- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, March 14, 20187:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 3:00 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
8:00 amAdvisory Council Roundtable Breakfast (VIP / Invite only)Registration Level:- VIP / Exclusive
8:00 am - 9:15 amLocation / Room: 109Moderated discussion for SecureWorld Advisory Council members. By invite only.
8:00 amSecureWorld PLUS Part 1 - Cloud Security - Securing Your Organization's Digital TransformationEarn 16 CPEs With This in-Depth 3-Part CourseDirector, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members AllianceRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: 107This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.
8:00 amSecureWorld PLUS Part 1 - Security’s New Know: Strategic Skills for the Digital AgeEarn 16 CPEs With This in-Depth 3-Part CourseFuturist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast CompanyCIO, Boston Red SoxRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: 108Security’s Dark Age is coming to an end. A sub-set of organizations has moved beyond the misunderstandings, stigmatizations, dysfunctional economics and toxic mindsets regarding the practice of security. A new age is upon us – an age that requires new thinking, new skills and new practices. This session – part Harvard MBA-in-a-box, part Amish barn raising and part therapy session features Futurist Thornton May and a faculty of local experts detailing what the positive path to the future might look like.
8:00 am[SecureWorld PLUS] Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity FrameworkEarn 16 CPEs With This in-Depth 3-Part CourseSr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: 105The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report
The class will help individuals and organizations acquire knowledge, skills and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the Instructor – Larry Wilson:
- Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
8:30 amWhat Really Works With Cyber Tabletop ExercisesSr. Principal, Security Risk Management, VerizonRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 102A good Cyber Tabletop Program can consist of seminars/workshops, tabletop exercises, drills, multi-team functional exercises, a cyber range, and training. Come to this presentation to learn what really works from 12 years of experience designing and running cyber exercises. Bring your questions and your experiences to share with the audience too.
8:30 amSecurity Breach Notification and Enforcement: A Challenging Landscape Becomes Even More ChallengingPartner, Park Legal LLCRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 111As of May 25, 2018, as part of the EU General Data Protection Regulation (GDPR), all EU member states will require breach notification to the relevant supervisory authority (or authorities) within 72 hours. At the same time, the US breach notification laws are being updated to require notification in additional situations, and many new countries around the world are adopting notification laws. Given the short time frames for notification, the varying requirements for notifying individuals as well as a whole host of regulators, the likelihood of adverse media attention, and the potential for lawsuits, well-meaning organizations sometimes create additional risks for themselves when a breach occurs, based upon their lack of preparation, knowledge and training in this area. This presentation will discuss the GDPR breach notification requirements including the expectations of the European Commission and member states, as well as the growing assortment of other notification obligations across the US and world, and will include tips and recommendations for minimizing your organization’s risk.
8:30 amVendor Risk Management – Understanding and Managing 3rd Party Cyber RiskCISO, Lahey HealthRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 104Now more than ever an effective Vendor Risk Management (VRM) Program should be a pillar of any Enterprise Risk Management strategy. The Cybersecurity risks that are inherent to your organization multiply exponentially whenever you introduce external vendors. In this session learn how to effectively audit, measure and continuously monitor your 3rd parties.
9:00 amExhibitor Hall openRegistration Level:- Open Sessions
9:00 am - 3:00 pmLocation / Room: Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
9:30 amOpening Keynote: Risk & Security’s Bright Future: Mapping the Road AheadFuturist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast CompanyRegistration Level:- Open Sessions
9:30 am - 10:15 amLocation / Room: Keynote TheaterThere has never been a better time to be a risk/security professional. Disruptive technologies fundamentally expand the “Art of the Possible;” reshape the solution provider ecosystem [with a new hierarchy of winners & losers]; and discombobulate expectations of how and by whom risk and security should be managed/led.
In an entertaining and highly interactive session, Thornton May will share with attendees how leading Risk/Security Cartographers chart the future. Like the movers and shakers of the Renaissance, we stand on the shores of a new world –a Mundus Novus as Americo Vespucci labeled it in 1502.
10:15 amISACA Chapter Meeting Presenting: Adding Technical Cyber Skills To Your Governance and Audit TeamsOpen to All AttendeesStrategic Account Executive, ISACARegistration Level:- Open Sessions
10:15 am - 11:15 amLocation / Room: 101Interested in your local associations? Join ISACA for a social meet & greet and chapter news.
Chris DeMale, CFA, Executive with ISACA International, will be making a special visit to Ireland for a presentation on the latest technology and thought leadership regarding the CMMI Institute, COBIT 5, and Cybersecurity Platforms. Chris will be demonstrating the CMMI Cybermaturity Platform, offering us an exclusive, pre-release look at a cloud-based tool developed in conjunction with the input of hundreds of top cyber and audit teams around the globe. The tool provides over 3100 objectively-developed practice areas, which can be customized to the needs of your enterprise, and evaluates on a continuous basis compliance with the stated objectives to produce board-ready reports.
Next Chris will discuss COBIT 5 and our strategies for successful implementation and evaluation from examples around the globe. Finally Chris will provide a demonstration of the CSX Cybersecurity Nexus Platform, a hands-on, cloud-based, performance-based, beginner-to-expert level tool for providing skills and assessment to your audit and cyber teams.
10:15 amConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
10:15 am - 11:15 amLocation / Room: Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
11:00 amAdvisory Council Roundtable: (VIP / Invite Only)CISO, Massachusetts Bay Transportation Authority (MBTA)Registration Level:- VIP / Exclusive
11:00 am - 12:00 pmLocation / Room: 109This session is for the Boston Advisory Council / VIP only.
11:15 ambaramundi — Innovative Endpoint Management: A Holistic Approach to Vulnerability Management, Patching, OS Upgrades, and Software DistributionExecutive Manager, baramundi software USA, Inc.Registration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: 111Windows Fall Anniversary Update, Office 365 Migration, Vulnerability and Patch Management: Are any of these three topics causing your blood pressure to rise? This session will show you how you can automate OS migrations, software deployment projects, and effective security exploit management all from one easy to use Endpoint Management Suite. No university degree or nerd glasses required—buckle up! 11:15 amMimecast: Top 10 Ways to Improve Your Email SecurityPrincipal Security Strategist, MimecastRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: 110It is no secret that email-borne attacks by all types of malicious actors continue to be the preferred method to get in, around, and get data out of organizations. While there is no one technology or security control that can be applied to close this security gap, there are many things – at least 10! – that organizations can do to dramatically lower the risk of an email enabled data breach or security incident. In this session, I will go through what I consider to be the top 10 controls organizations can apply, while providing examples of how these controls work to stop certain types of email-borne attacks.
11:15 am[Radware] Cybersecurity Pushed to the LimitSecurity Evangelist, North America, RadwareRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: 104Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.
Join the session to learn more about:
• The threat landscape deep dive—the who, what and why of attacks
• Potential impact on your business, including associated costs of different cyber-attacks
• Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
• Emerging threats and how to protect against them
• A look ahead – predictions and what to prepare for11:15 amThe Path to Strategic Application SecurityVice President Managed Services, GuidePoint SecurityRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: 101Application Security is a critical function of any business that develops any of their own software. As we’ve seen in recent reports and studies, attacks against applications are a significant risk and are on the rise. Having a Strategic Application Security program as part of any business’s overall security program is becoming more and more important. We will discuss, how organizations are similar but have different Application Security needs, Application Security trends, Strategic Application Security and what it entails, and Application Security challenges we face. Attendees will leave with an understanding of Strategic Application Security and the steps an organization can take to begin to strategize and implement an Application Security program of their own.
11:15 amView From the Top: The Board’s Role in Cybersecurity OversightDirector, E*Trade FinancialRegistration Level:- Conference Pass
11:15 am - 12:00 pmIn recent board surveys, cybersecurity has been identified as one of the top concerns for corporate directors. From the vantage point of a public company director and risk committee chair, this presentation will discuss the role of the board in cybersecurity oversight, including:
Board expectations and industry standards
Integration with enterprise risk management
Quantification of cyber risk
Board-level cyber risk reporting and decision-making12:00 pmAdvisory Council Lunch Roundtable – (VIP / Invite Only)Registration Level:- VIP / Exclusive
12:00 pm - 1:00 pmLocation / Room: 109This session is for the Boston Advisory Council / VIP only.
Lunch will be served.12:15 pmLUNCH KEYNOTE: Arbor Networks: Advanced DDoS – Complex, Targeted, EffectiveVice President, ASERT and Global Pre-Sales, Arbor NetworksRegistration Level:- Open Sessions
12:15 pm - 1:00 pmLocation / Room: Keynote Theater1:15 pmPanel: Building a Better Mouse Trap (Emerging Threats)Registration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: Keynote TheaterTo be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
1:15 pmPanel: You’ve Got Burned! Now What? (Incident Response)Registration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: 103We’ve all heard the adage that it’s not if it happens but when you are inevitably breached… Do you have a plan? Even a framework to go off of? What do you include? Who do you include? How often should you be practicing this plan? Join our experts as they discuss incident response plans, who should be involved, best practices, and pitfalls.
1:15 pmMassachusetts Cyber Education and Talent EcosystemVice President for Economic Development, University of Massachusetts President's OfficeRegistration Level:- Conference Pass
1:15 pm - 2:00 pmLocation / Room: 104The University of Massachusetts, the Advanced Cyber Security Center, and industry partners in several technology sectors, has launched the Cyber Security Education Training Consortium. This nationally unique Consortium invites the participation of over 40 cyber security training and degree granting programs in the Commonwealth of Massachusetts to collectively address the high demand for talent in the rapidly growing field of cyber security. The goal of the Consortium is to leverage a network of higher education institutions and local security leaders to ensure we are producing top talent at scale and to make security careers more attractive and accessible in Massachusetts.
1:15 pmRapid7: Practical Strategies for Taking on the Modern AdversaryTechnical Product Manager, Rapid7Registration Level:- Open Sessions
1:15 pm - 2:00 pmLocation / Room: 102An attacker’s ability to go from vulnerability to exploit is faster than ever. Is your team ready to respond to an incident quickly and efficiently? In this session, we’ll go over methods and tactics for keeping your security program evolving as fast as your adversaries. From attacker behavior analysis to automation and orchestration, we’ll dive into today’s best practices.
2:15 pm(ISC)2 Chapter Meeting and PresentationDiscover Your Local Associations - Open to All AttendeesBoard Member, (ISC)2 Eastern Massachusetts; President, CyberSNRegistration Level:- Open Sessions
2:15 pm - 3:15 pmLocation / Room: 101Interested in your local associations? Join (ISC)2 for a social meet & greet and chapter news.
2:15 pmConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
2:15 pm - 3:00 pmLocation / Room: Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
3:00 pmBeing Risk Aware in Cloud AdoptionRisk Consultant, Cloud Security Alliance working groups contributorRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 102In spite of the benefits to be realized in Cloud, organizations are uneasy about the risks. It is important for organizations to be risk-aware since the impact could easily pass on to the existing /future clients. How can organizations exploit the risk in order to successfully adopt cloud?
3:00 pmAutomate Security or DieSurvival of the FittestCISO, Steward Health CareRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 104Cyber-criminals have industrialized their operations, these highly organized professionals seek to shut your business down mere minutes after exploitation and demand ransoms optimized to your industry and size. Join Esmond Kane as he discusses the necessity to build an agile and adaptive next-generation Security Operations Center to disrupt these ruthless entrepreneurs and to leverage three key emerging technologies: workload optimization, mature threat intelligence and management, and infrastructure integration and orchestration.
3:00 pmCommon Crypto PitfallsDoing crypto right is easier than you might think.PhD Candidate / Research Assistant, Northeastern UniversityRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 110Today we use cryptography in almost everywhere. From surfing the web over https, to working remotely over ssh. In modern crypto we have all the building block to develop secure application. However, we see instances of insecure code everywhere. Most of these vulnerabilities are not because of theoretic shortcomings, but due to bad implementation or a flawed protocol design. Cryptography is a delicate art where nuances matter, and failure to comprehend the subtleties of these building blocks leads to critical vulnerabilities. To add insult to injury most of the resources available are either outdated or wrong, and inarguably, using bad crypto more dangerous than not using it. In this talk we look at examples from real world applications and the most common cryptographic pitfalls.
3:00 pmSecurity & Privacy Considerations for System Decommissioning & Hosting MigrationCISO, Massachusetts Bay Transportation Authority (MBTA)Registration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 111With the continued growth and trust in cloud-based infrastructure and software services, many organizations are looking to retire on-premise solutions or migrate them to the cloud. Scott will present the security and privacy oversight, planning, and monitoring required for any system decommissioning or hosting migration effort involving regulated data with a focus on data retention, system sanitization, cloud migration, continuous monitoring, regulatory compliance and leadership accountability practices.
3:00 pmPanel: Shifting Landscape of Attack VectorsRegistration Level:- Open Sessions
3:00 pm - 3:45 pmLocation / Room: 103If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
3:00 pmSecureWorld PLUS Part 2 - Cloud Security - Securing Your Organization's Digital TransformationSecureWorld PLUS Registrants ONLYDirector, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members AllianceRegistration Level:- SecureWorld Plus
3:00 pm - 4:30 pmLocation / Room: 107This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.
3:00 pmSecureWorld PLUS Part 2 - Security’s New Know: Strategic Skills for the Digital AgeSecureWorld PLUS Registrants ONLYFuturist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast CompanyCIO, Mitchell CollegeRegistration Level:- SecureWorld Plus
3:00 pm - 4:30 pmLocation / Room: 108Security’s Dark Age is coming to an end. A sub-set of organizations has moved beyond the misunderstandings, stigmatizations, dysfunctional economics and toxic mindsets regarding the practice of security. A new age is upon us – an age that requires new thinking, new skills and new practices. This session – part Harvard MBA-in-a-box, part Amish barn raising and part therapy session features Futurist Thornton May and a faculty of local experts detailing what the positive path to the future might look like.
3:00 pm[SecureWorld PLUS] Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity FrameworkSecureWorld PLUS Registrants ONLYSr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
3:00 pm - 4:30 pmLocation / Room: 105The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report
The class will help individuals and organizations acquire knowledge, skills and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the Instructor – Larry Wilson:
- Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
4:00 pmHappy Hour ReceptionJoin GuidePoint and Partners for post SecureWorld social hour.Registration Level:- Open Sessions
4:00 pm - 7:00 pmLocation / Room: Kings Dining & EntertainmentJoin GuidePoint and Partners for a social hour after Day 1 of SecureWorld. Come discuss the day’s events, network with security peers, and enjoy beverages, hors d’oeuvres, entertainment, and prizes.
Register NowKings Dining & Entertainment
50 Dalton St, Boston, MA 02115
4-7 p.m.Compliments of GuidePoint Security and PAvilion Partners: Agari, Bitglass, Crowdstrike, Exabeam, Expanse, Forescout, Gemalto, Insights, Okta, OneLogin, SentinelOne, Signal Sciences, Splunk, Symantec, Tenable, Varonis, Cybereason, Venafi, Cylance, Digital Shadows, Kenna, Gigamon, Virtisec, Security Scorecard, PKware, Checkmarx, Skybox, Guardicore, Netskope, Thales, Demisto, Imperva, Spirion
6:00 pmHappy Hour ReceptionJoin Brainbabe and your fellow security professionals for beverages and appetizers, and support the desexualization of conferences while bridging the cybersecurity talent gap.Founder and CEO, CyberSN and Secure DiversityRegistration Level:- Open Sessions
6:00 pm - 9:00 pmLocation / Room: Foley & Lardner LLP 111 Huntington Avenue #Suite 2500 Boston, MA 02199Join your peers for complimentary hors d’oeuvres, beverages, and conversation following Day 1 of SecureWorld. This is a great opportunity to network with other security professionals from the Boston area, and to discuss how we can create diversity and inclusion in the cybersecurity and tech industries.
Learn more about Brainbabe and how the STEAM-Conference connection is working to desexualize conferences and trade shows while bridging the cybersecurity talent gap by providing jobs for all genders to STEAM students. Deidre Diamond will discuss how you can get involved and help.
The cybersecurity profession is comprised of only 11% women, less than 6% of top CEOs are women, and 53% of women leave the cybersecurity industry in under 10 years. Together we can change these statistics.
Register for this event – Space is limited
- Thursday, March 15, 20177:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 3:00 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
8:00 amSecureWorld PLUS Part 3 - Cloud Security - Securing Your Organization's Digital TransformationSecureWorld PLUS Registrants ONLYDirector, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members AllianceRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: 107This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.
8:00 amSecureWorld PLUS Part 3 - Security’s New Know: Strategic Skills for the Digital AgeSecureWorld PLUS Registrants ONLYFuturist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast CompanyCEO, Cedalion PartnersRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: 108Security’s Dark Age is coming to an end. A sub-set of organizations has moved beyond the misunderstandings, stigmatizations, dysfunctional economics and toxic mindsets regarding the practice of security. A new age is upon us – an age that requires new thinking, new skills and new practices. This session – part Harvard MBA-in-a-box, part Amish barn raising and part therapy session features Futurist Thornton May and a faculty of local experts detailing what the positive path to the future might look like.
8:00 am[SecureWorld PLUS] Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity FrameworkSecureWorld PLUS Registrants ONLYSr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: 105The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report
The class will help individuals and organizations acquire knowledge, skills and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the Instructor – Larry Wilson:
- Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
8:30 amIncrease Your EQ, Grow Your Career, and Enjoy It!Founder and CEO, CyberSN and Secure DiversityRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 104Our Intelligence Quotient (IQ) levels are pre-determined at birth, however, our Emotional Quotient (EQ) is capable of evolving over the course of our entire lives. Studies have shown that it is EQ, more than IQ, that determines success. We will study and discuss the components of EQ and explore some of the ways that we can emphasize and encourage the growth of EQ skills to improve the hiring and retention of cybersecurity professionals. Much like our technical hard skills our soft skills can be learned and must be fostered constantly.
8:30 amHow Many Documents Do I Need?!?!?!Director, Audit and Compliance, CipherTechs, Inc.Registration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 110All regulations and standards require policies, but never tell you what is needed for the enterprise. They do not specify the type of documents needed to meet requirements. Building a document architecture that reaches into the future that will bend and support the business into the future is relatively easy.
8:30 amInfraGard Chapter Meeting - Open to all AttendeesPresentation: Implementing a ‘Zero Trust’ Approach for Securing Your Enterprise EnvironmentsVP & CISO, BJ's Wholesale ClubRegistration Level:- Open Sessions
8:30 am - 9:15 amLocation / Room: Keynote TheaterDiscover your local associations – join InfraGard for their chapter meeting and presentation.
Zero Trust is an architectural model that guides security teams on how to apply Zero Trust tenants to address the modern threat landscape. The model advocates a holistic approach to information security and puts special focus on processes and technologies that secure your data, wherever it resides. The objective is to strengthen data security and obfuscation – to limit risk derived from excessive user privileges and access. Benefits also include improved security detection and response with analytics and automation. Understanding key concepts at a high level is one thing. Properly implementing the model can be much more challenging. This presentation will therefore examine each of the requirements for adopting a Zero Trust model across the entire security stack. Key considerations as you plan your Zero Trust programs will be covered in detail along with the benefits of a platform versus fragmented approach to establishing a mature Zero Trust architecture.
8:30 amMeasuring Defense With OffenseUnderstand how to make ATT&CK actionableCybersecurity Engineer, MITRERegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 102Measuring Defense with Offense will outline how to effectively assess an organization or security product via a common framework – specifically the ATT&CK knowledge base and adversary emulation.
8:30 amVetting Your VendorsUnderstanding the “Chain of Control” of Data, Security Pitfalls in Third-Party Contracts and Service AgreementsFounding Partner & Owner, Fischer Law, LLCRegistration Level:8:30 am - 9:15 amOne of the most important considerations in cybersecurity does not involve your own direct network security; it involves your partners and vendors. In the world of cybersecurity, you are only as strong as the weakest link in your vendor chain. The ease, convenience and cost effectiveness of outsourcing certain business functions frequently overshadows the potential pitfalls lurking in using outside third-parties and vendors. This presentation will discuss the steps your organization needs to take to ensure that any partners or vendors with access to your network systems or company data are meeting (at least) a minimum level of security requirements.
9:00 amExhibitor Hall openRegistration Level:- Open Sessions
9:00 am - 3:00 pmLocation / Room: Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
9:30 amOPENING KEYNOTE: The Evolving Role of CISOs and Their Importance to the BusinessChairman and Founder, Ponemon InstituteRegistration Level:- Open Sessions
9:30 am - 10:15 amLocation / Room: Keynote TheaterWhat is a CISO and what do they do? As the leader of cyber defense for an organization, the CISO is rapidly becoming indispensable for an organization’s survival. This presentation is based on interviews with senior level IT professionals at 184 companies in seven countries. The goal of the research is to better understand how CISOs work, what their concerns are, and how they are improving their effectiveness in managing risks to the enterprise.
10:15 amConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
10:15 am - 11:15 amLocation / Room: Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
11:00 amAdvisory Council Roundtable - (VIP / Invite Only)Registration Level:- VIP / Exclusive
11:00 am - 12:00 pmLocation / Room: 109This session is for our Advisory Council / VIP only.
11:15 amThe Gosh Darn Privacy Regulation (GDPR)CISO & VP, Information Security & Risk Management, Bright HorizonsRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 103What you don’t know can hurt you. If you process any personal information from the European Union, then you need to worry about the Gosh Darn Privacy Regulation (GDPR). If you think you do not? How sure are you about that?
11:15 amTrials and Tribulations of Identity Access ManagementLock it down! Making sure access is granted only to those who need it without losing your mind.Registration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 102Logical security is a key aspect of securing our environments, however it’s also known as the low hanging fruit of issues companies are facing in 2018. This discussion will focus on outlining the various components of a well secured IAM program and where to start and baby steps to lock down your enterprise. We’ll also discuss various industry tools to help automate these processes.
11:15 amWombat: State of the Phish™ 2018: – What Your Peers Are Doing to Reduce Successful Phishing AttacksChief Architect, Wombat Security, a division of ProofpointRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: 110Join Wombat Security Technologies’ Vice President of Marketing, Amy Baker, as she discusses key findings from the 2018 State of the Phish™ Report. In this session you will gain insight into current vulnerabilities, industry-specific phishing metrics, and emerging threats. This collection of data is taken from tens of millions of simulated phishing attacks sent through Wombat’s Security Education Platform over a 12-month period, responses from quarterly survey’s, and an international survey of working adults who were queried about social engineering threats and their cybersecurity behaviors.
11:15 amIt’s Not You, Job Searching is Broken!Job seeking and hiring processes are broken, let’s solve this problem; it’s a matter of national security.Founder and CEO, CyberSN and Secure DiversityRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 104Cybersecurity professionals know that most recruiters do not speak cybersecurity and it causes passive cyber job seekers to pass over job postings, exacerbating the problem! Job postings do not accurately reflect responsibilities or jobs functions. Our community continues to posts the same five descriptions when there are at least 35 different job categories.
In this workshop Deidre Diamond (CyberSN Founder and CEO) will share tactics and advice for hiring and job searching in cybersecurity. Job seekers will be empowered to self-market, evaluate recruiters, ace interviews, and successfully negotiate salary and hiring managers will receive expert cybersecurity hiring advice.
11:15 amIOvations/Check Point: Cloudy with a Chance of BreachStrategic Engineering Manager, Check Point Software Technologies, Inc.Registration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: 111Lessons learned and takeaways from our 250 most recent incident response cases related to migration to the cloud.
12:00 pmAdvisory Council Roundtable Lunch (VIP / Invite Only)Registration Level:- VIP / Exclusive
12:00 pm - 1:00 pmLocation / Room: 109Moderated discussion for SecureWorld Advisory Council members. By invite only.
12:15 pm[LUNCH KEYNOTE] Radware: The 10 Immutable Security Facts for 2020Security Evangelist, North America, RadwareRegistration Level:- Open Sessions
12:15 pm - 1:00 pmLocation / Room: Keynote TheaterA presentation of top 10 security facts that will disrupt established application and infrastructure security practices. A discussion centered around questions everyone is or should be asking in 2020:
- What is the attack surface of the public cloud?
- Why are NIDs, HIDs, and flow collectors not adapted for cloud based infrastructure and applications?
- How to protect APIs and cloud native applications running in dynamic, end-to-end encrypted service meshes?
- What is Next Gen WAF and when should I consider it?
- What are automated threats and how to protect against the 4th generation bots?
- Is deep learning an inexorable technology as attackers get automated and attacks more sophisticated?
- What will be the impact of 5G on application security and availability?
Presentation outline
A top 10 is subjective in nature, but it wasn’t just pulled out of thin air. The 10 facts are based on trends in recent threats, my own security research, and discussions with CISOs and security leaders.The Top 10 security facts for 2019/2020:
- The Attack Surface of the Public Cloud is defined by Permissions
- The Insider thread of the Public Cloud is the Outsider
- HIDs, NIDs, and Flow Collectors are pointless for Securing Cloud-based Applications
- WAF does not keep up with Cloud Native Applications
- East-West Traffic is getting Encrypted
- Attackers are getting Automated
- Attacks are getting more Sophisticated
- APIs are the new Front-end
- Machine and Deep Learning become essential for Threat Detection
- 5G will fuel the next IoT Explosion
Starting the discussion with an overview of the current threat landscape, illustrating with real-world incidents in following categories:
1. Cloud infrastructure abuse
2. Data breaches through publicly exposed S3 buckets
3. Ransom of poorly secured cloud data services
4. Cloud Infrastructure owning and wiping
5. Cloudification of DDoS attacks
6. Automated threatsA quick run through of the top 10 security facts.
The rest of the discussion will lead to the 10 facts and is organized in 4 chapters, each centering around a top of mind topic:
- Migrating to the cloud
- Cloud Native Applications
- Automated Threats
- 5G/IoT Intersection
Each chapter is summarized with the top security facts that were demonstrated throughout the discussion
1:15 pmPanel: Access Control – The End of the Password?Registration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: Keynote Theater“Open Sesame!” Whether you recognize the term coming from Ali Baba or one of the forty thieves, this timeless password ranks up there with “password123” or “admin” on your home wireless router. Passwords were created to keep us safe or keep something safe for us. Back in the day you were able to look the person in the eye when they said the password. You knew (roughly) what you were getting, and you could perform a risk assessment (of sorts) on the speaker. Now, with some many ways at getting our information, the password is going the way of the dodo. Is 2FA good enough? Zero Trust? Pass phrases? Perhaps your own voice is the password? I don’t know the answer, but I’d be willing to bet that some of the experts on this panel will be able to help you decide what to do with the password dilemma.
1:15 pmPanel: The Battle for the Endpoint Continues (Endpoint Security)Registration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: 103What are you doing to keep the network safe for your employees? You’ve got your fancy next-gen firewall and some A/V, maybe even some biometrics or 2FA thrown in for safekeeping. We also keep hearing the IAM acronym thrown around. And what is Zero Trust? What are you missing? Oh, yeah… remote workers and IoT. Wouldn’t it be cool if you had someone to ask? Now you do. This panel will go through these questions and more. Join the group discussion as we address the challenges in endpoint and network security.
1:15 pmArbor Networks: Your DDoS OpportunitySr. Partner, Consulting Engineer, Arbor NetworksRegistration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: 104The nature of cybersecurity risk is constantly an unknown, or an approximation at best. With the possibility of DDoS as a smoke screen for a more damaging attack, businesses can no longer consider DDoS attacks as isolated or harmless events. DDoS attacks that coincide with network intrusion attempts, false logs, planted malware, and other indicators of compromise are not coincidental or accidental. Instead, businesses must consider a DDoS attack to be a sign of true danger.
1:15 pmTrend Micro: Preparing Your Business for GDPR ComplianceVP, Infrastructure Strategies, Trend MicroRegistration Level:- Open Sessions
1:15 pm - 2:00 pmLocation / Room: 102The EU General Data Protection Regulation will soon be in effect for all businesses with access to the personal data of EU citizens. Join William Malik as he explores the concept of privacy and how its evolution has been spurred by technological disruptions throughout modern history. Examine key highlights in the journey of GDPR preparation – including assessing organizational risks, tackling high-volume data sources, designing a remediation strategy and leveraging your successes to build your brand and reputation. Special attention must be paid to the implications of GDPR on blockchain deployments, as well.
2:15 pmConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
2:15 pm - 3:00 pmLocation / Room: Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
2:30 pmDash for Prizes & CyberHuntRegistration Level:- Open Sessions
2:30 pm - 2:45 pmLocation / Room: Exhibitor FloorBe sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win
3:00 pmParenting in the Digital Age: What’s New, What’s Now, What’s Next?CEO, KL Greer Consulting, Featured on: CNN, The O'Reilly Factor, Inside Edition, The Huffington Post, TIME Magazine, USA Today and moreRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 103Studies show that kids ages 8-18 are spending an average of 7.5 hours a day in front of some screen. Today, working with and keeping our youth safe means being constantly aware of what they’re doing online. Discover and learn about the latest trends in social media and digital safety, along with how to facilitate a healthy relationship with technology.
3:00 pmMedical Device CybersecurityPractical information on the evolving medical device cybersecurity ecosystemSr. Principal Cybersecurity Engineer, MITRESr. Principal Scientist, MITRERegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 102The recent escalation of cyber-attacks and the potential for combined cyber and physical attacks means the healthcare industry must better secure itself. We’ll describe “whole of community” approaches to medical device vulnerability management and proactively developing regional plans that integrate cyber into overall emergency preparedness and response.
3:00 pmTerrorism – What the Average Citizen Should KnowCIO & CISO, BTE PartnersRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 104This presentation will look at understanding terrorist networks and why these individuals are so hard to find.
3:00 pmWe Only Have One JobA lighter presentation of the serious issues we encounter every day.CISO, Cyber Guide LLCRegistration Level:- Open Sessions
3:00 pm - 3:45 pmLocation / Room: 110Everything is so serious about Information/Cyber Security but there are times we just need to Laugh.
A lighter presentation of the serious issues we encounter everyday.
- A10 NetworksBooth: 144
A10 Networks (NYSE: ATEN) is a Secure Application Services™ company, providing a range of high-performance application networking solutions that help organizations ensure that their data center applications and networks remain highly available, accelerated and secure.
- AccessIT Group + Check PointBooth: 333
AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.
AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.
- ARMA BostonBooth: 378
ARMA International is a not-for-profit organization representing the RIM profession. Its primary purpose is the advancement of the profession and the professional through advocacy, education and professional development.
ARMA International members include records and information managers, MIS and ADP professionals, imaging specialists, archivists, hospital administrators, legal administrators, librarians, corporate counsel, compliance professionals, and educators. ARMA, its chapters, and its members are dedicated to helping individuals, organizations, and government agencies successfully meet the challenges of the increasingly complex records and information management field.
- ACP – Greater BostonBooth: 376
ACP is a professional organization that provides a forum for the exchange of information and experiences for business continuity leaders. We serve the greater Boston area, including Rhode Island and southern New Hampshire. Meetings are held on the second Wednesday of every month (except July & August). We invite you to attend our next meeting.
- Alert LogicBooth: 450
Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.
- AnomaliBooth: 116
Anomali delivers earlier detection and identification of adversaries in your organizations network by making it possible to correlate tens of millions of threat indicators against your real time network activity logs and up to a year or more of forensic log data. Anomali’s approach enables detection at every point along the kill chain, making it possible to mitigate threats before material damage to your organization has occurred.
- Arctic Wolf NetworksBooth: 396
Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOC™ service is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting, and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit https://www.arcticwolf.com.
- HPE Aruba NetworkingBooth: 322
At Aruba, a Hewlett Packard Enterprise company, we believe the most dynamic customer experiences happen at the Edge—an office, a hospital, a school, or at home. It’s anyplace work gets done and data is generated by users, devices, and things across your network. Our mission is to help customers capitalize on these opportunities by providing secure edge-to-cloud networking solutions. We use AI-based machine learning to deliver simpler, faster, and more automated networks that analyze data to help businesses thrive.
- ASISBooth:
ASIS International is the world’s largest membership association for security professionals. With hundreds of chapters across the globe, ASIS is recognized as the premier source for learning, networking, standards, and research. ASIS ensures its members and the security community have access to the intelligence and resources necessary to protect their people, property, and information assets. www.asisonline.org
- baramundi software USA, Inc.Booth: 330
baramundi Software provides companies and organizations with efficient, secure, and cross-platform management of workstation environments.
The baramundi Management Suite (bMS) combines all important features for Endpoint Management: Patch Management, Software Deployment, OS-Installation, Enterprise Mobility Management, Vulnerability Assessment, and more. bMS optimizes IT management processes by automating routine tasks and providing an extensive overview of the status of the network and endpoints. In doing so, it relieves pressure on IT administrators and ensures that users always have the necessary rights and applications on all platforms and form factors; whether on PCs, servers, notebooks, mobile devices or Macs.
Over 3,000 customers around the world benefit from nearly two decades of experience and the easy-to-use software solution.
- BarklyBooth: 354
Barkly is advancing endpoint security with the strongest, smartest protection delivered with simplicity. The Barkly Endpoint Protection Platform provides multi-vector attack blocking for exploits, scripts, executables, ransomware, and more, and has visibility into all levels of the system, including the CPU. Barkly is formed by an elite team of security and SaaS experts from IBM, Cisco, and Intel, backed by investors NEA and Sigma Prime, and independently certified for anti-virus replacement, HIPAA, PCI DSS & NIST. Learn more by visiting us at www.barkly.com, or follow us on Twitter @BarklyProtects.
- Bay Pay ForumBooth: TBD
The BayPay Forum, a Silicon Valley-based international network composed of over 14,000 payment and commerce executives, entrepreneurs and investors from thousands of different companies, serves as a forum to connect members in identifying and understanding the emerging trends and innovations in the industry.
- Big Switch NetworksBooth: 360
Big Switch Networks is the next-gen networking company. Big Monitoring Fabric is an NPB that enables pervasive visibility and security across all workloads: physical, VM , container or cloud. Big Mon Inline enables pervasive security in the DMZ while offering lower-cost and SDN-centric operational simplicity. Tech partnerships include: A10, Palo Alto Networks, Symantec, FireEye, ExtraHop, Riverbed.
- Binary DefenseBooth: 316
Binary Defense is a managed security services provider and software developer with leading cybersecurity solutions that include SOC-as-a-Service, Managed Detection & Response, Security Information & Event Management, Threat Hunting and Counterintelligence. Binary Defense believes its unique approach resolves infosec’s biggest challenges such as limited in-house security expertise, lack of innovative resources and the significant budgetary and time investment required to ensure protection from today’s threats.
- BitSightBooth: 119
BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog, or follow @BitSight on X.
- BOMGARBooth: 510
Bomgar offers the most secure remote access and support technology on the planet. Each encrypted connection is outbound, so you can connect without VPN or firewall changes. You can leverage Active Directory and LDAPS to manage authentication, require multi-factor authentication, define more than 50 permissions for technicians and privileged users, and capture a detailed audit log of every remote connection.
- Secure DiversityBooth: 432
Seecure Diversity is an innovative non-profit organization with leaders that think out of the box who have created strategies & solutions in placing qualified women and underrepresented humans into cybersecurity roles. We foster gender diversity, equity, and inclusion in the cybersecurity industry through conferences, networking, mentoring, professional development, and community outreach. One of our primary goals is to raise awareness and increase the number of women and underrepresented humans in the cybersecurity workforce. Founded in 2015 by Deidre Diamond; our mission is the equal representation of women and men in the cybersecurity workforce by engaging and collaborating with organizations and businesses to improve the recruitment and retention of women; utilize marketing and social media platforms to raise awareness of women in cybersecurity careers; remove cybersecurity institutional barriers and innovate new strategies to leverage existing resources.
- BrinqaBooth: 420
Brinqa is a leading provider of unified risk management – enabling stakeholders, governance organizations, and infrastructure and security teams to effectively manage technology risk at the speed of business. Brinqa software and cloud services leverage an organization’s existing investment in systems, security, and governance programs to identify, measure, manage and monitor risk. With Brinqa, organizations are reducing response time to emerging threats, impact to business, and technology risk and compliance costs by over 50% through real-time risk analytics, automated risk assessments, prioritized remediation, actionable insights and improved communication.
- Bugcrowd Inc.Booth: 452
By combining the world’s most experienced team of bounty experts and the market’s only enterprise-grade bug bounty platform, Bugcrowd connects organizations to a global crowd of trusted security researchers to identify vulnerabilities—before the adversaries do.
- CA TechnologiesBooth: 160
CA Technologies helps customers succeed in a future where every business— from apparel to energy— is being rewritten by software. With CA software at the center of their IT strategy, organizations can leverage the technology that changes the way we live— from the data center to the mobile device.
Our business management software and solutions help our customers thrive in the new application economy by delivering the means to deploy, monitor and secure their applications and infrastructure. Our goal is to help organizations develop applications and experiences that excite and engage and, in turn, open up money-making opportunities for their businesses.
- Carbon BlackBooth: 320
Carbon Black is Transforming Security Through Big Data and Analytics in the Cloud Growing trends in mobility and cloud have made the endpoint the new perimeter. New and emerging attacks are beating traditional defenses, and security teams are too reactive and held back by their technologies. Carbon Black is leveraging the power of big data and analytics to solve the challenges surrounding endpoint security. With the Cb Predictive Security Cloud platform, we are transforming cybersecurity to deliver a new generation of cloud-delivered security solutions designed to protect against the most advanced threats.
- Cayden SecurityBooth: 603
Cayden Security is a cybersecurity, IT risk management and compliance solutions provider with over 13 years of experience and partnerships. We provide cybersecurity products and consulting, as well as turnkey managed security services for third-party risk. We focus on your cybersecurity, IT risk management and compliance needs, so you can focus on your business.
- CentrifyBooth: 380
Centrify provides unified identity management across data center, cloud and mobile environments. Centrify software and cloud-based Identity-as-a-Service (IDaaS) solutions leverage an organization’s existing identity infrastructure to enable single sign-on, multi-factor authentication, privileged identity management, auditing for compliance and mobile device management.
Centrify customers can typically reduce their total cost of identity management and compliance by more than 50 percent. - Cloud Security Alliance (CSA)Booth:
The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.
- CIOReviewBooth: TBD
CIOReview is a technology magazine that talks about the enterprise solutions that can redefine the business goals of enterprises tomorrow. It is the leading source that shares innovative enterprise solutions developed by established solutions providers, upcoming hot enterprises and is a neutral source for technology decision makers. Published from Fremont, California, CIOReview is an excellent platform for the enterprise to showcase their innovative solutions.
- CrowdStrikeBooth: 114
CrowdStrike sets the standard for cybersecurity in the cloud era. The CrowdStrike Falcon® platform protects and enables the people, processes, and technologies that drive modern enterprise, delivering superior protection, better performance, reduced complexity, and immediate time-to-value. CrowdStrike secures the most critical areas of enterprise risk—endpoints and cloud workloads, identity, and data—to keep organizations ahead of today’s adversaries and stop breaches.
- CSPiBooth: 334
At CSPi we are committed to helping our customers meet some of computing’s most demanding performance, availability and security challenges.
Today’s security teams receive a great deal of real-time information and intrusion alerts, generated from their security equipment and tools; yet, the volumes of data make it make it nearly impossible for incident response teams to validate a data breach. With our Myricom nVoy Series solution we offer our customers a new approach to cyber threat identification and investigation – a rapid breach response solution that identifies alerts associated with a specific asset and provides an extraction of the entire set of conversations associated with that breach.This detailed data is crucial in performing timely and accurate analysis needed to comply with data-privacy regulations such as GDPR, PCI DSS, HIPPA, SOX, and 48 different U.S. state laws related to PII.
- CyberArk SoftwareBooth: 324
CyberArk (NASDAQ: CYBR) is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including 50 percent of the Fortune 500, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.
- CybereasonBooth: 166
Cybereason was founded in 2012 by a team of ex-military cybersecurity experts with the mission of detecting and responding to complex cyber-attacks in real time. Cybereason is the only Endpoint Detection and Response platform deployed in user space that detects both known and unknown attacks and connects isolated indicators of compromise to form a complete, contextual attack story. Cybereason’s behavioral analytics engine continuously hunts for adversaries and reveals the timeline, root cause, adversarial activity, related communication and affected endpoints and users of every attack. Cybereason provides security teams with actionable data, enabling fast decision making and proper response.
- CyberSaintBooth: 119
CyberSaint Security helps organizations streamline cybersecurity risk and compliance through its automated, intelligent integrated risk management platform. Based in Boston, Massachusetts, our team’s intellectual DNA winds deeply through leading academic, tech and investment communities, the White House, RSA, IBM, EMC, KPMG, MIT, Harvard, and more. With CyberStrong, CISOs’ cybersecurity programs are as actionable and measurable as any other business function, and security and business leaders align to build cybersecurity resilience and boost productivity. Our mission is to empower organizations to manage cybersecurity as a business function through the adoption of powerful technology that enables measurement, enhances communication and improves resiliency.
- CylanceBooth: 146
Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.
- DarktraceBooth: 312
Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.
The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.
- Delta RiskBooth: 130
Delta Risk is breaking the mold for managed security, delivering Security Operations Center (SOC)-as-a-Service and security services that bridge the gap to a modern security approach. We enable any size organization to leverage our expert security operations team and respond to endpoint, network, and cloud security threats 24×7. ActiveEye, our proprietary platform, uses Security Orchestration Automation and Response (SOAR) to cut through the noise and address the most critical threats faster. The ActiveEye Portal is the cornerstone of our customer-centric approach, providing clients a transparent view into SOC activities and Key Performance Indicators (KPIs) that demonstrate the value of our co-managed security approach.
- DemistoBooth: 337
Demisto is the only Security Orchestration, Automation and Response (SOAR) Platform that combines orchestration, incident management and interactive investigation into a seamless experience. By using Demisto, security teams can build future-proof security operations to reduce MTTR, create consistent incident management processes, and increase analyst productivity.
- Digital GuardianBooth: 381
Digital Guardian provides the industry’s only threat aware data protection platform that is purpose built to stop data theft from insiders and outside adversaries. The Digital Guardian platform performs across the corporate network, traditional endpoints, mobile devices and cloud applications and is buttressed by a big data security analytics cloud service, to make it easier to see and block all threats to sensitive information.
- Digital ShadowsBooth: 152
Digital Shadows monitors and manages an organization’s digital risk, providing relevant threat intelligence across the widest range of data sources within the open, deep, and dark web to protect their brand, and reputation.
- DuoBooth: 150
Duo was founded with the belief that security can only be effective if it is easy to use. Through that vision, Duo has built a world-class security platform that is actually enjoyable to use. Duo supports thousands of customers and millions of users in organizations like Accenture, Boston Medical, Emblem Health, Facebook, Toyota, Twitter, Virginia Tech, Yelp and others, and enjoys the highest NPS score in the industry.
- EC-CouncilBooth: TBD
International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.
- EndgameBooth: 372
Organizations spent $75 billion on security last year, yet they still face breaches at an alarming rate. Endgame exists to transform that paradigm and not accept breaches as the status quo.
To solve these challenges, we can’t apply the same people, processes and technology and expect different results.
We bring to bear the best across enterprise tech, security domain expertise, data science, user experience, and academia to challenge the industry-standard of what makes a good security product.
That’s what we’re doing everyday at Endgame.
- enSiloBooth: 374
enSilo protects businesses around the world from data breaches and disruption caused by cyber attacks. The enSilo Endpoint Security Platform comprehensively secures endpoints in real-time pre- and post-infection without alert fatigue, excessive dwell time or breach anxiety while also containing incident response costs by orchestrating automated detection, prevention and incident response actions against advanced malware. enSilo’s patented approach stops advanced malware with a high degree of precision, provides full system visibility and an intuitive user interface and combines next-generation antivirus (NGAV), application communication control, automated endpoint detection and response (EDR) with real-time blocking, threat hunting, incident response, and virtual patching capabilities in a single agent. The platform can be deployed either in the cloud or on-premises and supports multi-tenancy.
- Envision Technology AdvisorsBooth: 384
Envision Technology Advisors is a business and technology consultancy specializing in Digital Transformation, Cybersecurity, Business Continuity, Infrastructure Consulting, Web Design and Development, and much more. With offices in Rhode Island and the Boston area, Envision serves clients throughout New England and beyond.
- ExabeamBooth: 124
Exabeam is a global cybersecurity leader that adds intelligence to every IT and security stack. The leader in Next-gen SIEM and XDR, Exabeam is reinventing the way security teams use analytics and automation to solve Threat Detection, Investigation, and Response (TDIR), from common security threats to the most critical that are difficult to identify. Exabeam offers a comprehensive cloud-delivered solution that leverages machine learning and automation using a prescriptive, outcomes-based approach to TDIR. We design and build products to help security teams detect external threats, compromised users and malicious adversaries, minimize false positives and best protect their organizations.
- Extreme NetworksBooth: 418
Extreme Networks delivers software-driven networking solutions that help IT departments everywhere deliver the ultimate business outcome: stronger connections with customers, partners and employees. Wired to wireless, desktop to data center, on premise or through the cloud, we go to extreme measures for our customers, delivering 100% insourced call-in technical support.
- Fidelis CybersecurityBooth: 339
Fidelis Cybersecurity is a leading provider of threat detection, hunting and response solutions. Fidelis combats the full spectrum of cyber-crime, data theft and espionage by providing full visibility across hybrid cloud / on-prem environments, automating threat and data theft detection, empowering threat hunting and optimizing incident response with context, speed and accuracy.
By integrating bi-directional network traffic analysis across your cloud and internal networks with email, web, endpoint detection and response, and automated deception technology, the Fidelis Elevate platform captures rich metadata and content that enables real-time and retrospective analysis, giving security teams the platform to effectively hunt for threats in their environment. Fidelis solutions are delivered as standalone products, an integrated platform, or as a 24×7 Managed Detection and Response service that augments existing security operations and incident response capabilities. Fidelis is trusted by Global 1000s and Governments as their last line of defense. Get in the hunt. For more information go to www.fidelissecurity.com.
- FireEyeBooth: 106
FireEye (https://www.fireeye.com/) is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 7,100 customers across 67 countries, including more than 45 percent of the Forbes Global 2000.
- ForcepointBooth: 118
Forcepoint is transforming cybersecurity by focusing on what matters most: people’s behavior as they interact with critical data and systems. Forcepoint behavior-based solutions adapt to risk in real time and are delivered via a converged security platform, protecting the human point for thousands of enterprise and government customers. Our solutions include Cloud Security, Network Security, Data & Insider Threat Security.
- ForeScout Technologies, Inc.Booth: 162
ForeScout Technologies, Inc. has pioneered an agentless approach to network security to address the explosive growth of the Internet of Things (IoT), cloud computing and operational technologies (OT). We offer a highly scalable, heterogeneous platform that provides Global 2000 enterprises and government agencies with agentless visibility and control of today’s vast array of physical and virtual devices the instant they connect to the network. Our technology continuously assesses, remediates and monitors devices and works with disparate security tools to help accelerate incident response, break down silos, automate workflows and optimize existing investments. As of June 30, 2018, more than 2,900 customers in over 80 countries improve their network security and compliance posture with ForeScout solutions.
- FortinetBooth: 104
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.
- Garland TechnologyBooth: 119
Garland Technology provides the foundation to network visibility with a range of network TAPs and packet brokers. Our products deliver effective physical layer access for in-line and out-of-band monitoring solutions providing you access and visibility to see every bit, byte, and packetⓇ.Let us design your visibility plane, connecting your network and security tools.
- GemaltoBooth: 148
Today’s enterprises depend on the cloud, data and software to make decisive decisions. That’s why the most respected brands and largest organizations in the world rely on Thales to help them protect their most sensitive information and software wherever it is created, accessed or stored – from the cloud and data centers to devices and across networks. As the global leader in cloud and data protection, our solutions enable organizations to move to the cloud securely, achieve compliance with confidence, and create more value from their software in the devices and services used by millions of consumers every day.
- Gemini DataBooth: 108
Gemini provides Continuous Data Analysis. We translate data into knowledge using machine reasoning. With Gemini Enterprise, gain enterprise knowledge and awareness, focus on AI-powered analysis, and simplify management of big data platforms. Designed for modern architectures, Gemini Enterprise reduces complexity in the cloud or on premises. Gemini Data was founded and built by experts from Splunk, ArcSight, and RSA that understand the importance of building awareness across the enterprise. Find more information at geminidata.com or follow us on Twitter @geminidataco.
- GigamonBooth: 394
Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com.
- GreatHornBooth: 356
GreatHorn is the leading next generation email security platform that protects organizations using Office 365 and G Suite from advanced threats, including targeted phishing attacks, business email compromise, malware and ransomware. Cloud native and built on machine learning and automation, GreatHorn delivers the industry’s most effective email security solution.
- Global Cyber AllianceBooth:
The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org
- GuidePoint Security LLCBooth: 118
GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com
- HTCIABooth: 602
Investigators on the Leading Edge of Technology
The High Technology Crime Investigation Association (HTCIA) was formed to provide education and collaboration to our global members for the prevention and investigation of high tech crimes. As such, we are an organization that aspires to help all those in the high technology field by providing extensive information, education, collective partnerships, mutual member benefits, astute board leadership and professional management. Association Mission: Provide education and collaboration to our global members for the prevention and investigation of high tech crimes.
- HUB TechBooth: 126
HUB Tech partners with its clients becoming part of their support team. We work beside you to ensure you have a strategy that allows you to transform your Information infrastructure to keep up with the needs of your organization and your users. We have developed proprietary tools and strategies that have enabled us to lower cost and increase the quality of service to our client base, especially to state agencies, municipalities and school districts, where cost is a deciding factor in everyday decision making.
Our mission is simple – to take full ownership for all that we do, to protect those who trust in us, and to make lifelong clients from every customer contact.
- IBM ResilientBooth: 182
In an industry focused on building walls, IBM Security is focused on creating an open, connected security ecosystem that leverages AI, cloud, orchestration and collaboration to help clients improve compliance, stop threats and grow their businesses securely. Our strategy reflects our belief that today’s defenses will not suffice tomorrow. It challenges us to approach our work, support our clients and lead the industry, allowing you to be fearless in the face of cyber uncertainty.
- Institute of Internal Auditors (IIA)Booth:
Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.
- InfraGard BostonBooth:
InfraGard is a United States government (FBI) and private sector alliance. InfraGard Boston was developed by the Boston FBI office in 1998 to promote protection of critical information systems. InfraGard provides formal and informal channels for the exchange of information about infrastructure threats and vulnerabilities. The purpose of the synergistic exchange is to allow members to better protect themselves and their corporate interests while enhancing the ability of the United States government to provide national security.
- Integration PartnersBooth: 406
We know and understand you have options when choosing the right partner. Networking technology alone isn’t a differentiator, it’s how we do business with you. We’ve curated the best solutions not just to support IT needs, but to support your business strategy. Our culture is one that influences the customer experience. We never stop improving, and so we will never let you fall behind. From this simple and often overlooked practice, we believe the greatest customer relationships come from our mutual and shared strategies. Now just think… WHAT’S POSSIBLE.
- IntraSystemsBooth: 408
IntraSystems is a highly respected IT consulting company, managed services provider, and systems integrator that specializes in the deployment and delivery of IT infrastructure, virtualization services, security, and cloud solutions. IntraSystems has the proven expertise in solving the many technology challenges that companies face today, such as keeping up with the evolving security landscape, migrating to the cloud, and compliance requirements.
- IntSightsBooth: 110
IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the open, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world.
- iovationBooth: 310
iovation protects online businesses and their end users against fraud and abuse, and identifies trustworthy customers through a combination of advanced device identification, shared device reputation, device-based authentication and real-time risk evaluation. More than 3,500 fraud managers representing global retail, financial services, insurance, social network, gaming and other companies leverage iovation’s database of billions of Internet devices and the relationships between them to determine the level of risk associated with online transactions. The company’s device reputation database is the world’s largest, used to protect 15 million transactions and stop an average of 300,000 fraudulent activities every day. The world’s foremost fraud experts share intelligence, cybercrime tips and online fraud prevention techniques in iovation’s Fraud Force Community, an exclusive virtual crime-fighting network.
- IOvationsBooth: 376
IOvations, founded in 2006, is a value added reseller focused on protecting the data, infrastructure and applications of our customers through a combination of services and products that extend to the end point, traditional network and cloud environment. Some of the things that make us unique include multiple industry awards, a long history of working with clients who appreciate how easy we are to work with, and our strong engineering expertise providing value and thought leadership.
- iRobotBooth: 602
iRobot, the leading global consumer robot company, designs and builds robots that empower people to do more both inside and outside of the home. iRobot’s products, including the award-winning Roomba® Vacuuming Robot and the Braava® family of mopping robots, have been welcomed into millions of homes around the world and are hard at work every day helping people to get more done.
- ISACABooth: 392
As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.
- ISC2Booth: 390
ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, ISC2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation, The Center for Cyber Safety and Education™.
- ISSA New EnglandBooth: 374
The Information Systems Security Association (ISSA) is an international organization providing educational forums, publications, and peer interaction opportunities that enhance the knowledge, skills, and professional growth of its members’ information security professionals. The primary goal of ISSA is to promote management practices that will ensure availability, integrity, and confidentiality of organizational resources.
Since its inception in 1982, ISSA’s membership has grown to include more than 100 chapters around the world with members who represent a diverse collection of organizations, including major U.S. and international corporations, leading consulting firms, world-class educational institutions, and government agencies. From EDP audit and corporate security to contingency planning and disaster recovery, ISSA members are committed to protecting their organizations’ assets and resources.
Visit the National Headquarter’s website at www.issa.org.
- Ixia, a Keysight BusinessBooth: 404
We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.
- JaskBooth: 186
JASK was founded in 2016 and is headed by industry leaders with decades of experience solving real-world SOC issues.
With a mission to address the security gaps that restrict security modernization efforts, JASK’s world-class engineering and data science teams apply decades of hands-on experience to drive advancements in autonomous SOC technology.
Backed by Battery Ventures, Dell Technology Ventures, TenEleven and Vertical Venture Partners, JASK is modernizing SOC operations for companies across the financial services, telecommunications, healthcare and government industries.
- Jazz NetworksBooth: 412
Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.
- JuniperBooth: 128
Our customers don’t set out to build networks. They build on ideas that reinvent, reimagine, and improve the world around them. It makes sense that we should begin there, too.
Through our passion for creating high-performing networks, Juniper extends knowledge, collaboration, and human advancement in industries around the world—such as energy, healthcare, education, and many others.
While our innovative product and services portfolio evolves continuously, we need to reach farther to secure our customers’ long-term success. We’re looking beyond the horizons of today’s business challenges, and the technology future we see is built on real-time service integration. That means everything we develop must align with our vision.
- KasperskyBooth: 421
We’re an independent global cybersecurity company that empowers people to make the most of technology and the endless opportunities it brings. Backed by our deep threat intelligence, security and training expertise, we give businesses the power to stay safe—and the confidence to accelerate their own success. With insights gained from our unique international reach, we secure consumers, governments and more than 270,000 organizations. We’re proud to be the world’s most tested and awarded cybersecurity, and we look forward to keeping your business safe. Bring on the future.
- LastlineBooth: 189
Lastline delivers innovative AI-powered network security that detects and defeats advanced threats entering or operating within a network. We protect network, email, cloud, and web infrastructures, minimizing the risk of damaging and costly data breaches with fewer resources and at lower cost.
- LastPassBooth: 132
LastPass is an award-winning password manager helping millions organize and protect their online lives, at home and at work. For businesses of all sizes, LastPass provides secure password storage and centralized admin oversight to reduce the risk of data breaches and remove password obstacles for employees. With customizable policies, secure password sharing, and comprehensive user management, LastPass gives IT the tools to strengthen password hygiene across the organization. Founded in 2008, LastPass is a product of LogMeIn (NASDAQ:LOGM).
- Military Cyber Professionals Association (MCPA)Booth: 371
The Military Cyber Professionals Association is dedicated to developing the American military cyber profession and investing in our nation’s future through STEM education. We are working towards an American military cyber profession that is accomplishing what our nation needs, expects, and deserves. Our goal is to secure cyberspace for military, economic, and private individual pursuits.
- Menlo SecurityBooth: 142
The Menlo Security approach delivers 100% safety via isolation — stopping the never-ending search for risky content, while delivering a seamless end-user experience. Deployed in a public or private cloud, the Menlo Security Isolation Platform reduces security complexity and increases scale by eliminating end-point software and out-dated appliances.
- MimecastBooth: 342
Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.
- <Booth: TBD
- NetaniumBooth: 119
Netanium is a trusted, Information Security consultant and solution provider, focused on helping organizations to overcome resource constraints & streamline their evolving security programs.
Netanium works with organizations to streamline the technologies and processes that best fits its current infrastructure, resources, and security strategy. Netanium has over 15 years of experience focused on data management and managing cybersecurity risk. - NETSCOUT ArborBooth: 368
For 15 years, the world’s leading network operators across ISP, cloud and enterprise markets have relied on NETSCOUT Arbor for traffic visibility, advanced threat detection and DDoS mitigation. Through a combination of market-leading technology, elite security research, intuitive workflows and powerful data visualizations, NETSCOUT Arbor allows you to efficiently connect the dots to understand attack activity and to take action with confidence. See the threat, understand the risk and protect your business with NETSCOUT Arbor.
- NetskopeBooth: 122
The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.
- NexumBooth: 508
Nexum, Inc. is a cybersecurity and networking company that builds and secures global networks for organizations across multiple verticals around the world. In addition to its Chicago headquarters, Nexum has sales, training and support presence in Kentucky, Michigan, New Hampshire, Ohio, and Wisconsin, as well as the Security and Network Operations Command Centers (SNOCC) in New Mexico and Illinois.
- OptivBooth: 411
Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.
- PKWAREBooth: 603
PKWARE protects the world’s data with smart encryption software and solutions. In use by more than 35,000 customers, including government agencies and global corporations, PKWARE’s easy-to-use security armors data itself and eliminates vulnerabilities wherever data is used, shared or stored.
PKWARE offers the only data discovery and protection solution that locates and secures sensitive data to minimize organizational risks and costs, regardless of device or environment. Our software enables visibility and control of personal data, even in complex environments, making PKWARE a global leader in data discovery, security, and compliance.
- ProofpointBooth: 350
Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.
Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.
- Qualys, Inc.Booth: 340
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 120 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.
- RadwareBooth: 328
Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.
- Rapid7Booth: 332
Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.
- Red RiverBooth: 314
Red River’s Security Practice has nearly 20 years of experience helping federal and enterprise customers strengthen their security stance with strategically-integrated data- and network-centric physical and cyber security solutions designed to protect critical assets, enable situational awareness and simplify security management. We not only hold the coveted Cisco Master Security Specialization, but our highly-certified experts use a balanced approach that blends leading-edge technology, systems, policies and proven processes to deliver secure, effective solutions that offer complete protection and long-term value to our customers.
- Recorded FutureBooth: 186
Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.
- Resolve SystemsBooth: 507
Resolve Systems was founded by individuals with extensive experience in working with IT Operations, Security Operations, Network Operations and Customer Care. We are convinced that these teams need a more holistic and systematic approach for applying automation in a broad way to all incident resolution procedures.
What makes us different is our ability to enable the automation of select steps in any engineer-driven resolution procedure, as well as embed specific content into any procedure on a step-by-step basis. The Resolve Software also includes real-time incident resolution collaboration, the ability to capture a record of every resolution, and a complete workflow for continuous procedure improvement.
- RookBooth: 452
Rook Security provides 24/7 Managed Detection and Response to prevent incidents from impacting business operations. We unite the brightest minds in digital defense with the most advanced, rapid-to-deploy technology to protect your organization. As a managed service, there is no need to worry about configuring, monitoring, or managing technology – our team does the hard part for you.
- RSA a Dell Technologies CompanyBooth: 156
RSA Business-Driven Security™ solutions provide organizations with a unified approach to managing digital risk that hinges on integrated visibility, automated insights and coordinated actions. With solutions for rapid detection and response, user access control, consumer fraud protection, and integrated risk management, RSA customers can thrive and continuously adapt to transformational change.
- SailPointBooth: 102
SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.
- SecurityScorecardBooth: 158
SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their third-parties through continuous, non-intrusive monitoring. SecurityScorecard’s proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Application Security, Malware, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Information.
- SecuronixBooth: 502
Securonix is redefining threat detection and response for today’s hybrid cloud, data-driven enterprise. Securonix Next-Gen SIEM and XDR are powered by the most advanced analytics and built on a scalable, flexible cloud native architecture. Securonix leverages behavioral analytics technology that pioneered the UEBA category to reduce noise, prioritize high fidelity alerts, and enable fast and precise response to insider and cyber threats.
- SentinelOneBooth: 338
SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.
- SIM BostonBooth: 386
At the Boston Chapter of SIM, we provide leading information technology executives, consultants, and academics with a place to share ideas. Our collaborative community shares best practices, trends and lessons learned for you: the person that is responsible for shaping and influencing the future of IT and IT management.
Our goal is to provide you with access to a robust community of the area’s top IT leaders so you can exchange ideas, share best practices, and stimulate your mind. As a senior-level IT profession providing both strategic and tactical direction to your division on a daily basis, you need someplace to turn for advice, answers, and guidance, too.
- Skybox SecurityBooth: 140
Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.
- SplunkBooth: 112
Splunk helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application incidents from becoming major issues, absorb shocks from digital disruptions and accelerate digital transformation.
- SSH Communications SecurityBooth: 410
As the inventor of the SSH protocol, we have a twenty-year history of leading the market in developing advanced security solutions that enable, monitor, and manage encrypted networks. Over 3,000 customers across the globe trust the company’s encryption, access control and encrypted channel monitoring solutions to meet complex compliance requirements, improve their security posture and save on operational costs. SSH Communications Security is headquartered in Helsinki and has offices in the Americas, Europe and Asia. The company’s shares (SSH1V) are quoted on the NASDAQ OMX Helsinki. For more information, visit www.ssh.com
- Sumo LogicBooth: 352
Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world.
- SymantecBooth: 154
Symantec is the world’s leading cyber security company. Organizations worldwide look to Symantec for strategic, integrated solutions to defend against sophisticated attacks, and more than 50 million people rely on Symantec’s Norton and LifeLock product suites to protect their digital lives at home. For more information, please visit www.symantec.com.
- TBG SecurityBooth: 422
TBG Security is your trusted advisor when it comes to cybersecurity. We have been providing risk management solutions since 2003 to ensure your business is minimizing uncertainty in an increasingly hostile information environment. Whatever the IT security goal, TBG Security’s Information Security Advisors work with you to determine your requirements and tailor a straightforward plan of action to improve your organizations overall security posture. Our continuous commitment to new technologies and decades of threat avoidance experience make us the first choice of Fortunre 1000 companies for cybersecurity consulting services.
- TechTargetBooth:
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- TenableBooth: 358
Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.
- ThalesBooth: 164
As the global leader in cloud and data protection, we help the most trusted brands and largest organizations in the world protect their most sensitive data and software, secure the cloud and achieve compliance through our industry-leading data encryption, access management, and software licensing solutions.
- ThreatConnectBooth: 501
Designed by analysts but built for the team, ThreatConnect’s intelligence-driven security operations platform is the only solution available today with intelligence, automation, analytics, and workflows in a single platform. To learn more about our TIP and SOAR solutions, visit www.ThreatConnect.com.
- Trend MicroBooth: 382
Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.
- TrustedSecBooth: 316
TrustedSec is a leader in attack intelligence and security advisory services. Our team of highly talented, skilled, senior consultants sets us apart from other commodity-service security companies. We form partnerships with our number one goal to help you holistically improve your security program. You’ll find that working with us amounts to more than “just another engagement”—it’s establishing an understanding with your organization, and working to make you more secure, and better as a whole.
- TufinBooth: 360
As the market leader of award-winning Security Policy Orchestration solutions, Tufin provides enterprises with the ability to streamline the management of security policies across complex, heterogeneous environments. With more than 2,000 customers, Tufin automatically designs, provisions, analyzes and audits network security configuration changes – from the application layer down to the network layer – accurately and securely. It assures business continuity with a tight security posture, rapid service delivery and regulatory compliance across physical, private, public and hybrid cloud environments.
- University of MassachusettsBooth: 120
The University of Massachusetts System Office (UMSO), which includes the Office of the President and Central Administrative Services, provides overall leadership to the University, coordinates with the campuses on various academic and financial initiatives, and provides shared services in the areas of information technology, treasury, and procurement, among others.
The System Office represents the University in various ways (including but not limited to) with the Governor, Legislature, executive branch agencies, the federal government and professional organizations. It also coordinates academic affairs across the campuses and management and fiscal affairs including efficiency and effectiveness efforts, budgeting and forecasting, capital planning, information systems, legal matters, and human resources management. Overall planning, policy development and initiation of University-wide programs are carried out through the System Office by several departments that report to the President and his Vice Presidents and that are located in both Boston and Shrewsbury.
- VaronisBooth: 128
Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.
- WatchGuardBooth: 402
WatchGuard offers industry-leading network security, secure Wi-Fi, and multi-factor authentication solutions to businesses around the world. In a world where the threat landscape is constantly evolving, and new threats emerge each day, WatchGuard provides robust security in a simple, easy-to-manage way.
- WhiteSourceBooth: 344
WhiteSource is the pioneer of open source security and license compliance management. Founded in 2011, its vision is to empower businesses to develop better software by harnessing the power of open source. WhiteSource is used by more than 800 customers worldwide, from all verticals and sizes, including 23% of Fortune 100 companies, as well as industry leaders such as Microsoft, IBM, Comcast, and many more. For more information, please visit www.WhiteSourceSoftware.com.
- Wombat Security TechnologiesBooth: 378
Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS cyber security education solution includes a platform of integrated broad assessments, and a library of simulated attacks and brief interactive training modules, to reduce employee susceptibility to attack, even phishing attacks, over 80%.
- ZensarBooth: 405
Zensar is a leading digital solutions and technology services company that specializes in partnering with global organizations across industries on their Digital Transformation journey. Zensar empowers customers to develop strategies to adhere to comprehensive security frameworks while implementing security solutions to meet industry practices and compliance requirements.
- Gene KingsleyDirector, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.
- Thornton MayFuturist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company
Thornton is one of America’s premier executive educators, designing and delivering high impact curricula at UCLA, UC-Berkeley, Arizona State University, The Ohio State University, Harvard University, the University of Kentucky, Babson, and the Olin College of Engineering. His programs mine the knowledge of the audience delivering practical insights in an engaging and interactive manner.
As a futurist, Thornton writes columns on technology for three leading publications, researches at four think tanks, and advises major organizations and government agencies on how to think differently about technology—all the while conducting seminal anthropological field research into technology-use behaviors of the various tribes comprising modern society.
No stranger to the risk and infosec tribe, Thornton has written for CSO Magazine and frequently advises, lectures, and always learns from professionals in the various agencies of the American intelligence community. In a previous life, Thornton served as the Chief Awareness Officer (CAO) for one of the world’s first managed security services firm.
Thornton brings a scholar's patience for empirical research, a second-to-none gift for storytelling, and a stand-up comedian’s sense of humor to his audiences. His recent book, "The New Know: Innovation Powered by Analytics," examines the intersection of the analytic and IT tribes.
The editors at eWeek honored Thornton, including him on their list of Top 100 Most Influential People in IT. The editors at Fast Company labeled him "one of the top 50 brains in technology today."
- Brian ShieldCIO, Boston Red Sox
Brian is responsible for the strategic direction of technology and day-to-day IT operations in support of the Boston Red Sox, their fans, and Fenway Sports Management.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- David DumasSr. Principal, Security Risk Management, Verizon
David Dumas, CISSP, CISM, ISSA Distinguished Fellow, is a Senior Principal in Security Risk Management for Verizon's Wireline Security Operations group. He has 32 years in the security field, working at Digital Equipment and Verizon. He has been on the ISSA New England Chapter Board since 1998.
- Joan AntokolPartner, Park Legal LLC
Joan has experience as an in-house global privacy officer for a Fortune 500 company, and also served as a Partner and chair of the data privacy practice for a large international law firm. Since 2010, she has operated her own law firm, Park Legal, LLC, with offices in New Jersey and Indianapolis. Since 2003, Joan has been invited to be a member of the International Working Group on Data Protection in Technology (IWGDPT), which is an international group of data protection regulators chaired by the Berlin Data Protection Commissioner. Joan has also presented multiple times at the International Data Protection Commissioners' Conferences and has written a number of articles on data protection and security topics.
- Tom StumpekCISO, Lahey Health
Tom Stumpek currently serves as the CISO at Lahey Health. Prior to Lahey Tom spent over 20 years with the General Electric Company in various IT C-level positions (CISO, CTO, CIO) in the financial services, insurance, manufacturing and corporate sectors. Recently Tom has presented at several executive IT events on technology strategy, enterprise risk, innovation and leading a culture of change.
- Thornton MayFuturist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company
Thornton is one of America’s premier executive educators, designing and delivering high impact curricula at UCLA, UC-Berkeley, Arizona State University, The Ohio State University, Harvard University, the University of Kentucky, Babson, and the Olin College of Engineering. His programs mine the knowledge of the audience delivering practical insights in an engaging and interactive manner.
As a futurist, Thornton writes columns on technology for three leading publications, researches at four think tanks, and advises major organizations and government agencies on how to think differently about technology—all the while conducting seminal anthropological field research into technology-use behaviors of the various tribes comprising modern society.
No stranger to the risk and infosec tribe, Thornton has written for CSO Magazine and frequently advises, lectures, and always learns from professionals in the various agencies of the American intelligence community. In a previous life, Thornton served as the Chief Awareness Officer (CAO) for one of the world’s first managed security services firm.
Thornton brings a scholar's patience for empirical research, a second-to-none gift for storytelling, and a stand-up comedian’s sense of humor to his audiences. His recent book, "The New Know: Innovation Powered by Analytics," examines the intersection of the analytic and IT tribes.
The editors at eWeek honored Thornton, including him on their list of Top 100 Most Influential People in IT. The editors at Fast Company labeled him "one of the top 50 brains in technology today."
- Chris DeMale, CFAStrategic Account Executive, ISACA
Chris DeMale, CFA is a Strategic Account Executive for ISACA, where he serves enterprises across the globe on ISACA’s full suite of assessment, training, and cybersecurity products, and as a dedicated technical resource with expertise in the financial services sector. Before joining ISACA, Mr. DeMale served as Senior Vice President at Bluerock Capital Markets, and as a top-performing Regional Director at Morningstar, Inc., consulting on practice management, software, and investment decision-making. He has been recognized for helping hundreds of clients expand and enhance their firms. Mr. DeMale is a CFA Charterholder and a member of the CFA Society of Chicago. He holds degrees in Economics and English from Vanderbilt University and an MBA with Distinction from DePaul University. When not traveling or collaborating on ISACA business, he enjoys a variety of activities with his wife and four daughters, including gardening, biking, and chasing around a baby.
- Scott MargolisCISO, Massachusetts Bay Transportation Authority (MBTA)
Senior Information Technology/Security Executive with over 25 years of experience at premier institutions successfully building services and client relationships, developing methodologies, and integrating cross-functional skills. Specializes in information security and risk management, compliance, knowledge management, strategy, business continuity, and operational efficiency. Reputation for leading new initiatives focused on transforming operations, establishing partner/industry relationships, increasing revenue, and reducing cost and risk exposure. Proactive leader with intense focus on customers and beneficial outcomes.
- Jonathan LangeExecutive Manager, baramundi software USA, Inc.
Jonathan Lange is sales manager for baramundi software USA, Inc. in the US market. Having advised customers in various countries from small businesses to global enterprises, he is well aware of the challenges IT departments face today in order to keep their infrastructure up-to-date, safe and efficient.
- Matthew GardinerPrincipal Security Strategist, Mimecast
Matthew Gardiner is a Director of Security at Mimecast and is currently focused on email & web security, phishing, awareness training, malware, and cloud security. With more than 15 years focused in security, Matthew’s expertise in various roles includes threat detection & response, network monitoring, SIEM, endpoint threat detection, threat intelligence, identity & access management, Web access management, identity federation, cloud security, and IT compliance at RSA, Netegrity, and CA Technologies. Previously he was President and a member of the board of trustees of the security industry non-profit, the Kantara Initiative. Matthew has a BS in Electrical Engineering from the University of Pennsylvania and an SM in Management from MIT's Sloan School of Management.
- Ron WinwardSecurity Evangelist, North America, Radware
As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America.
Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation. - Stephen JonesVice President Managed Services, GuidePoint Security
Stephen is the Vice President of Managed Services at GuidePoint Security and began his career in Information Security, Information Technology Management, Vulnerability Management, and Security Operations Center (SOC) operations. Before joining GuidePoint Security, Stephen worked for ManTech International at a large federal agency managing SOC operations. Stephen’s experience includes the teardown and rebuild of an Intelligence Community SOC to include staffing, process development, documentation, operations management, and inter-organizational coordination. He has managed Enterprise Vulnerability Management to include scanning, vulnerability prioritization, and reporting for an enterprise of over 100,000 assets. Stephen has a B.S. in Information Security from George Mason University.
- James LamDirector, E*Trade Financial
James Lam is the president of James Lam & Associates and a director of E*TRADE Financial, where he chairs the risk oversight committee. He previously served as president of ERisk, partner of Oliver Wyman, chief risk officer of Fidelity Investments, and chief risk officer of GE Capital Markets Services. Lam was named to the NACD Directorship 100, Directors & Boards “Directors to Watch,” Treasury & Risk “100 Most Influential People in Finance,” and GARP “Risk Manager of the Year.” He is a best-selling author of three Wiley books. Lam is certified by the Software Engineering Institute of Carnegie Mellon in Cybersecurity Oversight.
- Carlos MoralesVice President, ASERT and Global Pre-Sales, Arbor Networks
Carlos is responsible for Arbor’s Security Engineering & Response Team as well as the global pre-sales organization. ASERT is one of the industry’s most respected research organizations, responsible forproviding tactical and strategic threat intelligence to Arbor’s customer base and for curating ATLAS, Arbor’s global threat intelligence infrastructure. ASERT uses this unique network insight to analyze botnets, malware and DDoS threats on a global basis, developing protections that are fed directly into Arbor’s products through the ATLAS Intelligence Feed. Additionally, he will retain responsibility for field operations and implementation of our security and network visibility solutions. He brings more than two decades of experience in deploying security, networking and access solutions for service provider and enterprise networks. Before joining us in 2004, Carlos held management positions at Nortel Networks and Tiburon Networks, where he served as director of sales engineering. He also held salesengineering roles at Shiva Corporation, Crescent Networks and Hayes Microcomputer.
- Katie StebbinsVice President for Economic Development, University of Massachusetts President's Office
Katie Stebbins is the Vice President for Economic Development at the University of Massachusetts. She serves as a liaison to the business community, establishing and growing research and workforce development partnerships to benefit the university and the Commonwealth of Massachusetts. Representing UMass, the state’s second-largest employer and an institution responsible for $6.2 billion in annual economic impact, Katie is focused on business collaboration and increasing the state’s competitiveness in key sectors, including cyber security. Katie was previously Assistant Secretary for Technology, Innovation and Entrepreneurship for Massachusetts, where she led state investment efforts in robotics, advanced manufacturing and cyber security.
- Nicholas DavisTechnical Product Manager, Rapid7
Nick Davis began his career at Rapid7 in 2013 as a Software Engineer building InsightIDR. In this role, he was focused on building key detections and establishing scalability across the platform to keep up with a growing user base. Now, as the Technical Product Manager for InsightIDR, Nick works closely with engineering, SOC Analysts, and customers. He has a B.S. in Computer Engineering from Tufts University, where he led the Tufts IEEE chapter and contributed to Metasploit. He has published papers on facial recognition systems and hazardous environment detection using UAV systems. When he's not at work, you can find him reading up on large scale distributed systems, taking pictures, or skiing.
- Moderator: Mark AielloBoard Member, (ISC)2 Eastern Massachusetts; President, CyberSN
Having more than 30 years of IT and cybersecurity consulting/staffing experience, Mark joined Signature Consultants, one of the largest IT Staffing Firms in the U.S., to lead, build and cultivate the cybersecurity talent and workforce throughout the organization’s 26 locations, serving 100s of clients throughout North America. Former President of Cyber 360, a leader in cybersecurity staffing, he harnesses his expertise in the cybersecurity/information security labor market to deploy and support a vast network of cybersecurity professionals. His passion and purpose are keeping companies safe by providing cybersecurity consultants and employees.
- Vani MurthyRisk Consultant, Cloud Security Alliance working groups contributor
Vani Murthy (CISSP, CRISC, PMP and ITIL) is a Risk Consultant with over 17 years of experience in IT. Vani holds a MS and an MBA. She also contributes to the Cloud Security Alliance working groups.
- Esmond KaneCISO, Steward Health Care
Esmond Kane brings more than two decades of expertise as a distinguished leader in information security, safeguarding vital sectors. With a rich leadership background at prestigious institutions like Harvard University, Mass General Brigham, and Steward Health Care, he also serves on the advisory boards of multiple companies, providing valuable insights on cyber matters. Kane excels as a trusted consultant to top executives and founders, ensuring secure IT operations, regulatory compliance, and resilient design. His stellar track record is a testament to his recognized authority in the field.
- Amirali SanatiniaPhD Candidate / Research Assistant, Northeastern University
Amirali Sanatinia is a Computer Science PhD candidate at Northeastern and holds a Bachelors degree in Computer Science from St. Andrews University. His research focuses on security and privacy, and has been covered by publications such as MIT Technology Review, Ars Technica, and Threatpost. He is a recipient of RSAC Security Scholar and the CCIS Outstanding Research Award. He has presented at different security conferences such as DEF CON, Crypto Village, Virus Bulletin, BSides Boston, and PyCon.
- Scott MargolisCISO, Massachusetts Bay Transportation Authority (MBTA)
Senior Information Technology/Security Executive with over 25 years of experience at premier institutions successfully building services and client relationships, developing methodologies, and integrating cross-functional skills. Specializes in information security and risk management, compliance, knowledge management, strategy, business continuity, and operational efficiency. Reputation for leading new initiatives focused on transforming operations, establishing partner/industry relationships, increasing revenue, and reducing cost and risk exposure. Proactive leader with intense focus on customers and beneficial outcomes.
- Gene KingsleyDirector, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.
- Thornton MayFuturist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company
Thornton is one of America’s premier executive educators, designing and delivering high impact curricula at UCLA, UC-Berkeley, Arizona State University, The Ohio State University, Harvard University, the University of Kentucky, Babson, and the Olin College of Engineering. His programs mine the knowledge of the audience delivering practical insights in an engaging and interactive manner.
As a futurist, Thornton writes columns on technology for three leading publications, researches at four think tanks, and advises major organizations and government agencies on how to think differently about technology—all the while conducting seminal anthropological field research into technology-use behaviors of the various tribes comprising modern society.
No stranger to the risk and infosec tribe, Thornton has written for CSO Magazine and frequently advises, lectures, and always learns from professionals in the various agencies of the American intelligence community. In a previous life, Thornton served as the Chief Awareness Officer (CAO) for one of the world’s first managed security services firm.
Thornton brings a scholar's patience for empirical research, a second-to-none gift for storytelling, and a stand-up comedian’s sense of humor to his audiences. His recent book, "The New Know: Innovation Powered by Analytics," examines the intersection of the analytic and IT tribes.
The editors at eWeek honored Thornton, including him on their list of Top 100 Most Influential People in IT. The editors at Fast Company labeled him "one of the top 50 brains in technology today."
- Joanne KossuthCIO, Mitchell College
Currently Joanne acts as the Chief Information Officer for Mitchell College with responsibility for academic, administrative, and enterprise computing and library information services. Joanne also serves as principal in her consulting services company, 1MountainRoad, which specializes in strategic business process re-engineering; aspirant and leadership development; human capital management and team building; and collaboration and services implementations. 1MountainRoad has specific experience in higher education in executing change management.
As Olin College's Vice President for Operations and CIO, Ms. Kossuth had primary responsibility for the operational and technology areas of the college. These included: conference services, dining services, EH&S, facilities, human resources, information technology, planning and project management, public safety. In addition to her operations duties, she was responsible for building relationships with neighboring institutions, including Babson, Brandeis, and Wellesley Colleges.
Ms. Kossuth founded and convened the External Technology Advisory Board and the Olin Innovation Lab. Her IT leadership led to her being named one of Computerworld's Premiere 100 CIOs in 2005. She received the EDUCAUSE Community Leadership Award, 2014. Joanne's previous experience includes positions at Fisher College, Wheelock College and the Boston University School of Management. Her publications include: "Attracting Women to Technical Professions," and "Building Relationships Means Better IT Contracts," “The Converged Workplace” and Chapter 32 or “Olin College: Academic and Olin Centers” in the EDUCAUSE E-Book “Learning Spaces.” Ms. Kossuth continues to provide service and leadership to EDUCAUSE and CLIR as the Dean of the Leading Change Institute and to NERCOMP as the co-founder and facilitator of the EDUCAUSE NERCOMP IT Manager Workshop Series. She was selected as a member of Juniper Network's Higher Education Advisory Board, and Plantronics Unified Communications Advisory Board.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Happy Hour
- Deidre DiamondFounder and CEO, CyberSN and Secure Diversity
Deidre Diamond is the founder and CEO of CyberSN, the largest cybersecurity talent acquisition technology and services firm in the U.S., transforming job searching and hiring for the cybersecurity industry. Standardizing all cybersecurity job functions into a common taxonomy of 45 roles, the CyberSN platform allows professionals to make anonymous, public profiles that match with employer-posted job descriptions using the same taxonomy. This innovation is disruptive and solves a serious national security issue. Deidre’s leadership style combines 25 years of experience working in technology and staffing, her love of the cybersecurity community, and a genuine enthusiasm for people. She has led large-scale sales and operations and built high-performance teams at Rapid7 and Motion Recruitment prior to founding her own organizations. She believes a company-culture established on ‘anything is possible’ attitudes and open communication frameworks, along with positive energy, career advancement, and kindness, enables her teams to have fun at work and reach beyond peak performance. She also encourages the use of EQ (Emotional Intelligence) skills: self-awareness, self-regulation, motivation, social skills, and empathy. Deidre has also founded SecureDiversity.org, a non-profit organization working to raise awareness for, and increase the hiring of, women and underrepresented humans in the cybersecurity workforce. She has also spoken at some of the biggest tech summits, conferences, and podcasts in the world including ISC2 Congress, RSA, ISSA International, and Hacker Halted.
- Gene KingsleyDirector, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.
- Thornton MayFuturist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company
Thornton is one of America’s premier executive educators, designing and delivering high impact curricula at UCLA, UC-Berkeley, Arizona State University, The Ohio State University, Harvard University, the University of Kentucky, Babson, and the Olin College of Engineering. His programs mine the knowledge of the audience delivering practical insights in an engaging and interactive manner.
As a futurist, Thornton writes columns on technology for three leading publications, researches at four think tanks, and advises major organizations and government agencies on how to think differently about technology—all the while conducting seminal anthropological field research into technology-use behaviors of the various tribes comprising modern society.
No stranger to the risk and infosec tribe, Thornton has written for CSO Magazine and frequently advises, lectures, and always learns from professionals in the various agencies of the American intelligence community. In a previous life, Thornton served as the Chief Awareness Officer (CAO) for one of the world’s first managed security services firm.
Thornton brings a scholar's patience for empirical research, a second-to-none gift for storytelling, and a stand-up comedian’s sense of humor to his audiences. His recent book, "The New Know: Innovation Powered by Analytics," examines the intersection of the analytic and IT tribes.
The editors at eWeek honored Thornton, including him on their list of Top 100 Most Influential People in IT. The editors at Fast Company labeled him "one of the top 50 brains in technology today."
- Ben LevitanCEO, Cedalion Partners
Ben Levitan serves as CEO of Cedalion Partners, a Management Advisory firm to Investors, Boards, and CEOs. Ben serves as Board Director of OGSystems, a GEOINT solutions company, and Bricata, a cybersecurity company. Ben has more than 25 years of leadership experience, having served as CEO or COO of five companies—in venture, growth equity, and public stages. Ben served as Venture Partner at IQT, the strategic investment arm of the CIA and U.S. Intelligence Community, and made investments in cybersecurity, including Veracode (acquired by CA) and Corestreet (acquired by Assa Abloy). He attended London School of Economics and earned his BA from Union College. Ben is an avid motorcycle rider and bicyclist and is married with three children.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Deidre DiamondFounder and CEO, CyberSN and Secure Diversity
Deidre Diamond is the founder and CEO of CyberSN, the largest cybersecurity talent acquisition technology and services firm in the U.S., transforming job searching and hiring for the cybersecurity industry. Standardizing all cybersecurity job functions into a common taxonomy of 45 roles, the CyberSN platform allows professionals to make anonymous, public profiles that match with employer-posted job descriptions using the same taxonomy. This innovation is disruptive and solves a serious national security issue. Deidre’s leadership style combines 25 years of experience working in technology and staffing, her love of the cybersecurity community, and a genuine enthusiasm for people. She has led large-scale sales and operations and built high-performance teams at Rapid7 and Motion Recruitment prior to founding her own organizations. She believes a company-culture established on ‘anything is possible’ attitudes and open communication frameworks, along with positive energy, career advancement, and kindness, enables her teams to have fun at work and reach beyond peak performance. She also encourages the use of EQ (Emotional Intelligence) skills: self-awareness, self-regulation, motivation, social skills, and empathy. Deidre has also founded SecureDiversity.org, a non-profit organization working to raise awareness for, and increase the hiring of, women and underrepresented humans in the cybersecurity workforce. She has also spoken at some of the biggest tech summits, conferences, and podcasts in the world including ISC2 Congress, RSA, ISSA International, and Hacker Halted.
- Sandy BacikDirector, Audit and Compliance, CipherTechs, Inc.
Sandy Bacik, CISSP, ISSMP, CGEIT, CISA, CDPSE, PCI QSA, is CipherTechs’ Director Audit & Compliance, has over 20 years’ direct information security and operational experience in the areas of IT Audit and Compliance, BCP/DR, Incident Response, Physical security, Privacy, Regulatory Compliance and Audit, Policies/Procedures, Operations, and Management and is a former CISO. With an additional 15 years in Information Technology Operations. Ms. Bacik has been heavily involved with local, national, and international security industry events. Ms. Bacik is the author of Building an Effective Security Policy Architecture and a contributing author to the past years of Information Security Management Handbook.
- Ravi ThatavarthyVP & CISO, BJ's Wholesale Club
Ravi Thatavarthy brings 20+ years of experience in Information Security to his role with a strong background in Security Architecture and building Security programs from ground up. His approach to Information Security is unique and well-balanced with a focus on ‘Business Value’ and ‘User Delight’. He recently appeared in ‘Profiles in Confidence’ as a Security leader running confident Security program. He spoke and served as a panelist in multiple conferences. Before joining BJ's, he was the Head of Information Security at iRobot, and previously led the Security, Policy & Compliance programs at Haemonetics where he worked as Director of Global Security & Policy.
- Frank DuffCybersecurity Engineer, MITRE
Frank Duff is a principal cyber operations engineer at MITRE. His work has focused in endpoint security and cyber deception. He is the current principle investigator of the Leveraging External Transformational Solutions research and development effort that seeks to assist the integration of innovative commercial cybersecurity solutions into our sponsor base.
- Jordan Fischer, InstructorFounding Partner & Owner, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP) - Dr. Larry PonemonChairman and Founder, Ponemon Institute
Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management (RIM) framework.
Ponemon Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University’s CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Corporation.
Dr. Ponemon consults with leading multinational organizations on global privacy management programs. He has extensive knowledge of regulatory frameworks for managing privacy and data security, including financial services, healthcare, pharmaceutical, telecom, and internet. Dr. Ponemon was appointed to the Advisory Committee for Online Access & Security for the United States Federal Trade Commission. He was appointed by the White House to the Data Privacy and Integrity Advisory Committee for the Department of Homeland Security. He was also an appointed to two California State task forces on privacy and data security laws.
Dr. Ponemon earned his Ph.D. at Union College in Schenectady, New York. He has a Master’s degree from Harvard University, and attended the doctoral program in system sciences at Carnegie Mellon University. He earned his Bachelor's with Highest Distinction from the University of Arizona. He is a Certified Public Accountant and a Certified Information Privacy Professional.
- Javed IkbalCISO & VP, Information Security & Risk Management, Bright Horizons
Javed Ikbal is the CISO at Bright Horizons. Prior to that, he held CISO positions at Upromise Rewards, GTECH, and Omgeo, and brings 20 years of information security experience in financial services, gaming, and scientific research sectors. He specializes in building or re-engineering information security programs, regulatory compliance, application security, and aligning IT and information security programs to business goals. He is the co-author of "The Laidoff Ninja" and is currently working on his next book: "Clicking Up: Building a Great Information Security Program".
- Kurt WescoeChief Architect, Wombat Security, a division of Proofpoint
As Chief Architect at Wombat Security, Kurt is responsible for ensuring Wombat's software and systems are built on a sound foundation. He brings over 10 years of experience in engineering, across multiple industries. He also serves as a faculty member in the School of Computer Science’s master’s program in e-Business at Carnegie Mellon University. Kurt earned his M.Sc. in E-Commerce from CMU, and a B.S. in Computer Engineering from the University of Pittsburgh.
- Deidre DiamondFounder and CEO, CyberSN and Secure Diversity
Deidre Diamond is the founder and CEO of CyberSN, the largest cybersecurity talent acquisition technology and services firm in the U.S., transforming job searching and hiring for the cybersecurity industry. Standardizing all cybersecurity job functions into a common taxonomy of 45 roles, the CyberSN platform allows professionals to make anonymous, public profiles that match with employer-posted job descriptions using the same taxonomy. This innovation is disruptive and solves a serious national security issue. Deidre’s leadership style combines 25 years of experience working in technology and staffing, her love of the cybersecurity community, and a genuine enthusiasm for people. She has led large-scale sales and operations and built high-performance teams at Rapid7 and Motion Recruitment prior to founding her own organizations. She believes a company-culture established on ‘anything is possible’ attitudes and open communication frameworks, along with positive energy, career advancement, and kindness, enables her teams to have fun at work and reach beyond peak performance. She also encourages the use of EQ (Emotional Intelligence) skills: self-awareness, self-regulation, motivation, social skills, and empathy. Deidre has also founded SecureDiversity.org, a non-profit organization working to raise awareness for, and increase the hiring of, women and underrepresented humans in the cybersecurity workforce. She has also spoken at some of the biggest tech summits, conferences, and podcasts in the world including ISC2 Congress, RSA, ISSA International, and Hacker Halted.
- Nuno SousaStrategic Engineering Manager, Check Point Software Technologies, Inc.
Nuno is the Check Point Strategic Engineering Manager in the Northeast. 10+ years of experience in the cybersecurity industry. He has held various positions in the vendor, system integrator and private sector including Security Engineer, Security Architect, Security Consultant and now managing Check Point SE’s responsible for Check Point’s largest customers in the NorthEast.
- Ron WinwardSecurity Evangelist, North America, Radware
As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America.
Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation. - Jim BenantiSr. Partner, Consulting Engineer, Arbor Networks
Jim comes to Arbor with over 20 years in the security field as a Pre-Sales Engineer, Sales Representative, Competitive Analyst, and Solutions Consultant. He has been with Arbor for the past six years, where he currently is a Sr. Partner Consulting Engineer.
Jim received his Bachelor’s degree from Clarion University of Pennsylvania and has also earned a Master’s degree from Robert Morris University. He also maintains his CISSP and ITIL certifications. Jim currently resides in the Pittsburgh area with his wife Mary and two daughters, Sarah and Maria. - William J. Malik, CISAVP, Infrastructure Strategies, Trend Micro
William Malik helps clients structure their IT environments to minimize the loss, alternation, or inadvertent exposure of sensitive information. His information technology career spans over four decades. Prior to Trend Micro, he worked at Gartner for twelve years where he led the information security strategies service and the application integration and middleware strategies service. Before Gartner, William was CTO of Waveset, an identity management vendor. He also co-authored the Cobit version 3 standard. In addition, he spent 12 years at IBM, where he worked in MVS development, testing, and business planning. William is a Certified Information Systems Auditor (CISA).
- Katie GreerCEO, KL Greer Consulting, Featured on: CNN, The O'Reilly Factor, Inside Edition, The Huffington Post, TIME Magazine, USA Today and more
Previously of the Massachusetts Attorney General's Office and MA State Police, Katie Greer travels the country presenting to hundreds of thousands of law enforcement, communities, school staff/administration and students on the trends, safety and best digital safety/social media practices. Katie serves as a media industry expert, and has been featured on CNN, The O'Reilly Factor, The Meredith Vieira Show, Inside Edition, and in media such as The Huffington Post, TIME Magazine, The Boston Globe, USA Today, Proctor & Gamble, Parents Magazine, and more.
- Margie ZukSr. Principal Cybersecurity Engineer, MITRE
Margie Zuk is in the Cybersecurity Solutions and Information Technology Technical Centers at The MITRE Corporation. She leads MITRE’s support to FDA on medical device cybersecurity and preparedness and response and is developing a Common Vulnerability Scoring System rubric tailored to medical devices. Margie has a Bachelor of Arts in Mathematics from the College of Mt. St. Vincent, and a Master of Science in Computer Science from Stevens Institute of Technology.
- Penny ChaseSr. Principal Scientist, MITRE
Penny Chase is in the Cybersecurity Solutions and Information Technology Technical Centers at The MITRE Corporation. She leads MITRE’s support to FDA on medical device cybersecurity and preparedness and response, and is developing a Common Vulnerability Scoring System rubric tailored to medical devices.
- Sue BergamoCIO & CISO, BTE Partners
A global CIO & CISO, Sue brings broad technology and operational experience to help companies secure and grow through innovation, and optimization in cloud, on-prem environments and acquisition. She’s held strategic positions at Microsoft, ActiveCampaign, Precisely, Episerver, Aramark, and CVS Pharmacy. Sue is the author of "So, You Want to be a CISO?" and is a sought-after speaker, investor, executive advisor and a multiple industry award winner in cybersecurity.
- Thomas HartCISO, Cyber Guide LLC
Thomas F Hart - Tom has been in the IT field since 1978(EDP), starting as a programmer trainee (Assembler and COBOL). First computer worked on was an IBM360 system (PCs were a long way off). He has been a Programmer, Systems Analyst, Operating Systems Programmer, Network Systems Programmer, DR / BCS Specialist, IT Auditor, GRC, Sr. Security Analyst, Contractor/Consultant, Security Conference Panelist- Moderator-Organizer-Speaker. Tom has been involved in the InfoSec community via ISC2, ISACA, SANS, HOPE, BSides, Secure World and others. He has worked in the Banking, Defense, Utilities, Gov. and Health Care industries in his career. Most recently he has founded Cyber Guide LLC consulting firm.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes