 Managed Detection and Response to prevent incidents from impacting business operations. We unite the brightest minds in digital defense with the most advanced, rapid-to-deploy technology to protect your organization. As a managed service, there is no need to worry about configuring, monitoring, or managing technology – our team does the hard part for you.

  • RSA a Dell Technologies Company
    Booth: 156

    RSA Business-Driven Security™ solutions provide organizations with a unified approach to managing digital risk that hinges on integrated visibility, automated insights and coordinated actions.  With solutions for rapid detection and response, user access control, consumer fraud protection, and integrated risk management, RSA customers can thrive and continuously adapt to transformational change.

  • SailPoint
    Booth: 102

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • SecurityScorecard
    Booth: 158

    SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their third-parties through continuous, non-intrusive monitoring. SecurityScorecard’s proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Application Security, Malware, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Information.

  • Securonix
    Booth: 502

    Securonix is redefining threat detection and response for today’s hybrid cloud, data-driven enterprise. Securonix Next-Gen SIEM and XDR are powered by the most advanced analytics and built on a scalable, flexible cloud native architecture. Securonix leverages behavioral analytics technology that pioneered the UEBA category to reduce noise, prioritize high fidelity alerts, and enable fast and precise response to insider and cyber threats.

  • SentinelOne
    Booth: 338

    SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.

  • SIM Boston
    Booth: 386

    At the Boston Chapter of SIM, we provide leading information technology executives, consultants, and academics with a place to share ideas. Our collaborative community shares best practices, trends and lessons learned for you: the person that is responsible for shaping and influencing the future of IT and IT management.

    Our goal is to provide you with access to a robust community of the area’s top IT leaders so you can exchange ideas, share best practices, and stimulate your mind. As a senior-level IT profession providing both strategic and tactical direction to your division on a daily basis, you need someplace to turn for advice, answers, and guidance, too.

  • Skybox Security
    Booth: 140

    Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.

  • Splunk
    Booth: 112

    Splunk helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application incidents from becoming major issues, absorb shocks from digital disruptions and accelerate digital transformation.

  • SSH Communications Security
    Booth: 410

    As the inventor of the SSH protocol, we have a twenty-year history of leading the market in developing advanced security solutions that enable, monitor, and manage encrypted networks. Over 3,000 customers across the globe trust the company’s encryption, access control and encrypted channel monitoring solutions to meet complex compliance requirements, improve their security posture and save on operational costs. SSH Communications Security is headquartered in Helsinki and has offices in the Americas, Europe and Asia. The company’s shares (SSH1V) are quoted on the NASDAQ OMX Helsinki. For more information, visit www.ssh.com

  • Sumo Logic
    Booth: 352

    Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world.

  • Symantec
    Booth: 154

    Symantec is the world’s leading cyber security company. Organizations worldwide look to Symantec for strategic, integrated solutions to defend against sophisticated attacks, and more than 50 million people rely on Symantec’s Norton and LifeLock product suites to protect their digital lives at home. For more information, please visit www.symantec.com.

  • TBG Security
    Booth: 422

    TBG Security is your trusted advisor when it comes to cybersecurity. We have been providing risk management solutions since 2003 to ensure your business is minimizing uncertainty in an increasingly hostile information environment. Whatever the IT security goal, TBG Security’s Information Security Advisors work with you to determine your requirements and tailor a straightforward plan of action to improve your organizations overall security posture. Our continuous commitment to new technologies and decades of threat avoidance experience make us the first choice of Fortunre 1000 companies for cybersecurity consulting services.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tenable
    Booth: 358

    Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

  • Thales
    Booth: 164

    As the global leader in cloud and data protection, we help the most trusted brands and largest organizations in the world protect their most sensitive data and software, secure the cloud and achieve compliance through our industry-leading data encryption, access management, and software licensing solutions.

  • ThreatConnect
    Booth: 501

    Designed by analysts but built for the team, ThreatConnect’s intelligence-driven security operations platform is the only solution available today with intelligence, automation, analytics, and workflows in a single platform. To learn more about our TIP and SOAR solutions, visit www.ThreatConnect.com.

  • Trend Micro
    Booth: 382

    Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.

  • TrustedSec
    Booth: 316

    TrustedSec is a leader in attack intelligence and security advisory services. Our team of highly talented, skilled, senior consultants sets us apart from other commodity-service security companies. We form partnerships with our number one goal to help you holistically improve your security program. You’ll find that working with us amounts to more than “just another engagement”—it’s establishing an understanding with your organization, and working to make you more secure, and better as a whole.

     

  • Tufin
    Booth: 360

    As the market leader of award-winning Security Policy Orchestration solutions, Tufin provides enterprises with the ability to streamline the management of security policies across complex, heterogeneous environments. With more than 2,000 customers, Tufin automatically designs, provisions, analyzes and audits network security configuration changes – from the application layer down to the network layer – accurately and securely. It assures business continuity with a tight security posture, rapid service delivery and regulatory compliance across physical, private, public and hybrid cloud environments.

  • University of Massachusetts
    Booth: 120

    The University of Massachusetts System Office (UMSO), which includes the Office of the President and Central Administrative Services, provides overall leadership to the University, coordinates with the campuses on various academic and financial initiatives, and provides shared services in the areas of information technology, treasury, and procurement, among others.

    The System Office represents the University in various ways (including but not limited to) with the Governor, Legislature, executive branch agencies, the federal government and professional organizations. It also coordinates academic affairs across the campuses and management and fiscal affairs including efficiency and effectiveness efforts, budgeting and forecasting, capital planning, information systems, legal matters, and human resources management. Overall planning, policy development and initiation of University-wide programs are carried out through the System Office by several departments that report to the President and his Vice Presidents and that are located in both Boston and Shrewsbury.

  • Varonis
    Booth: 128

    Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • WatchGuard
    Booth: 402

    WatchGuard offers industry-leading network security, secure Wi-Fi, and multi-factor authentication solutions to businesses around the world. In a world where the threat landscape is constantly evolving, and new threats emerge each day, WatchGuard provides robust security in a simple, easy-to-manage way.

  • WhiteSource
    Booth: 344

    WhiteSource is the pioneer of open source security and license compliance management. Founded in 2011, its vision is to empower businesses to develop better software by harnessing the power of open source. WhiteSource is used by more than 800 customers worldwide, from all verticals and sizes, including 23% of Fortune 100 companies, as well as industry leaders such as Microsoft, IBM, Comcast, and many more. For more information, please visit www.WhiteSourceSoftware.com.

  • Wombat Security Technologies
    Booth: 378

    Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS cyber security education solution includes a platform of integrated broad assessments, and a library of simulated attacks and brief interactive training modules, to reduce employee susceptibility to attack, even phishing attacks, over 80%.

  • Zensar
    Booth: 405

    Zensar is a leading digital solutions and technology services company that specializes in partnering with global organizations across industries on their Digital Transformation journey. Zensar empowers customers to develop strategies to adhere to comprehensive security frameworks while implementing security solutions to meet industry practices and compliance requirements.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

  • speaker photo
    Thornton May
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company

    Thornton is one of America’s premier executive educators, designing and delivering high impact curricula at UCLA, UC-Berkeley, Arizona State University, The Ohio State University, Harvard University, the University of Kentucky, Babson, and the Olin College of Engineering. His programs mine the knowledge of the audience delivering practical insights in an engaging and interactive manner.

    As a futurist, Thornton writes columns on technology for three leading publications, researches at four think tanks, and advises major organizations and government agencies on how to think differently about technology—all the while conducting seminal anthropological field research into technology-use behaviors of the various tribes comprising modern society.

    No stranger to the risk and infosec tribe, Thornton has written for CSO Magazine and frequently advises, lectures, and always learns from professionals in the various agencies of the American intelligence community. In a previous life, Thornton served as the Chief Awareness Officer (CAO) for one of the world’s first managed security services firm.

    Thornton brings a scholar's patience for empirical research, a second-to-none gift for storytelling, and a stand-up comedian’s sense of humor to his audiences. His recent book, "The New Know: Innovation Powered by Analytics," examines the intersection of the analytic and IT tribes.

    The editors at eWeek honored Thornton, including him on their list of Top 100 Most Influential People in IT. The editors at Fast Company labeled him "one of the top 50 brains in technology today."

  • speaker photo
    Brian Shield
    CIO, Boston Red Sox

    Brian is responsible for the strategic direction of technology and day-to-day IT operations in support of the Boston Red Sox, their fans, and Fenway Sports Management.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    David Dumas
    Sr. Principal, Security Risk Management, Verizon

    David Dumas, CISSP, CISM, ISSA Distinguished Fellow, is a Senior Principal in Security Risk Management for Verizon's Wireline Security Operations group. He has 32 years in the security field, working at Digital Equipment and Verizon. He has been on the ISSA New England Chapter Board since 1998.

  • speaker photo
    Joan Antokol
    Partner, Park Legal LLC

    Joan has experience as an in-house global privacy officer for a Fortune 500 company, and also served as a Partner and chair of the data privacy practice for a large international law firm. Since 2010, she has operated her own law firm, Park Legal, LLC, with offices in New Jersey and Indianapolis. Since 2003, Joan has been invited to be a member of the International Working Group on Data Protection in Technology (IWGDPT), which is an international group of data protection regulators chaired by the Berlin Data Protection Commissioner. Joan has also presented multiple times at the International Data Protection Commissioners' Conferences and has written a number of articles on data protection and security topics.

  • speaker photo
    Tom Stumpek
    CISO, Lahey Health

    Tom Stumpek currently serves as the CISO at Lahey Health. Prior to Lahey Tom spent over 20 years with the General Electric Company in various IT C-level positions (CISO, CTO, CIO) in the financial services, insurance, manufacturing and corporate sectors. Recently Tom has presented at several executive IT events on technology strategy, enterprise risk, innovation and leading a culture of change.

  • speaker photo
    Thornton May
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company

    Thornton is one of America’s premier executive educators, designing and delivering high impact curricula at UCLA, UC-Berkeley, Arizona State University, The Ohio State University, Harvard University, the University of Kentucky, Babson, and the Olin College of Engineering. His programs mine the knowledge of the audience delivering practical insights in an engaging and interactive manner.

    As a futurist, Thornton writes columns on technology for three leading publications, researches at four think tanks, and advises major organizations and government agencies on how to think differently about technology—all the while conducting seminal anthropological field research into technology-use behaviors of the various tribes comprising modern society.

    No stranger to the risk and infosec tribe, Thornton has written for CSO Magazine and frequently advises, lectures, and always learns from professionals in the various agencies of the American intelligence community. In a previous life, Thornton served as the Chief Awareness Officer (CAO) for one of the world’s first managed security services firm.

    Thornton brings a scholar's patience for empirical research, a second-to-none gift for storytelling, and a stand-up comedian’s sense of humor to his audiences. His recent book, "The New Know: Innovation Powered by Analytics," examines the intersection of the analytic and IT tribes.

    The editors at eWeek honored Thornton, including him on their list of Top 100 Most Influential People in IT. The editors at Fast Company labeled him "one of the top 50 brains in technology today."

  • speaker photo
    Chris DeMale, CFA
    Strategic Account Executive, ISACA

    Chris DeMale, CFA is a Strategic Account Executive for ISACA, where he serves enterprises across the globe on ISACA’s full suite of assessment, training, and cybersecurity products, and as a dedicated technical resource with expertise in the financial services sector. Before joining ISACA, Mr. DeMale served as Senior Vice President at Bluerock Capital Markets, and as a top-performing Regional Director at Morningstar, Inc., consulting on practice management, software, and investment decision-making. He has been recognized for helping hundreds of clients expand and enhance their firms. Mr. DeMale is a CFA Charterholder and a member of the CFA Society of Chicago. He holds degrees in Economics and English from Vanderbilt University and an MBA with Distinction from DePaul University. When not traveling or collaborating on ISACA business, he enjoys a variety of activities with his wife and four daughters, including gardening, biking, and chasing around a baby.

  • speaker photo
    Scott Margolis
    CISO, Massachusetts Bay Transportation Authority (MBTA)

    Senior Information Technology/Security Executive with over 25 years of experience at premier institutions successfully building services and client relationships, developing methodologies, and integrating cross-functional skills. Specializes in information security and risk management, compliance, knowledge management, strategy, business continuity, and operational efficiency. Reputation for leading new initiatives focused on transforming operations, establishing partner/industry relationships, increasing revenue, and reducing cost and risk exposure. Proactive leader with intense focus on customers and beneficial outcomes.

  • speaker photo
    Jonathan Lange
    Executive Manager, baramundi software USA, Inc.

    Jonathan Lange is sales manager for baramundi software USA, Inc. in the US market. Having advised customers in various countries from small businesses to global enterprises, he is well aware of the challenges IT departments face today in order to keep their infrastructure up-to-date, safe and efficient.

  • speaker photo
    Matthew Gardiner
    Principal Security Strategist, Mimecast

    Matthew Gardiner is a Director of Security at Mimecast and is currently focused on email & web security, phishing, awareness training, malware, and cloud security. With more than 15 years focused in security, Matthew’s expertise in various roles includes threat detection & response, network monitoring, SIEM, endpoint threat detection, threat intelligence, identity & access management, Web access management, identity federation, cloud security, and IT compliance at RSA, Netegrity, and CA Technologies. Previously he was President and a member of the board of trustees of the security industry non-profit, the Kantara Initiative. Matthew has a BS in Electrical Engineering from the University of Pennsylvania and an SM in Management from MIT's Sloan School of Management.

  • speaker photo
    Ron Winward
    Security Evangelist, North America, Radware

    As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America.
    Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
    Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
    Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
    Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation.

  • speaker photo
    Stephen Jones
    Vice President Managed Services, GuidePoint Security

    Stephen is the Vice President of Managed Services at GuidePoint Security and began his career in Information Security, Information Technology Management, Vulnerability Management, and Security Operations Center (SOC) operations. Before joining GuidePoint Security, Stephen worked for ManTech International at a large federal agency managing SOC operations. Stephen’s experience includes the teardown and rebuild of an Intelligence Community SOC to include staffing, process development, documentation, operations management, and inter-organizational coordination. He has managed Enterprise Vulnerability Management to include scanning, vulnerability prioritization, and reporting for an enterprise of over 100,000 assets. Stephen has a B.S. in Information Security from George Mason University.

  • speaker photo
    James Lam
    Director, E*Trade Financial

    James Lam is the president of James Lam & Associates and a director of E*TRADE Financial, where he chairs the risk oversight committee. He previously served as president of ERisk, partner of Oliver Wyman, chief risk officer of Fidelity Investments, and chief risk officer of GE Capital Markets Services. Lam was named to the NACD Directorship 100, Directors & Boards “Directors to Watch,” Treasury & Risk “100 Most Influential People in Finance,” and GARP “Risk Manager of the Year.” He is a best-selling author of three Wiley books. Lam is certified by the Software Engineering Institute of Carnegie Mellon in Cybersecurity Oversight.

  • speaker photo
    Carlos Morales
    Vice President, ASERT and Global Pre-Sales, Arbor Networks

    Carlos is responsible for Arbor’s Security Engineering & Response Team as well as the global pre-sales organization. ASERT is one of the industry’s most respected research organizations, responsible forproviding tactical and strategic threat intelligence to Arbor’s customer base and for curating ATLAS, Arbor’s global threat intelligence infrastructure. ASERT uses this unique network insight to analyze botnets, malware and DDoS threats on a global basis, developing protections that are fed directly into Arbor’s products through the ATLAS Intelligence Feed. Additionally, he will retain responsibility for field operations and implementation of our security and network visibility solutions. He brings more than two decades of experience in deploying security, networking and access solutions for service provider and enterprise networks. Before joining us in 2004, Carlos held management positions at Nortel Networks and Tiburon Networks, where he served as director of sales engineering. He also held salesengineering roles at Shiva Corporation, Crescent Networks and Hayes Microcomputer.

  • speaker photo
    Katie Stebbins
    Vice President for Economic Development, University of Massachusetts President's Office

    Katie Stebbins is the Vice President for Economic Development at the University of Massachusetts. She serves as a liaison to the business community, establishing and growing research and workforce development partnerships to benefit the university and the Commonwealth of Massachusetts. Representing UMass, the state’s second-largest employer and an institution responsible for $6.2 billion in annual economic impact, Katie is focused on business collaboration and increasing the state’s competitiveness in key sectors, including cyber security. Katie was previously Assistant Secretary for Technology, Innovation and Entrepreneurship for Massachusetts, where she led state investment efforts in robotics, advanced manufacturing and cyber security.

  • speaker photo
    Nicholas Davis
    Technical Product Manager, Rapid7

    Nick Davis began his career at Rapid7 in 2013 as a Software Engineer building InsightIDR. In this role, he was focused on building key detections and establishing scalability across the platform to keep up with a growing user base. Now, as the Technical Product Manager for InsightIDR, Nick works closely with engineering, SOC Analysts, and customers. He has a B.S. in Computer Engineering from Tufts University, where he led the Tufts IEEE chapter and contributed to Metasploit. He has published papers on facial recognition systems and hazardous environment detection using UAV systems. When he's not at work, you can find him reading up on large scale distributed systems, taking pictures, or skiing.

  • speaker photo
    Moderator: Mark Aiello
    Board Member, (ISC)2 Eastern Massachusetts; President, CyberSN

    Having more than 30 years of IT and cybersecurity consulting/staffing experience, Mark joined Signature Consultants, one of the largest IT Staffing Firms in the U.S., to lead, build and cultivate the cybersecurity talent and workforce throughout the organization’s 26 locations, serving 100s of clients throughout North America. Former President of Cyber 360, a leader in cybersecurity staffing, he harnesses his expertise in the cybersecurity/information security labor market to deploy and support a vast network of cybersecurity professionals. His passion and purpose are keeping companies safe by providing cybersecurity consultants and employees.

  • speaker photo
    Vani Murthy
    Risk Consultant, Cloud Security Alliance working groups contributor

    Vani Murthy (CISSP, CRISC, PMP and ITIL) is a Risk Consultant with over 17 years of experience in IT. Vani holds a MS and an MBA. She also contributes to the Cloud Security Alliance working groups.

  • speaker photo
    Esmond Kane
    CISO, Steward Health Care

    Esmond Kane brings more than two decades of expertise as a distinguished leader in information security, safeguarding vital sectors. With a rich leadership background at prestigious institutions like Harvard University, Mass General Brigham, and Steward Health Care, he also serves on the advisory boards of multiple companies, providing valuable insights on cyber matters. Kane excels as a trusted consultant to top executives and founders, ensuring secure IT operations, regulatory compliance, and resilient design. His stellar track record is a testament to his recognized authority in the field.

  • speaker photo
    Amirali Sanatinia
    PhD Candidate / Research Assistant, Northeastern University

    Amirali Sanatinia is a Computer Science PhD candidate at Northeastern and holds a Bachelors degree in Computer Science from St. Andrews University. His research focuses on security and privacy, and has been covered by publications such as MIT Technology Review, Ars Technica, and Threatpost. He is a recipient of RSAC Security Scholar and the CCIS Outstanding Research Award. He has presented at different security conferences such as DEF CON, Crypto Village, Virus Bulletin, BSides Boston, and PyCon.

  • speaker photo
    Scott Margolis
    CISO, Massachusetts Bay Transportation Authority (MBTA)

    Senior Information Technology/Security Executive with over 25 years of experience at premier institutions successfully building services and client relationships, developing methodologies, and integrating cross-functional skills. Specializes in information security and risk management, compliance, knowledge management, strategy, business continuity, and operational efficiency. Reputation for leading new initiatives focused on transforming operations, establishing partner/industry relationships, increasing revenue, and reducing cost and risk exposure. Proactive leader with intense focus on customers and beneficial outcomes.

  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

  • speaker photo
    Thornton May
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company

    Thornton is one of America’s premier executive educators, designing and delivering high impact curricula at UCLA, UC-Berkeley, Arizona State University, The Ohio State University, Harvard University, the University of Kentucky, Babson, and the Olin College of Engineering. His programs mine the knowledge of the audience delivering practical insights in an engaging and interactive manner.

    As a futurist, Thornton writes columns on technology for three leading publications, researches at four think tanks, and advises major organizations and government agencies on how to think differently about technology—all the while conducting seminal anthropological field research into technology-use behaviors of the various tribes comprising modern society.

    No stranger to the risk and infosec tribe, Thornton has written for CSO Magazine and frequently advises, lectures, and always learns from professionals in the various agencies of the American intelligence community. In a previous life, Thornton served as the Chief Awareness Officer (CAO) for one of the world’s first managed security services firm.

    Thornton brings a scholar's patience for empirical research, a second-to-none gift for storytelling, and a stand-up comedian’s sense of humor to his audiences. His recent book, "The New Know: Innovation Powered by Analytics," examines the intersection of the analytic and IT tribes.

    The editors at eWeek honored Thornton, including him on their list of Top 100 Most Influential People in IT. The editors at Fast Company labeled him "one of the top 50 brains in technology today."

  • speaker photo
    Joanne Kossuth
    CIO, Mitchell College

    Currently Joanne acts as the Chief Information Officer for Mitchell College with responsibility for academic, administrative, and enterprise computing and library information services. Joanne also serves as principal in her consulting services company, 1MountainRoad, which specializes in strategic business process re-engineering; aspirant and leadership development; human capital management and team building; and collaboration and services implementations. 1MountainRoad has specific experience in higher education in executing change management.

    As Olin College's Vice President for Operations and CIO, Ms. Kossuth had primary responsibility for the operational and technology areas of the college. These included: conference services, dining services, EH&S, facilities, human resources, information technology, planning and project management, public safety. In addition to her operations duties, she was responsible for building relationships with neighboring institutions, including Babson, Brandeis, and Wellesley Colleges.

    Ms. Kossuth founded and convened the External Technology Advisory Board and the Olin Innovation Lab. Her IT leadership led to her being named one of Computerworld's Premiere 100 CIOs in 2005. She received the EDUCAUSE Community Leadership Award, 2014. Joanne's previous experience includes positions at Fisher College, Wheelock College and the Boston University School of Management. Her publications include: "Attracting Women to Technical Professions," and "Building Relationships Means Better IT Contracts," “The Converged Workplace” and Chapter 32 or “Olin College: Academic and Olin Centers” in the EDUCAUSE E-Book “Learning Spaces.” Ms. Kossuth continues to provide service and leadership to EDUCAUSE and CLIR as the Dean of the Leading Change Institute and to NERCOMP as the co-founder and facilitator of the EDUCAUSE NERCOMP IT Manager Workshop Series. She was selected as a member of Juniper Network's Higher Education Advisory Board, and Plantronics Unified Communications Advisory Board.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Happy Hour
  • speaker photo
    Deidre Diamond
    Founder and CEO, CyberSN and Secure Diversity

    Deidre Diamond is the founder and CEO of CyberSN, the largest cybersecurity talent acquisition technology and services firm in the U.S., transforming job searching and hiring for the cybersecurity industry. Standardizing all cybersecurity job functions into a common taxonomy of 45 roles, the CyberSN platform allows professionals to make anonymous, public profiles that match with employer-posted job descriptions using the same taxonomy. This innovation is disruptive and solves a serious national security issue. Deidre’s leadership style combines 25 years of experience working in technology and staffing, her love of the cybersecurity community, and a genuine enthusiasm for people. She has led large-scale sales and operations and built high-performance teams at Rapid7 and Motion Recruitment prior to founding her own organizations. She believes a company-culture established on ‘anything is possible’ attitudes and open communication frameworks, along with positive energy, career advancement, and kindness, enables her teams to have fun at work and reach beyond peak performance. She also encourages the use of EQ (Emotional Intelligence) skills: self-awareness, self-regulation, motivation, social skills, and empathy. Deidre has also founded SecureDiversity.org, a non-profit organization working to raise awareness for, and increase the hiring of, women and underrepresented humans in the cybersecurity workforce. She has also spoken at some of the biggest tech summits, conferences, and podcasts in the world including ISC2 Congress, RSA, ISSA International, and Hacker Halted.

  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

  • speaker photo
    Thornton May
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company

    Thornton is one of America’s premier executive educators, designing and delivering high impact curricula at UCLA, UC-Berkeley, Arizona State University, The Ohio State University, Harvard University, the University of Kentucky, Babson, and the Olin College of Engineering. His programs mine the knowledge of the audience delivering practical insights in an engaging and interactive manner.

    As a futurist, Thornton writes columns on technology for three leading publications, researches at four think tanks, and advises major organizations and government agencies on how to think differently about technology—all the while conducting seminal anthropological field research into technology-use behaviors of the various tribes comprising modern society.

    No stranger to the risk and infosec tribe, Thornton has written for CSO Magazine and frequently advises, lectures, and always learns from professionals in the various agencies of the American intelligence community. In a previous life, Thornton served as the Chief Awareness Officer (CAO) for one of the world’s first managed security services firm.

    Thornton brings a scholar's patience for empirical research, a second-to-none gift for storytelling, and a stand-up comedian’s sense of humor to his audiences. His recent book, "The New Know: Innovation Powered by Analytics," examines the intersection of the analytic and IT tribes.

    The editors at eWeek honored Thornton, including him on their list of Top 100 Most Influential People in IT. The editors at Fast Company labeled him "one of the top 50 brains in technology today."

  • speaker photo
    Ben Levitan
    CEO, Cedalion Partners

    Ben Levitan serves as CEO of Cedalion Partners, a Management Advisory firm to Investors, Boards, and CEOs. Ben serves as Board Director of OGSystems, a GEOINT solutions company, and Bricata, a cybersecurity company. Ben has more than 25 years of leadership experience, having served as CEO or COO of five companies—in venture, growth equity, and public stages. Ben served as Venture Partner at IQT, the strategic investment arm of the CIA and U.S. Intelligence Community, and made investments in cybersecurity, including Veracode (acquired by CA) and Corestreet (acquired by Assa Abloy). He attended London School of Economics and earned his BA from Union College. Ben is an avid motorcycle rider and bicyclist and is married with three children.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Deidre Diamond
    Founder and CEO, CyberSN and Secure Diversity

    Deidre Diamond is the founder and CEO of CyberSN, the largest cybersecurity talent acquisition technology and services firm in the U.S., transforming job searching and hiring for the cybersecurity industry. Standardizing all cybersecurity job functions into a common taxonomy of 45 roles, the CyberSN platform allows professionals to make anonymous, public profiles that match with employer-posted job descriptions using the same taxonomy. This innovation is disruptive and solves a serious national security issue. Deidre’s leadership style combines 25 years of experience working in technology and staffing, her love of the cybersecurity community, and a genuine enthusiasm for people. She has led large-scale sales and operations and built high-performance teams at Rapid7 and Motion Recruitment prior to founding her own organizations. She believes a company-culture established on ‘anything is possible’ attitudes and open communication frameworks, along with positive energy, career advancement, and kindness, enables her teams to have fun at work and reach beyond peak performance. She also encourages the use of EQ (Emotional Intelligence) skills: self-awareness, self-regulation, motivation, social skills, and empathy. Deidre has also founded SecureDiversity.org, a non-profit organization working to raise awareness for, and increase the hiring of, women and underrepresented humans in the cybersecurity workforce. She has also spoken at some of the biggest tech summits, conferences, and podcasts in the world including ISC2 Congress, RSA, ISSA International, and Hacker Halted.

  • speaker photo
    Sandy Bacik
    Director, Audit and Compliance, CipherTechs, Inc.

    Sandy Bacik, CISSP, ISSMP, CGEIT, CISA, CDPSE, PCI QSA, is CipherTechs’ Director Audit & Compliance, has over 20 years’ direct information security and operational experience in the areas of IT Audit and Compliance, BCP/DR, Incident Response, Physical security, Privacy, Regulatory Compliance and Audit, Policies/Procedures, Operations, and Management and is a former CISO. With an additional 15 years in Information Technology Operations. Ms. Bacik has been heavily involved with local, national, and international security industry events. Ms. Bacik is the author of Building an Effective Security Policy Architecture and a contributing author to the past years of Information Security Management Handbook.

  • speaker photo
    Ravi Thatavarthy
    VP & CISO, BJ's Wholesale Club

    Ravi Thatavarthy brings 20+ years of experience in Information Security to his role with a strong background in Security Architecture and building Security programs from ground up. His approach to Information Security is unique and well-balanced with a focus on ‘Business Value’ and ‘User Delight’. He recently appeared in ‘Profiles in Confidence’ as a Security leader running confident Security program. He spoke and served as a panelist in multiple conferences. Before joining BJ's, he was the Head of Information Security at iRobot, and previously led the Security, Policy & Compliance programs at Haemonetics where he worked as Director of Global Security & Policy.

  • speaker photo
    Frank Duff
    Cybersecurity Engineer, MITRE

    Frank Duff is a principal cyber operations engineer at MITRE. His work has focused in endpoint security and cyber deception. He is the current principle investigator of the Leveraging External Transformational Solutions research and development effort that seeks to assist the integration of innovative commercial cybersecurity solutions into our sponsor base.

  • speaker photo
    Jordan Fischer, Instructor
    Founding Partner & Owner, Fischer Law, LLC

    Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.

    Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.

    With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.

    Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.

    In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.

    Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.

    Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.

    HONORS & RECOGNITIONS
    Lawyer on the Fast Track, The Legal Intelligencer (2023)
    Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
    Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
    ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
    SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
    Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
    Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
    European Union ERASMUS Grant Recipient, 2020

    ASSOCIATIONS & MEMBERSHIPS
    American Bar Association, Business Law Fellow, 2020-2022
    American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
    Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
    California Bar Association
    New Jersey Bar Association
    Forbes Business Council Member, 2022
    International Association of Privacy Professionals (IAPP), Member
    University of California, Berkeley, Cybersecurity Lecturer
    former Thomas R. Kline School of Law, Drexel University, Law Professor
    former Chestnut Hill College, Adjunct Professor
    West Chester Friends School, Board Member
    Appointed Fulbright Specialist in Cybersecurity and Data Privacy

    CERTIFICATIONS
    Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
    Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
    Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP)

  • speaker photo
    Dr. Larry Ponemon
    Chairman and Founder, Ponemon Institute

    Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management (RIM) framework.

    Ponemon Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University’s CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Corporation.

    Dr. Ponemon consults with leading multinational organizations on global privacy management programs. He has extensive knowledge of regulatory frameworks for managing privacy and data security, including financial services, healthcare, pharmaceutical, telecom, and internet. Dr. Ponemon was appointed to the Advisory Committee for Online Access & Security for the United States Federal Trade Commission. He was appointed by the White House to the Data Privacy and Integrity Advisory Committee for the Department of Homeland Security. He was also an appointed to two California State task forces on privacy and data security laws.

    Dr. Ponemon earned his Ph.D. at Union College in Schenectady, New York. He has a Master’s degree from Harvard University, and attended the doctoral program in system sciences at Carnegie Mellon University. He earned his Bachelor's with Highest Distinction from the University of Arizona. He is a Certified Public Accountant and a Certified Information Privacy Professional.

  • speaker photo
    Javed Ikbal
    CISO & VP, Information Security & Risk Management, Bright Horizons

    Javed Ikbal is the CISO at Bright Horizons. Prior to that, he held CISO positions at Upromise Rewards, GTECH, and Omgeo, and brings 20 years of information security experience in financial services, gaming, and scientific research sectors. He specializes in building or re-engineering information security programs, regulatory compliance, application security, and aligning IT and information security programs to business goals. He is the co-author of "The Laidoff Ninja" and is currently working on his next book: "Clicking Up: Building a Great Information Security Program".

  • speaker photo
    Kurt Wescoe
    Chief Architect, Wombat Security, a division of Proofpoint

    As Chief Architect at Wombat Security, Kurt is responsible for ensuring Wombat's software and systems are built on a sound foundation. He brings over 10 years of experience in engineering, across multiple industries. He also serves as a faculty member in the School of Computer Science’s master’s program in e-Business at Carnegie Mellon University. Kurt earned his M.Sc. in E-Commerce from CMU, and a B.S. in Computer Engineering from the University of Pittsburgh.

  • speaker photo
    Deidre Diamond
    Founder and CEO, CyberSN and Secure Diversity

    Deidre Diamond is the founder and CEO of CyberSN, the largest cybersecurity talent acquisition technology and services firm in the U.S., transforming job searching and hiring for the cybersecurity industry. Standardizing all cybersecurity job functions into a common taxonomy of 45 roles, the CyberSN platform allows professionals to make anonymous, public profiles that match with employer-posted job descriptions using the same taxonomy. This innovation is disruptive and solves a serious national security issue. Deidre’s leadership style combines 25 years of experience working in technology and staffing, her love of the cybersecurity community, and a genuine enthusiasm for people. She has led large-scale sales and operations and built high-performance teams at Rapid7 and Motion Recruitment prior to founding her own organizations. She believes a company-culture established on ‘anything is possible’ attitudes and open communication frameworks, along with positive energy, career advancement, and kindness, enables her teams to have fun at work and reach beyond peak performance. She also encourages the use of EQ (Emotional Intelligence) skills: self-awareness, self-regulation, motivation, social skills, and empathy. Deidre has also founded SecureDiversity.org, a non-profit organization working to raise awareness for, and increase the hiring of, women and underrepresented humans in the cybersecurity workforce. She has also spoken at some of the biggest tech summits, conferences, and podcasts in the world including ISC2 Congress, RSA, ISSA International, and Hacker Halted.

  • speaker photo
    Nuno Sousa
    Strategic Engineering Manager, Check Point Software Technologies, Inc.

    Nuno is the Check Point Strategic Engineering Manager in the Northeast. 10+ years of experience in the cybersecurity industry. He has held various positions in the vendor, system integrator and private sector including Security Engineer, Security Architect, Security Consultant and now managing Check Point SE’s responsible for Check Point’s largest customers in the NorthEast.

  • speaker photo
    Ron Winward
    Security Evangelist, North America, Radware

    As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America.
    Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
    Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
    Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
    Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation.

  • speaker photo
    Jim Benanti
    Sr. Partner, Consulting Engineer, Arbor Networks

    Jim comes to Arbor with over 20 years in the security field as a Pre-Sales Engineer, Sales Representative, Competitive Analyst, and Solutions Consultant. He has been with Arbor for the past six years, where he currently is a Sr. Partner Consulting Engineer.
    Jim received his Bachelor’s degree from Clarion University of Pennsylvania and has also earned a Master’s degree from Robert Morris University. He also maintains his CISSP and ITIL certifications. Jim currently resides in the Pittsburgh area with his wife Mary and two daughters, Sarah and Maria.

  • speaker photo
    William J. Malik, CISA
    VP, Infrastructure Strategies, Trend Micro

    William Malik helps clients structure their IT environments to minimize the loss, alternation, or inadvertent exposure of sensitive information. His information technology career spans over four decades. Prior to Trend Micro, he worked at Gartner for twelve years where he led the information security strategies service and the application integration and middleware strategies service. Before Gartner, William was CTO of Waveset, an identity management vendor. He also co-authored the Cobit version 3 standard. In addition, he spent 12 years at IBM, where he worked in MVS development, testing, and business planning. William is a Certified Information Systems Auditor (CISA).

  • speaker photo
    Katie Greer
    CEO, KL Greer Consulting, Featured on: CNN, The O'Reilly Factor, Inside Edition, The Huffington Post, TIME Magazine, USA Today and more

    Previously of the Massachusetts Attorney General's Office and MA State Police, Katie Greer travels the country presenting to hundreds of thousands of law enforcement, communities, school staff/administration and students on the trends, safety and best digital safety/social media practices. Katie serves as a media industry expert, and has been featured on CNN, The O'Reilly Factor, The Meredith Vieira Show, Inside Edition, and in media such as The Huffington Post, TIME Magazine, The Boston Globe, USA Today, Proctor & Gamble, Parents Magazine, and more.

  • speaker photo
    Margie Zuk
    Sr. Principal Cybersecurity Engineer, MITRE

    Margie Zuk is in the Cybersecurity Solutions and Information Technology Technical Centers at The MITRE Corporation. She leads MITRE’s support to FDA on medical device cybersecurity and preparedness and response and is developing a Common Vulnerability Scoring System rubric tailored to medical devices. Margie has a Bachelor of Arts in Mathematics from the College of Mt. St. Vincent, and a Master of Science in Computer Science from Stevens Institute of Technology.

  • speaker photo
    Penny Chase
    Sr. Principal Scientist, MITRE

    Penny Chase is in the Cybersecurity Solutions and Information Technology Technical Centers at The MITRE Corporation. She leads MITRE’s support to FDA on medical device cybersecurity and preparedness and response, and is developing a Common Vulnerability Scoring System rubric tailored to medical devices.

  • speaker photo
    Sue Bergamo
    CIO & CISO, BTE Partners

    A global CIO & CISO, Sue brings broad technology and operational experience to help companies secure and grow through innovation, and optimization in cloud, on-prem environments and acquisition. She’s held strategic positions at Microsoft, ActiveCampaign, Precisely, Episerver, Aramark, and CVS Pharmacy. Sue is the author of "So, You Want to be a CISO?" and is a sought-after speaker, investor, executive advisor and a multiple industry award winner in cybersecurity.

  • speaker photo
    Thomas Hart
    CISO, Cyber Guide LLC

    Thomas F Hart - Tom has been in the IT field since 1978(EDP), starting as a programmer trainee (Assembler and COBOL). First computer worked on was an IBM360 system (PCs were a long way off). He has been a Programmer, Systems Analyst, Operating Systems Programmer, Network Systems Programmer, DR / BCS Specialist, IT Auditor, GRC, Sr. Security Analyst, Contractor/Consultant, Security Conference Panelist- Moderator-Organizer-Speaker. Tom has been involved in the InfoSec community via ISC2, ISACA, SANS, HOPE, BSides, Secure World and others. He has worked in the Banking, Defense, Utilities, Gov. and Health Care industries in his career. Most recently he has founded Cyber Guide LLC consulting firm.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes