- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, March 27, 20197:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 3:00 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
8:00 amAdvisory Council Breakfast Roundtable – (VIP / INVITE ONLY)[Topic] 2020 State of CybersecurityRegistration Level:- VIP / Exclusive
8:00 am - 9:15 amLocation / Room: 109This opportunity is for our Advisory Council members only.
8:00 amSecureWorld PLUS Part 1 - How to Build the Future: A Deep Dive into Artificial Intelligence, Blockchain, and Preparing Your Organization for 5-10 Years AheadEarn 16 CPEs With This in-Depth 3-Part CourseThe Bald Futurist, Former Chief Evangelist and Futurist, IntelRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: 108In this workshop, you will learn about two of the most important technologies shaping our future, Artificial Intelligence and Blockchain technology. You will then learn how to use the Futurecasting process to model, plan, and build future experiences, including some that are a built around AI and Blockchain. While it does discuss some technical topics at a high level, this workshop is open and accessible to anyone and everyone. Sign up today to boost your knowledge on both AI and Blockchain, and to learn new techniques that will enable you to imagine, plan and build the future.
Hear from Steve as he gives a preview of what he will cover in this PLUS course: https://youtu.be/eN-wYrdPyjs
AGENDA
Introductions
Artificial Intelligence: How AI will reshape every business, including yours
Artificial intelligence (AI) is a profoundly important set of technologies that are already shaping the way we live our lives, and the ways that businesses operate. As the second era of computing, AI will have as profound of an effect on business and society as did electrification and traditional digital computers. Over the next decade, AI will transform all our lives and will reshape every industry. AI will power autonomous vehicles, smart robots, drones, virtual assistants, and chatbots. It will manage our smart cities, power sentient factories, and oversee our smart energy grids. AI will turbo-charge medical diagnosis, revolutionize customer service, and aid in the discovery of new materials and new pharmaceuticals. AI will reshape every business process, and could reshape the structure of every team. The HR Director and CIO of every company will need to become best friends as IT and HR co-own a blended human-machine labor force. Every IT person needs to understand the capabilities, limitations, and implications of artificial intelligence, no matter their level of technical acumen. This session explains what Artificial Intelligence is and how it can be used. Attendees will then review the main concepts of AI: artificial neural networks, deep learning, supervised learning, unsupervised learning, reinforcement learning, and generative adversarial networks. Finally, the session will explore how AI may develop in the future, and how it will require a rethinking of every workflow, and every workplace.Blockchain beyond crypto-currencies: Your foundation to create new business value
Crypto-currencies like Bitcoin are just one of the many applications that can be built on top of Blockchain technology. Blockchain has rapidly become a valuable platform for new value creation across a wide range of industries. Heavyweights like IBM, Walmart, Accenture, Intel, and Bank of America are all placing big bets in this area. Over the last thirty years, we have moved from the client-server era, through the cloud computing era, and now with Blockchain to the era of distributed applications. Blockchain technology removes the need for central authorities, creates trust in a trestles world, reduces transaction costs, and dramatically improves traceability. In this session, you’ll cover Blockchain basics, understand why Blockchain technology is so disruptive, and learn how distributed applications (dApps) enable a new innovation paradigm that brings with it new funding and collaboration models. You’ll then look at examples of how Blockchain is already being used to solve problems in a wide range of industries, from real-estate to supply chain, and healthcare to energy. Be sure that you are prepared to take full advantage of the increased levels of trust, privacy, traceability, and data security made possible by Blockchain technology. Every IT person needs to understand the implications of this technology to their business.Futurecasting Workshop
In this workshop, you’ll learn all the main steps of the Futurecasting process, a proven foresights process developed by futurist, Brian David Johnson. You will then practice each of these major steps—trend synthesis, personas, rapid futurecasting, science fiction prototyping, and backcasting—and start to develop some plans for the future. Some of these plans will build upon what you learned during the two morning sessions focused on AI and Blockchain. In addition to using Rapid Futurecasting to design simple experiences that you may wish to create, you will also consider the investments, partnerships, R&D effort, and talent plans you might need to succeed. “The best way to predict the future is to design it”. So said engineer, inventor, and futurist Buckminster Fuller. Similar statements have been credited to Alan Kay, Peter Drucker, and even Abraham Lincoln. The bottom line is that in order to seize a leadership position in any market, a company needs to take an active role in defining the future that they want to build, and then develop a comprehensive plan to build that imagined future. Attend this workshop to learn how to deploy the Futurecasting process at your company, or perhaps in your own life, as a way to help you model, plan, and then build the future that you want.8:00 am[SecureWorld PLUS] Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity FrameworkEarn 16 CPEs With This in-Depth 3-Part CourseSr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: 105The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report
The class will help individuals and organizations acquire knowledge, skills and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the Instructor – Larry Wilson:
- Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
8:00 am[SecureWorld PLUS] Part 1 - Cloud Security EssentialsEarn 16 CPEs With This in-Depth 3-Part CourseDirector of Infrastructure and Database Services, The University of MassachusettsRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: 107Joe Fontecchio has developed a 4.5 hour SecureWorld PLUS training class that reviews the different cloud deployment and service models in the industry today and what steps we need to take as security professionals to ensure the protection of our data and services in the cloud. Below is a list of the topics discussed during the 4.5 hour session.
Introduction to the Cloud and Common Definitions
Identity and Access Management
Data Life Cycle: Create, Store, Use, Share, Archive and Destroy
Monitoring
Business Continuity/Disaster Recovery
Securing Your Cloud Migration Strategy
Securing IaaS, PaaS, SaaS and FaaS
Discussing Business Impacts and Consideration
Cloud Access Security Broker (CASB)
DevSecOps8:00 amISSA New England Chapter Meeting and PresentationWhat Are You Doing to Attract and Cultivate the Next Generation of InfoSec Professionals?VP, Information Security; MSIA, CISSP, CCSP, Eastern BankPresident, ISSA International; CISO, NeuEonRegistration Level:- Open Sessions
8:00 am - 9:15 amLocation / Room: 102Join this fireside chat with the ISSA New England Chapter as they have a candid conversation with two industry veterans and two aspiring InfoSec professionals. Learn what the next generation of workers is looking for, perceptions, and topics of training, as well as what our seasoned professionals are doing to cultivate and develop their teams.
Joining co-presenters Candy Alexander and David Dumas will be students Juliana Daggett of University of Rhode Island and Kyle Hagerman and Nasar Kasirye of Mass Bay Community College.
8:30 amNavigating the Uncharted Cybersecurity Career PathBoard Member, (ISC)2 Eastern Massachusetts; President, CyberSNRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 104With a growing shortage of qualified workforce, it’s a pivotal time for the cybersecurity profession to define its value and claim its space within the corporate landscape. From entry-level to C-suite, do you know what you’re worth and how to maximize your earning potential? What are the KPIs, accomplishments, and degrees or accreditations needed to advance your career? 8:30 amSecurity Awareness Training: Building Your BrandCISO, Massachusetts Bay Transportation Authority (MBTA)Registration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 101Security Awareness Training is paramount to the success of any Information Security Program, serving as a front-line defense in countering threats that may significantly impact business operations. A well-informed staff that is trained to avoid actions that may unleash the latest Phishing or Ransomware attack, will lessen the frequency of harmful incidents and may exceed the capabilities of sophisticated detective and preventative controls. This presentation will focus on the process for establishing a Security Awareness program that fosters a cyber-safe culture based on a unified brand and business-centric curriculum supported by adaptive campaigns, personally relatable content, and leverages user behavior as opportunities for teachable moments. 8:30 amLIFARS Panel: Preparing for the Inevitable: A Discussion of Case Studies in Cybersecurity Successes and FailuresCEO and Founder , LIFARSSr. Technical Sales Director, TrapX SecurityIT Risk and Assurance Services Leader, Marcum TechnologySr. Director, Solution Engineering, eSentire Inc.Registration Level:- Open Sessions
8:30 am - 9:15 amLocation / Room: 103Most of us are familiar with some of the biggest failures in cybersecurity, yet unfamiliar with some of the best cybersecurity success stories. But does that make sense? This panel—featuring world class experts in Preparation, Defense, Breach Detection, and Incident Response phases—will discuss real-life cybersecurity success stories in a concise way that transcends industry verticals and organizational structure. Lessons learned will have attendees reporting back with an impetus of proactive strategies for effective cyber offense and defense, plus critical advice for navigating a worst-case scenario.
9:00 amExhibitor Hall openRegistration Level:- Open Sessions
9:00 am - 3:00 pmLocation / Room: Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
9:30 amOPENING KEYNOTE — Going Digital: Building Your Strategic Roadmap for the Next Wave of Digital TransformationThe Bald Futurist, Former Chief Evangelist and Futurist, IntelRegistration Level:- Open Sessions
9:30 am - 10:30 amLocation / Room: Keynote TheaterThe next major wave of digital transformation will integrate the physical parts of your business even more intimately with the digital world, using sensors, analytics, artificial intelligence, robotics, augmented reality, 5G networking, and blockchain technology. In this talk, former Intel futurist Steve Brown presents a fast-paced, fun exploration of what it will mean to “go digital” in the next decade, and reviews the business and security strategies we will need to navigate the road ahead.
Hear from Steve as he gives a preview of what he will cover in his keynote: https://youtu.be/Er1spVCyzS8
10:15 amConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
10:15 am - 11:15 amLocation / Room: Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
11:00 amBruce Schneier book signing on the Exhibitor FloorQuantities are limited and will be distributed on a first-come, first-served basis.Security and Cryptography Expert and AuthorRegistration Level:- Open Sessions
11:00 am - 12:00 pmLocation / Room: Exhibitor FloorBruce Schneier will be signing his book, Click Here to Kill Everybody.
Find him on the Exhibitor Floor at the SecureWorld Media booth.
Please note: Book quantities are limited and will be distributed on a first-come, first-served basis.Book Synopsis:
A world of “smart” devices means the internet can kill people. We need to act. Now. Everything is a computer. Ovens are computers that make things hot; refrigerators are computers that keep things cold. These computers—from home thermostats to chemical plants—are all online. The internet, once a virtual abstraction, can now sense and touch the physical world.As we open our lives to this future, often called the Internet of Things (IoT), we are beginning to see its enormous potential in ideas like driverless cars, smart cities, and personal agents equipped with their own behavioral algorithms. But every knife cuts two ways.
All computers can be hacked. And internet-connected computers are the most vulnerable. Forget data theft: cutting-edge digital attackers can now crash your car, your pacemaker, and the nation’s power grid. In Click Here to Kill Everybody, renowned expert and best-selling author Bruce Schneier examines the hidden risks of this new reality.
After exploring the full implications of a world populated by hyperconnected devices, Schneier reveals the hidden web of technical, political, and market forces that underpin the pervasive insecurities of today. He then offers common-sense choices for companies, governments, and individuals that can allow us to enjoy the benefits of this omnipotent age without falling prey to its vulnerabilities.
From principles for a more resilient IoT, to a recipe for sane government regulation and oversight, to a better way to understand a truly new environment, Schneier’s vision is required reading for anyone invested in human flourishing.
11:00 amAdvisory Council Roundtable: (VIP / Invite Only)Director, Audit and Compliance, CipherTechs, Inc.Registration Level:- VIP / Exclusive
11:00 am - 12:00 pmLocation / Room: 109This session is for the Boston Advisory Council / VIP only.
11:15 amHearing Voices: The Voice of the Cybersecurity Professional Is Finally Heard!President, ISSA International; CISO, NeuEonRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 103For the third year, ISSA and ESG performed research to better understand the challenges faced by cybersecurity professionals. In this presentation, we review the results of the 2018 research, including: cybersecurity careers, key skills development sources, organizational considerations, and new trends. In this session you will learn which actions will benefit the individual professional the most. 11:15 am[baramundi] Innovative Endpoint ManagementA Holistic Approach to Vulnerability Management, Patching, OS-Upgrades and Software DistributionExecutive Sales Manager, baramundi Software USA Inc.Registration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: 101Zero Day Vulnerability, Windows Feature Updates, Office 365 Migration: Are any of these topics causing you to lose sleep? This seminar will show you how you can automate OS-migrations, software deployment projects, and patch management all from one easy to use Endpoint Management Suite.
11:15 am[Radware] Cybersecurity Pushed to the LimitSecurity Evangelist, North America, RadwareRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: 102Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.
Join the session to learn more about:
• The threat landscape deep dive—the who, what and why of attacks
• Potential impact on your business, including associated costs of different cyber-attacks
• Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
• Emerging threats and how to protect against them
• A look ahead – predictions and what to prepare for11:15 am[Mimecast] Cyber Resilience: Making Office 365 Safer for BusinessSr. Sales Engineer, MimecastRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: 104What is Cyber Resilience? Cyber Resilience is the ability to defend against a myriad of advanced security threats, to back up and archive data email data for fast recovery, and to provide continuous access to email even when attacks cause servers to go down.
Are you thinking about moving to the Cloud with your Email environment? Are you already in the Cloud with your Email environment? If the answer to any of these questions is Yes, then come see how Mimecast is making email safer for business. If the answer is no, come anyway! Learn how Mimecast provides true Cyber Resilience for email.11:15 amLeadership and Driving Change within the OrganizationCISO, UMassMemorial Health CareRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 111Driving change is tough on the best day. Driving changes to how people perform their work in the context of limiting risk can be daunting unless the organization and the people impacted understand what value the change provides for them. Executive buy-in, governance, prioritization, and socialization are some of the most important aspects of delivering value. 11:15 amVulnerability Management in an Academic/Research EnvironmentManager, Telecom & Network Ops, University of New HampshireInformation Security Compliance Program Manager, University of New HampshireRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 110A discussion of the challenges related to implementing a vulnerability remediation program in an open, academic environment. Touching on both the technical obstacles of delivery and remediation as well as procedural complexities. 12:00 pmAdvisory Council Lunch Roundtable – (VIP / Invite Only)Sr. Principal, Security Risk Management, VerizonRegistration Level:- VIP / Exclusive
12:00 pm - 1:00 pmLocation / Room: 109This session is for the Boston Advisory Council / VIP only.
Lunch will be served.12:15 pmLUNCH KEYNOTE: Presented by (ISC)2 - Securing a World of Physically Capable ComputersSecurity and Cryptography Expert and AuthorRegistration Level:- Open Sessions
12:15 pm - 1:00 pmLocation / Room: Keynote TheaterComputer security is no longer about data; it’s about life and property. This change makes an enormous difference, and will shake up our industry in many ways. First, data authentication and integrity will become more important than confidentiality. And second, our largely regulation-free internet will become a thing of the past.
Soon, we will no longer have a choice between government regulation and no government regulation. Our choice is between smart government regulation and stupid government regulation. Given this future, it’s vital that we look back at what we’ve learned from past attempts to secure these systems, and forward at what technologies, laws, regulations, economic incentives, and social norms we need to secure them in the future.
1:15 pmPanel: Building a Better Mouse Trap (Emerging Threats)Registration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: Keynote TheaterTo be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
1:15 pmPanel: You’ve Got Burned! Now What? (Incident Response)Registration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: 103We’ve all heard the adage that it’s not if it happens but when you are inevitably breached… Do you have a plan? Even a framework to go off of? What do you include? Who do you include? How often should you be practicing this plan? Join our experts as they discuss incident response plans, who should be involved, best practices, and pitfalls.
1:15 pmPanel: Knowledge Is Power (Encryption)Registration Level:- Open Sessions
1:15 pm - 2:00 pmLocation / Room: 102Encryption: the translation of data into a secret code. Very much like the codes that Elizebeth Friedman had cracked against the rum runners and bootleggers during the Prohibition days. Our heroine was able to smash their codes and determine when the next shipments were scheduled to arrive stateside. Knowledge truly was power as Friedman was able to effectively predict the future through her diligent code breaking. The level of sophistication may have changed but the point of encryption was and still is to safeguard the data from those that are not part of the group. Our experts will discuss the importance of using encryption to keep our information secure as well as address some of the best practices and pitfalls to watch out for.
2:15 pmConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
2:15 pm - 3:00 pmLocation / Room: Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
3:00 pmWhy Can't the Business and IT Get Protection Right?Director, Audit and Compliance, CipherTechs, Inc.Registration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 101Security is a process and never ending, why can’t the business and IT understand that it is not once and done. Security and privacy compliance grows in regulations globally, yet we wait to see if we can run under the radar. We cannot do that anyone and customers, individuals, and organizations are paying in more ways than one. In this session we will talk about • Why businesses are cutting everything
• Why outsourcing may be more important
• Things we can do to increase protection for the complete security life cycle
• Building the right controls
• Presenting the ideas to management3:00 pmA Survey of U.S. Domestic Security and Privacy Laws: The Evolving LandscapeFounding Partner & Owner, Fischer Law, LLCRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 102A Survey of U.S. Domestic Security and Privacy Laws: The Evolving Landscape. The US legal framework for cybersecurity and data privacy continues to evolve, trying to stay abreast of the ever evolving and changing technologies. In the past year, State and Federal regulatory changes have altered the legal and compliance oblgiations of many companies across a variety of industries. Additionally, the courts are starting to adopt opinions that are placed more liability on companies for the protection of sensitive personal data. This presentation will provide an overview of key regulatory and legal changes both at the State and Federal level and discuss how companies should prepare to meet these evolving obligations.
3:00 pm[Cisco] Cloud Security: Stepping into the Cloud with ConfidenceConsulting Systems Engineer, CiscoRegistration Level:- Open Sessions
3:00 pm - 3:45 pmLocation / Room: 104This presentation will discuss the evolving threat landscape that applies to enterprises as they shift to cloud-based infrastructures and direct-to-internet architectures. We will look at how security solutions must adapt to this by changing the enforcement points and providing ubiquitous control and visibility.
3:00 pmPanel: The Unstoppable Convergence of Physical and CybersecurityPresident & CEO, Edward Davis, LLCRear Admiral, U.S. Navy (Ret.), President, Spinnaker Security LLC; ACSC Board ClerkCEO & Founder, CYBRICRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 103The convergence of physical and cybersecurity has become the gold standard for maximized protection and risk management. The popularity of IoT devices for physical security creates an entirely new set of vulnerabilities that hackers use to exploit systems. These new security devices are a liability but, implemented properly with the combination of physical and cybersecurity, can be a security benefit to an organization.
Convergence prevents physical and information security teams from seeing vulnerabilities from only one perspective, improving response rates to incidents that straddle real-world and IT-based systems. Convergence strengthens an organization’s defenses against escalating threats.Attendees will hear from veterans of the public and private sectors—including the military, law enforcement and technology—how a holistic view of security will better prepare their organizations against tomorrow’s bad actors and threats.
3:00 pmSecureWorld PLUS Part 2 - How to Build the Future: A Deep Dive into Artificial Intelligence, Blockchain, and Preparing Your Organization for 5-10 Years AheadSecureWorld PLUS Registrants ONLYThe Bald Futurist, Former Chief Evangelist and Futurist, IntelRegistration Level:- SecureWorld Plus
3:00 pm - 4:30 pmLocation / Room: 108In this workshop, you will learn about two of the most important technologies shaping our future, Artificial Intelligence and Blockchain technology. You will then learn how to use the Futurecasting process to model, plan, and build future experiences, including some that are a built around AI and Blockchain. While it does discuss some technical topics at a high level, this workshop is open and accessible to anyone and everyone. Sign up today to boost your knowledge on both AI and Blockchain, and to learn new techniques that will enable you to imagine, plan and build the future.
Hear from Steve as he gives a preview of what he will cover in this PLUS course: https://youtu.be/eN-wYrdPyjs
AGENDA
Introductions
Artificial Intelligence: How AI will reshape every business, including yours
Artificial intelligence (AI) is a profoundly important set of technologies that are already shaping the way we live our lives, and the ways that businesses operate. As the second era of computing, AI will have as profound of an effect on business and society as did electrification and traditional digital computers. Over the next decade, AI will transform all our lives and will reshape every industry. AI will power autonomous vehicles, smart robots, drones, virtual assistants, and chatbots. It will manage our smart cities, power sentient factories, and oversee our smart energy grids. AI will turbo-charge medical diagnosis, revolutionize customer service, and aid in the discovery of new materials and new pharmaceuticals. AI will reshape every business process, and could reshape the structure of every team. The HR Director and CIO of every company will need to become best friends as IT and HR co-own a blended human-machine labor force. Every IT person needs to understand the capabilities, limitations, and implications of artificial intelligence, no matter their level of technical acumen. This session explains what Artificial Intelligence is and how it can be used. Attendees will then review the main concepts of AI: artificial neural networks, deep learning, supervised learning, unsupervised learning, reinforcement learning, and generative adversarial networks. Finally, the session will explore how AI may develop in the future, and how it will require a rethinking of every workflow, and every workplace.Blockchain beyond crypto-currencies: Your foundation to create new business value
Crypto-currencies like Bitcoin are just one of the many applications that can be built on top of Blockchain technology. Blockchain has rapidly become a valuable platform for new value creation across a wide range of industries. Heavyweights like IBM, Walmart, Accenture, Intel, and Bank of America are all placing big bets in this area. Over the last thirty years, we have moved from the client-server era, through the cloud computing era, and now with Blockchain to the era of distributed applications. Blockchain technology removes the need for central authorities, creates trust in a trestles world, reduces transaction costs, and dramatically improves traceability. In this session, you’ll cover Blockchain basics, understand why Blockchain technology is so disruptive, and learn how distributed applications (dApps) enable a new innovation paradigm that brings with it new funding and collaboration models. You’ll then look at examples of how Blockchain is already being used to solve problems in a wide range of industries, from real-estate to supply chain, and healthcare to energy. Be sure that you are prepared to take full advantage of the increased levels of trust, privacy, traceability, and data security made possible by Blockchain technology. Every IT person needs to understand the implications of this technology to their business.
Futurecasting Workshop
In this workshop, you’ll learn all the main steps of the Futurecasting process, a proven foresights process developed by futurist, Brian David Johnson. You will then practice each of these major steps—trend synthesis, personas, rapid futurecasting, science fiction prototyping, and backcasting—and start to develop some plans for the future. Some of these plans will build upon what you learned during the two morning sessions focused on AI and Blockchain. In addition to using Rapid Futurecasting to design simple experiences that you may wish to create, you will also consider the investments, partnerships, R&D effort, and talent plans you might need to succeed. “The best way to predict the future is to design it”. So said engineer, inventor, and futurist Buckminster Fuller. Similar statements have been credited to Alan Kay, Peter Drucker, and even Abraham Lincoln. The bottom line is that in order to seize a leadership position in any market, a company needs to take an active role in defining the future that they want to build, and then develop a comprehensive plan to build that imagined future. Attend this workshop to learn how to deploy the Futurecasting process at your company, or perhaps in your own life, as a way to help you model, plan, and then build the future that you want.
3:00 pm[SecureWorld PLUS] Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity FrameworkSecureWorld PLUS Registrants ONLYSr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
3:00 pm - 4:30 pmLocation / Room: 105The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report
The class will help individuals and organizations acquire knowledge, skills and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the Instructor – Larry Wilson:
- Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
3:00 pm[SecureWorld PLUS] Part 2 - Cloud Security EssentialsSecureWorld PLUS Registrants ONLYDirector of Infrastructure and Database Services, The University of MassachusettsRegistration Level:- SecureWorld Plus
3:00 pm - 4:30 pmLocation / Room: 107Joe Fontecchio has developed a 4.5 hour SecureWorld PLUS training class that reviews the different cloud deployment and service models in the industry today and what steps we need to take as security professionals to ensure the protection of our data and services in the cloud. Below is a list of the topics discussed during the 4.5 hour session.
Introduction to the Cloud and Common Definitions
Identity and Access Management
Data Life Cycle: Create, Store, Use, Share, Archive and Destroy
Monitoring
Business Continuity/Disaster Recovery
Securing Your Cloud Migration Strategy
Securing IaaS, PaaS, SaaS and FaaS
Discussing Business Impacts and Consideration
Cloud Access Security Broker (CASB)
DevSecOps4:00 pmHappy Hour ReceptionJoin GuidePoint and Partners for post SecureWorld social hour.Registration Level:- Open Sessions
4:00 pm - 7:00 pmLocation / Room: Kings Dining & EntertainmentJoin GuidePoint and Partners for a social hour after Day 1 of SecureWorld. Come discuss the day’s events, network with security peers, and enjoy beverages, hors d’oeuvres, entertainment, and prizes.
Register NowKings Dining & Entertainment
50 Dalton St, Boston, MA 02115
4-7 p.m.Compliments of GuidePoint Security and PAvilion Partners: Agari, Bitglass, Crowdstrike, Exabeam, Expanse, Forescout, Gemalto, Insights, Okta, OneLogin, SentinelOne, Signal Sciences, Splunk, Symantec, Tenable, Varonis, Cybereason, Venafi, Cylance, Digital Shadows, Kenna, Gigamon, Virtisec, Security Scorecard, PKware, Checkmarx, Skybox, Guardicore, Netskope, Thales, Demisto, Imperva, Spirion
- Thursday, March 28, 20197:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 3:00 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
8:00 amSecureWorld PLUS Part 3 - How to Build the Future: A Deep Dive into Artificial Intelligence, Blockchain, and Preparing Your Organization for 5-10 Years AheadSecureWorld PLUS Registrants ONLYThe Bald Futurist, Former Chief Evangelist and Futurist, IntelRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: 108In this workshop, you will learn about two of the most important technologies shaping our future, Artificial Intelligence and Blockchain technology. You will then learn how to use the Futurecasting process to model, plan, and build future experiences, including some that are a built around AI and Blockchain. While it does discuss some technical topics at a high level, this workshop is open and accessible to anyone and everyone. Sign up today to boost your knowledge on both AI and Blockchain, and to learn new techniques that will enable you to imagine, plan and build the future.
Hear from Steve as he gives a preview of what he will cover in this PLUS course: https://youtu.be/eN-wYrdPyjs
AGENDA
Introductions
Artificial Intelligence: How AI will reshape every business, including yours
Artificial intelligence (AI) is a profoundly important set of technologies that are already shaping the way we live our lives, and the ways that businesses operate. As the second era of computing, AI will have as profound of an effect on business and society as did electrification and traditional digital computers. Over the next decade, AI will transform all our lives and will reshape every industry. AI will power autonomous vehicles, smart robots, drones, virtual assistants, and chatbots. It will manage our smart cities, power sentient factories, and oversee our smart energy grids. AI will turbo-charge medical diagnosis, revolutionize customer service, and aid in the discovery of new materials and new pharmaceuticals. AI will reshape every business process, and could reshape the structure of every team. The HR Director and CIO of every company will need to become best friends as IT and HR co-own a blended human-machine labor force. Every IT person needs to understand the capabilities, limitations, and implications of artificial intelligence, no matter their level of technical acumen. This session explains what Artificial Intelligence is and how it can be used. Attendees will then review the main concepts of AI: artificial neural networks, deep learning, supervised learning, unsupervised learning, reinforcement learning, and generative adversarial networks. Finally, the session will explore how AI may develop in the future, and how it will require a rethinking of every workflow, and every workplace.Blockchain beyond crypto-currencies: Your foundation to create new business value
Crypto-currencies like Bitcoin are just one of the many applications that can be built on top of Blockchain technology. Blockchain has rapidly become a valuable platform for new value creation across a wide range of industries. Heavyweights like IBM, Walmart, Accenture, Intel, and Bank of America are all placing big bets in this area. Over the last thirty years, we have moved from the client-server era, through the cloud computing era, and now with Blockchain to the era of distributed applications. Blockchain technology removes the need for central authorities, creates trust in a trestles world, reduces transaction costs, and dramatically improves traceability. In this session, you’ll cover Blockchain basics, understand why Blockchain technology is so disruptive, and learn how distributed applications (dApps) enable a new innovation paradigm that brings with it new funding and collaboration models. You’ll then look at examples of how Blockchain is already being used to solve problems in a wide range of industries, from real-estate to supply chain, and healthcare to energy. Be sure that you are prepared to take full advantage of the increased levels of trust, privacy, traceability, and data security made possible by Blockchain technology. Every IT person needs to understand the implications of this technology to their business.
Futurecasting Workshop
In this workshop, you’ll learn all the main steps of the Futurecasting process, a proven foresights process developed by futurist, Brian David Johnson. You will then practice each of these major steps—trend synthesis, personas, rapid futurecasting, science fiction prototyping, and backcasting—and start to develop some plans for the future. Some of these plans will build upon what you learned during the two morning sessions focused on AI and Blockchain. In addition to using Rapid Futurecasting to design simple experiences that you may wish to create, you will also consider the investments, partnerships, R&D effort, and talent plans you might need to succeed. “The best way to predict the future is to design it”. So said engineer, inventor, and futurist Buckminster Fuller. Similar statements have been credited to Alan Kay, Peter Drucker, and even Abraham Lincoln. The bottom line is that in order to seize a leadership position in any market, a company needs to take an active role in defining the future that they want to build, and then develop a comprehensive plan to build that imagined future. Attend this workshop to learn how to deploy the Futurecasting process at your company, or perhaps in your own life, as a way to help you model, plan, and then build the future that you want.
8:00 am[SecureWorld PLUS] Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity FrameworkSecureWorld PLUS Registrants ONLYSr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: 105The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report
The class will help individuals and organizations acquire knowledge, skills and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the Instructor – Larry Wilson:
- Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
8:00 am[SecureWorld PLUS] Part 3 - Cloud Security EssentialsSecureWorld PLUS Registrants ONLYDirector of Infrastructure and Database Services, The University of MassachusettsRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: 107Joe Fontecchio has developed a 4.5 hour SecureWorld PLUS training class that reviews the different cloud deployment and service models in the industry today and what steps we need to take as security professionals to ensure the protection of our data and services in the cloud. Below is a list of the topics discussed during the 4.5 hour session.
Introduction to the Cloud and Common Definitions
Identity and Access Management
Data Life Cycle: Create, Store, Use, Share, Archive and Destroy
Monitoring
Business Continuity/Disaster Recovery
Securing Your Cloud Migration Strategy
Securing IaaS, PaaS, SaaS and FaaS
Discussing Business Impacts and Consideration
Cloud Access Security Broker (CASB)
DevSecOps8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 3:00 pmLocation / Room: Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:30 amInfraGard Chapter Meeting - Open to all AttendeesPresentation: Implementing a ‘Zero Trust’ Approach for Securing Your Enterprise EnvironmentsPrincipal Cyber Architect, U.S. Federal Government, SymantecRegistration Level:- Open Sessions
8:30 am - 9:15 pmLocation / Room: Keynote TheaterDiscover your local associations – join InfraGard for their chapter meeting and presentation.
Zero Trust is an architectural model that guides security teams on how to apply Zero Trust tenants to address the modern threat landscape. The model advocates a holistic approach to information security and puts special focus on processes and technologies that secure your data, wherever it resides. The objective is to strengthen data security and obfuscation – to limit risk derived from excessive user privileges and access. Benefits also include improved security detection and response with analytics and automation. Understanding key concepts at a high level is one thing. Properly implementing the model can be much more challenging. This presentation will therefore examine each of the requirements for adopting a Zero Trust model across the entire security stack. Key considerations as you plan your Zero Trust programs will be covered in detail along with the benefits of a platform versus fragmented approach to establishing a mature Zero Trust architecture.
8:30 amInformation Security and Risk Management: A Decision Support Tool, a Cultural Change Agent, the Answers to the Quiz About Truly KnowingVP & CISO, Blue Cross Blue Shield of MassachusettsRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 101Effective ways to position your Security and Risk programs for relevance and success. Tell your story to demonstrate the value you add and how you align to, support and enhance business objectives. Creating internal business relationships that turn critics into partnerships . The ultimate goal is to create a culture of change, awareness and shared accountability.
8:30 amBlockchain and Data Protection Laws: Can They Co-Exist?Founding Partner & Owner, Fischer Law, LLCRegistration Level:- Conference Pass
- SecureWorld Plus
8:30 am - 9:15 amLocation / Room: 102Blockchain and Data Protection Laws: Can they Co-Exist? With the increasing emphasis on data privacy, and the adoption of data protection regulations, Blockchain faces hurtles in complying with these regulatory obligations while allowing for the continued evolution of the technology. This presentation will discuss the ways in which Blockchain needs to take into account core privacy principles, and discuss the practical implications of various data protection regulations, including the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other regulatory requirements. 8:30 am[SSH] 5 Ways to Bypass PAMSenior Solutions Architect, SSH.COMRegistration Level:- Open Sessions
8:30 am - 9:15 amLocation / Room: 104Let’s learn about how unmanaged Credentials over the past 10+ years could still be accessible to insider and outsider threats and how to clean up a commonly ignored or even forgotten issue. Moving forward with fast, agile privileged access still requires cleaning up the messy past. 8:30 amWhy Move? Lessons Learned Working Internationally in APACResearch Security Officer, Massachusetts Institute of TechnologyRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 103What’s the best way to learn more about another company or department outside of the US that you do business with? Why not embrace, make changes and move yourself there to experience everything? Learn more about the challenges (pros and cons) and lessons learned faced. Bring your questions to this session. This will be a very informative session that talks about the experiences learned and some recommendations of things to do now and be cognizant of.
9:30 amOPENING KEYNOTE: [Cisco] The Birth of Crypto Has Changed the Threat LandscapeSE Manager, Cloud Security, CiscoRegistration Level:- Open Sessions
9:30 am - 10:15 amLocation / Room: Keynote TheaterThe birth of cryptocurrency has changed the threat landscape, making it easier for malicious actors to get paid and remain anonymous. The days of ransomware are not over, but the more ominous threats facing us now are cryptojacking, miners, and phishing. With the rocketing crypto market cap soaring up to $835 billion this year, the name of the game is computing power and actors are using your environment.
Learning Objectives:
1: Understand why cryptojacking is happening in corporate environments and indicators of compromise
2: Learn preventative measures and how to remediate if actors have compromised your environment
3: Learn how to secure cloud computing resources and protect against malicious JS injections10:15 amConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
10:15 am - 11:15 amLocation / Room: Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
11:00 amAdvisory Council Roundtable - (VIP / Invite Only)Sr. Cybersecurity Advisor, Sage Data SecurityRegistration Level:- VIP / Exclusive
11:00 am - 12:00 pmLocation / Room: 109This session is for our Advisory Council / VIP only.
11:15 amA New Rubric for IT Recruiting and RetentionDirector, Information Security Education & Consulting, Harvard UniversityRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 103From lengthy vacancies in unfilled positions to a choice of strong candidates within weeks of job listings. Hear how Harvard Information Security and Harvard WIT (Women in Technology) are leading a culture shift in our IT community that extends from recruiting through promotion. Participants will explore useful resources and techniques to remove inadvertent biases in your processes, so you can better attract, retain, and develop strong talent and inclusive teams in your organizations. We explore job postings, marketing, interview processes, selection criteria, apprenticeship opportunities, and mentoring programs.
11:15 amEU GDPR: Enforcement Landscape, Key Security Risks, and RecommendationsPartner, Park Legal LLCRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 101The GDPR has been in effect since May 25, 2018. Hear from a presenter who sits on a team with the EU and other data protection regulators about the number of complaints and security breach reports that various EU member states have received since the GDPR took effect, as well as enforcement under that regulation. The presenter will also discuss key triggers for enforcement, particularly in relation to IT security, and will provide recommendations to help organizations successfully address the complex GDPR and member state requirements for IT security. 11:15 am[Rapid7] A Field Guide to Measuring Internet Exposure with Industry Examples from the Fortune 500Sr. Director, Chief Security Data Scientist, Rapid7Registration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: 11111:15 am[GuidePoint Security] Principles of an Effective Cloud Security StrategyPractice Director, Cloud Security, GuidePoint SecurityRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 104With public cloud continuing to rapidly expand through the release of new services, deployment models, and architectures information security organizations continue to find themselves looking for effective cloud security controls. GuidePoint’s Cloud Security Practice Director will describe how organizations have identified cloud security controls, designed frameworks and maturity models, and have implemented effective strategies based on real world experience and leadership.
11:15 amLessons from Lighthouse KeepersCISO, Steward Health CareRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 102In this session, let’s discuss the cybersecurity transformation of a large, complex enterprise and identify recommendations for anyone looking to kickstart a similar effort.
The Partners HealthCare “Lighthouse” project provides Partners’ employees, physicians, residents, researchers, and staff with the requirements and the best practices for securing patient information and critical business systems. The project dates from 2011 and includes periodic checkpoints with trusted third parties to validate the maturity and effectiveness of the program.
11:15 amACP Chapter Meeting and Presentation - Open to all AttendeesPresident, Greater Boston Chapter, Association of Continuity Professionals (ACP)Registration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: 110Interested in your local associations? Join ACP for their chapter meeting and presentation.
Presentation Details Coming Soon
12:00 pmAdvisory Council Lunch Roundtable – (VIP / Invite Only)Registration Level:- VIP / Exclusive
12:00 pm - 1:00 pmLocation / Room: 10912:15 pm[LUNCH KEYNOTE] Radware: The 10 Immutable Security Facts for 2020Head of Research, Threat Intelligence Division, RadwareRegistration Level:- Open Sessions
12:15 pm - 1:00 pmLocation / Room: Keynote TheaterA presentation of top 10 security facts that will disrupt established application and infrastructure security practices. A discussion centered around questions everyone is or should be asking in 2020:
- What is the attack surface of the public cloud?
- Why are NIDs, HIDs, and flow collectors not adapted for cloud based infrastructure and applications?
- How to protect APIs and cloud native applications running in dynamic, end-to-end encrypted service meshes?
- What is Next Gen WAF and when should I consider it?
- What are automated threats and how to protect against the 4th generation bots?
- Is deep learning an inexorable technology as attackers get automated and attacks more sophisticated?
- What will be the impact of 5G on application security and availability?
Presentation outline
A top 10 is subjective in nature, but it wasn’t just pulled out of thin air. The 10 facts are based on trends in recent threats, my own security research, and discussions with CISOs and security leaders.The Top 10 security facts for 2019/2020:
- The Attack Surface of the Public Cloud is defined by Permissions
- The Insider thread of the Public Cloud is the Outsider
- HIDs, NIDs, and Flow Collectors are pointless for Securing Cloud-based Applications
- WAF does not keep up with Cloud Native Applications
- East-West Traffic is getting Encrypted
- Attackers are getting Automated
- Attacks are getting more Sophisticated
- APIs are the new Front-end
- Machine and Deep Learning become essential for Threat Detection
- 5G will fuel the next IoT Explosion
Starting the discussion with an overview of the current threat landscape, illustrating with real-world incidents in following categories:
1. Cloud infrastructure abuse
2. Data breaches through publicly exposed S3 buckets
3. Ransom of poorly secured cloud data services
4. Cloud Infrastructure owning and wiping
5. Cloudification of DDoS attacks
6. Automated threatsA quick run through of the top 10 security facts.
The rest of the discussion will lead to the 10 facts and is organized in 4 chapters, each centering around a top of mind topic:
- Migrating to the cloud
- Cloud Native Applications
- Automated Threats
- 5G/IoT Intersection
Each chapter is summarized with the top security facts that were demonstrated throughout the discussion
1:15 pmPanel: Access Control – The End of the Password?Registration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: 102“Open Sesame!” Whether you recognize the term coming from Ali Baba or one of the forty thieves, this timeless password ranks up there with “password123” or “admin” on your home wireless router. Passwords were created to keep us safe or keep something safe for us. Back in the day you were able to look the person in the eye when they said the password. You knew (roughly) what you were getting, and you could perform a risk assessment (of sorts) on the speaker. Now, with some many ways at getting our information, the password is going the way of the dodo. Is 2FA good enough? Zero Trust? Pass phrases? Perhaps your own voice is the password? I don’t know the answer, but I’d be willing to bet that some of the experts on this panel will be able to help you decide what to do with the password dilemma.
1:15 pmPanel: The Battle for the Endpoint Continues (Endpoint Security)Registration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: 103What are you doing to keep the network safe for your employees? You’ve got your fancy next-gen firewall and some A/V, maybe even some biometrics or 2FA thrown in for safekeeping. We also keep hearing the IAM acronym thrown around. And what is Zero Trust? What are you missing? Oh, yeah… remote workers and IoT. Wouldn’t it be cool if you had someone to ask? Now you do. This panel will go through these questions and more. Join the group discussion as we address the challenges in endpoint and network security.
1:15 pmPanel: Shifting Landscape of Attack VectorsRegistration Level:- Open Sessions
1:15 pm - 2:00 pmLocation / Room: Keynote TheaterIf one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
2:15 pmConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
2:15 pm - 3:00 pmLocation / Room: Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
2:30 pmDash for Prizes & CyberHuntRegistration Level:- Open Sessions
2:30 pm - 2:45 pmLocation / Room: Exhibitor FloorBe sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win
3:00 pmSecurity Challenges: Rolling out a Cloud Offering Across a Global OrganizationVP, Security Engineering Solutions Team, State Street CorporationRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 101This presentation will highlight the challenges that all organizations, local or global, will face when planning and implementing a Cloud Offering Solution. Particular focus will be placed on securing the organization’s data. We will examine what steps to take to protect data in the cloud when implementing the cloud solution. 3:00 pmUNH’s Perfect Storm: Managing the Rapidly-Evolving Identity Threat LandscapeInformation Security Compliance Program Manager, University of New HampshireIdentity and Access Management Program Manager, University of New HampshireRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 103Identity & Access Management (IAM) in higher education can be a challenging landscape with evolving business and technical requirements, limited resources, and a rapidly-evolving threat landscape and attack surface. We are the size of a fortune 500 company with the complexity and compliance requirements of a small city and the budget and staffing of a large non-profit. This session will cover the University of New Hampshire’s challenges in bringing IAM to industry standards that align with the higher education environment, and how they are solving those challenges today and positioning the university for the future.
3:00 pmWorkplace Violence: Preparation Is KeyCIO & CISO, BTE PartnersRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 104In this presentation, we’ll look at the statistics of what has happened and try to make sense of why these types of attacks continue to increase. Then we’ll discuss how companies can prepare themselves for an unthinkable physical security breach.
- ACP – Greater BostonBooth:
ACP is a professional organization that provides a forum for the exchange of information and experiences for business continuity leaders. We serve the greater Boston area, including Rhode Island and southern New Hampshire. Meetings are held on the second Wednesday of every month (except July & August). We invite you to attend our next meeting.
- AccessIT GroupBooth: 520
AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.
AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.
- AgariBooth: Pavilion: 410
Agari is transforming the legacy Secure Email Gateway with its next-generation Secure Email Cloud powered by predictive AI. Leveraging data science and real-time intelligence from trillions of emails, the Agari Identity Graph™ detects, defends and deters costly advanced email attacks including business email compromise, spear phishing and account takeover.
- Alert LogicBooth: 708
Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.
- APCONBooth: 525
APCON, an industry leader in network visibility and security solutions, provides an unparalleled level of confidence to enterprise and midsize businesses seeking network insights for enhanced investigation, threat detection and response. Our customers include Fortune 1000 companies to midsize organizations as well as government and defense agencies. Organizations in over 40 countries depend on APCON solutions.
- AppViewXBooth: 702
AppViewX is the most advanced certificate and key lifecycle automation platform. With their certificate lifecycle automation and management platform, CERT+, your enterprise can protect itself from cyber-attacks that can happen easily due to misused keys or expiring certificates. AppViewX CERT+ provides automated discovery, enrollment, monitoring, validation, expiry notification, renewal, provisioning, remediation, reporting and revocation of SSL/TLS certificates across networks including app servers, web servers, ADCs, proxies, firewalls, client and mobile devices. CERT+ helps enterprise IT manage and automate the entire lifecycle of their internal and external PKI.
- ARMA BostonBooth:
ARMA International is a not-for-profit organization representing the RIM profession. Its primary purpose is the advancement of the profession and the professional through advocacy, education and professional development.
ARMA International members include records and information managers, MIS and ADP professionals, imaging specialists, archivists, hospital administrators, legal administrators, librarians, corporate counsel, compliance professionals, and educators. ARMA, its chapters, and its members are dedicated to helping individuals, organizations, and government agencies successfully meet the challenges of the increasingly complex records and information management field.
- Armis, IncBooth: 523
Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust Armis’ unique out-of-band sensing technology to discover and analyze all managed and unmanaged devices, analyze endpoint behavior to identify risks and attacks, and protect information and systems.
- ASISBooth:
ASIS International is the world’s largest membership association for security professionals. With hundreds of chapters across the globe, ASIS is recognized as the premier source for learning, networking, standards, and research. ASIS ensures its members and the security community have access to the intelligence and resources necessary to protect their people, property, and information assets. www.asisonline.org
- Atlantic Data SecurityBooth: 118
Since 1993, Atlantic has been representing industry leading security products to help get customers to an acceptable level of IT security risk. Atlantic works extensively with both large enterprises and SMB markets, understanding their business goals before any solution is recommended. Atlantic’s strict focus ensures that customers receive the highest level of both service and support.
- AttackIQBooth: Pavilion: 413
AttackIQ, the leading independent vendor of breach and attack simulation solutions, built the industry’s first Security Optimization Platform for continuous security control validation and improving security program effectiveness and efficiency. AttackIQ is trusted by leading organizations worldwide to identify security improvements and verify that cyberdefenses work as expected, aligned with the MITRE ATT&CK framework. The Company is committed to giving back to the cybersecurity community through its free AttackIQ Academy, open Preactive Security Exchange, and partnership with MITRE Engenuity’s Center for Threat Informed Defense.
- baramundi software USA, Inc.Booth: 521
baramundi Software provides companies and organizations with efficient, secure, and cross-platform management of workstation environments.
The baramundi Management Suite (bMS) combines all important features for Endpoint Management: Patch Management, Software Deployment, OS-Installation, Enterprise Mobility Management, Vulnerability Assessment, and more. bMS optimizes IT management processes by automating routine tasks and providing an extensive overview of the status of the network and endpoints. In doing so, it relieves pressure on IT administrators and ensures that users always have the necessary rights and applications on all platforms and form factors; whether on PCs, servers, notebooks, mobile devices or Macs.
Over 3,000 customers around the world benefit from nearly two decades of experience and the easy-to-use software solution.
- BeyondTrustBooth: Pavilion: 424
BeyondTrust is the worldwide leader in Privileged Access Management (PAM), empowering organizations to secure and manage their entire universe of privileges. Our integrated products and platform offer the industry’s most advanced PAM solution, enabling organizations to quickly shrink their attack surface across traditional, cloud and hybrid environments.
The BeyondTrust Universal Privilege Management approach secures and protects privileges across passwords, endpoints, and access, giving organizations the visibility and control they need to reduce risk, achieve compliance, and boost operational performance. We are trusted by 20,000 customers, including 78 of the Fortune 100, and a global partner network.
- Big Switch NetworksBooth: 603
Big Switch Networks is the next-gen networking company. Big Monitoring Fabric is an NPB that enables pervasive visibility and security across all workloads: physical, VM , container or cloud. Big Mon Inline enables pervasive security in the DMZ while offering lower-cost and SDN-centric operational simplicity. Tech partnerships include: A10, Palo Alto Networks, Symantec, FireEye, ExtraHop, Riverbed.
- BitdefenderBooth: 505
Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.
From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.
- BitglassBooth: Pavilion: 416
Your company’s move to the cloud delivers flexibility and cost savings, but that doesn’t mean you should lose control of your data. Bitglass’ Cloud Access Security Broker (CASB) solution enables your enterprise to adopt cloud apps while ensuring data security and regulatory compliance. Bitglass secures your data in the cloud, at access, on any device.
Bitglass was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.
- BlackBerry CybersecurityBooth: TBD
BlackBerry Cybersecurity is a leader in endpoint security, endpoint management, encryption, and embedded systems, protecting enterprises and governments around the world. Our end-to-end approach is deeply rooted in Cylance® AI and machine learning, providing continuous preventative protection, detection, and instant response. We extend protection for your organization against current and future cyberthreats by combining network and endpoint telemetry and by delivering innovative solutions in the areas of cybersecurity, safety, and data privacy.
- Secure DiversityBooth: 204
Seecure Diversity is an innovative non-profit organization with leaders that think out of the box who have created strategies & solutions in placing qualified women and underrepresented humans into cybersecurity roles. We foster gender diversity, equity, and inclusion in the cybersecurity industry through conferences, networking, mentoring, professional development, and community outreach. One of our primary goals is to raise awareness and increase the number of women and underrepresented humans in the cybersecurity workforce. Founded in 2015 by Deidre Diamond; our mission is the equal representation of women and men in the cybersecurity workforce by engaging and collaborating with organizations and businesses to improve the recruitment and retention of women; utilize marketing and social media platforms to raise awareness of women in cybersecurity careers; remove cybersecurity institutional barriers and innovate new strategies to leverage existing resources.
- Bugcrowd Inc.Booth: 223
By combining the world’s most experienced team of bounty experts and the market’s only enterprise-grade bug bounty platform, Bugcrowd connects organizations to a global crowd of trusted security researchers to identify vulnerabilities—before the adversaries do.
- Carbon BlackBooth: 611
Carbon Black is Transforming Security Through Big Data and Analytics in the Cloud Growing trends in mobility and cloud have made the endpoint the new perimeter. New and emerging attacks are beating traditional defenses, and security teams are too reactive and held back by their technologies. Carbon Black is leveraging the power of big data and analytics to solve the challenges surrounding endpoint security. With the Cb Predictive Security Cloud platform, we are transforming cybersecurity to deliver a new generation of cloud-delivered security solutions designed to protect against the most advanced threats.
- Checkmarx Inc.Booth: Pavilion: 414
Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.
- Check Point Software TechnologiesBooth: 102
Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.
- CiscoBooth: 514
Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.
- Cloud Security Alliance (CSA)Booth: 213
The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.
- CofenseBooth: Pavilion: 425
Cofense® provides the world’s most effective email threat detection and remediation solutions. Cofense PhishMe® and the Cofense Phishing Detection and Response Platform (PDR), are powered by over 35 million Cofense-trained employees who report phishing and other dangerous email threats in real time. Exclusive to Cofense, our network detects and eradicates threats other email security systems miss and removes them from our customer inboxes. For more information, visit www.cofense.com or connect with Cofense on X and LinkedIn.
- Code42Booth: 205
Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.
- ColoSpaceBooth: 225
ColoSpace is a leading provider of Colocation, Managed IT and Cloud Solutions. Its impressive customer list includes some of the world’s largest fi nancial services, healthcare, and high tech companies. ColoSpace specializes in delivering fl exible solutions in secure, highly-available environments.”
- Comodo CybersecurityBooth: 607
In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.
- CrowdStrikeBooth: Pavilion: 304
CrowdStrike sets the standard for cybersecurity in the cloud era. The CrowdStrike Falcon® platform protects and enables the people, processes, and technologies that drive modern enterprise, delivering superior protection, better performance, reduced complexity, and immediate time-to-value. CrowdStrike secures the most critical areas of enterprise risk—endpoints and cloud workloads, identity, and data—to keep organizations ahead of today’s adversaries and stop breaches.
- CSPiBooth: 118
At CSPi we are committed to helping our customers meet some of computing’s most demanding performance, availability and security challenges.
Today’s security teams receive a great deal of real-time information and intrusion alerts, generated from their security equipment and tools; yet, the volumes of data make it make it nearly impossible for incident response teams to validate a data breach. With our Myricom nVoy Series solution we offer our customers a new approach to cyber threat identification and investigation – a rapid breach response solution that identifies alerts associated with a specific asset and provides an extraction of the entire set of conversations associated with that breach.This detailed data is crucial in performing timely and accurate analysis needed to comply with data-privacy regulations such as GDPR, PCI DSS, HIPPA, SOX, and 48 different U.S. state laws related to PII.
- CyberArk SoftwareBooth: 515
CyberArk (NASDAQ: CYBR) is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including 50 percent of the Fortune 500, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.
- CybereasonBooth: Pavilion: 104
Cybereason was founded in 2012 by a team of ex-military cybersecurity experts with the mission of detecting and responding to complex cyber-attacks in real time. Cybereason is the only Endpoint Detection and Response platform deployed in user space that detects both known and unknown attacks and connects isolated indicators of compromise to form a complete, contextual attack story. Cybereason’s behavioral analytics engine continuously hunts for adversaries and reveals the timeline, root cause, adversarial activity, related communication and affected endpoints and users of every attack. Cybereason provides security teams with actionable data, enabling fast decision making and proper response.
- CyberSaintBooth: 118
CyberSaint Security helps organizations streamline cybersecurity risk and compliance through its automated, intelligent integrated risk management platform. Based in Boston, Massachusetts, our team’s intellectual DNA winds deeply through leading academic, tech and investment communities, the White House, RSA, IBM, EMC, KPMG, MIT, Harvard, and more. With CyberStrong, CISOs’ cybersecurity programs are as actionable and measurable as any other business function, and security and business leaders align to build cybersecurity resilience and boost productivity. Our mission is to empower organizations to manage cybersecurity as a business function through the adoption of powerful technology that enables measurement, enhances communication and improves resiliency.
- CylanceBooth: Pavilion: 420
Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.
- DarktraceBooth: 712
Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.
The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.
- Delta RiskBooth: 706
Delta Risk is breaking the mold for managed security, delivering Security Operations Center (SOC)-as-a-Service and security services that bridge the gap to a modern security approach. We enable any size organization to leverage our expert security operations team and respond to endpoint, network, and cloud security threats 24×7. ActiveEye, our proprietary platform, uses Security Orchestration Automation and Response (SOAR) to cut through the noise and address the most critical threats faster. The ActiveEye Portal is the cornerstone of our customer-centric approach, providing clients a transparent view into SOC activities and Key Performance Indicators (KPIs) that demonstrate the value of our co-managed security approach.
- DemistoBooth: Pavilion: 106
Demisto is the only Security Orchestration, Automation and Response (SOAR) Platform that combines orchestration, incident management and interactive investigation into a seamless experience. By using Demisto, security teams can build future-proof security operations to reduce MTTR, create consistent incident management processes, and increase analyst productivity.
- Digital ShadowsBooth: Pavilion: 412
Digital Shadows monitors and manages an organization’s digital risk, providing relevant threat intelligence across the widest range of data sources within the open, deep, and dark web to protect their brand, and reputation.
- EC-CouncilBooth: TBD
International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.
- enSiloBooth: 524
enSilo protects businesses around the world from data breaches and disruption caused by cyber attacks. The enSilo Endpoint Security Platform comprehensively secures endpoints in real-time pre- and post-infection without alert fatigue, excessive dwell time or breach anxiety while also containing incident response costs by orchestrating automated detection, prevention and incident response actions against advanced malware. enSilo’s patented approach stops advanced malware with a high degree of precision, provides full system visibility and an intuitive user interface and combines next-generation antivirus (NGAV), application communication control, automated endpoint detection and response (EDR) with real-time blocking, threat hunting, incident response, and virtual patching capabilities in a single agent. The platform can be deployed either in the cloud or on-premises and supports multi-tenancy.
- Envision Technology AdvisorsBooth: 503
Envision Technology Advisors is a business and technology consultancy specializing in Digital Transformation, Cybersecurity, Business Continuity, Infrastructure Consulting, Web Design and Development, and much more. With offices in Rhode Island and the Boston area, Envision serves clients throughout New England and beyond.
- eSentire, IncBooth: 617
eSentire is the largest pure-play Managed Detection and Response (MDR) service provider, keeping organizations safe from constantly evolving cyber-attacks that technology alone cannot prevent. Its 24×7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business-disrupting events. Protecting more than $6 trillion in corporate assets, eSentire absorbs the complexity of cybersecurity, delivering enterprise-grade protection and the ability to comply with growing regulatory requirements. For more information, visit www.eSentire.com and follow @eSentire on Twitter.
- ExabeamBooth: Pavilion: 407
Exabeam is a global cybersecurity leader that adds intelligence to every IT and security stack. The leader in Next-gen SIEM and XDR, Exabeam is reinventing the way security teams use analytics and automation to solve Threat Detection, Investigation, and Response (TDIR), from common security threats to the most critical that are difficult to identify. Exabeam offers a comprehensive cloud-delivered solution that leverages machine learning and automation using a prescriptive, outcomes-based approach to TDIR. We design and build products to help security teams detect external threats, compromised users and malicious adversaries, minimize false positives and best protect their organizations.
- ExpanseBooth: Pavilion: 415
Expanse is a SaaS company that continuously discovers, tracks, and monitors the dynamic global Internet Edge for the world’s largest organizations. We surface and help remediate Internet Edge risks to prevent breaches and successful attacks.
- Fidelis CybersecurityBooth: 602
Fidelis Cybersecurity is a leading provider of threat detection, hunting and response solutions. Fidelis combats the full spectrum of cyber-crime, data theft and espionage by providing full visibility across hybrid cloud / on-prem environments, automating threat and data theft detection, empowering threat hunting and optimizing incident response with context, speed and accuracy.
By integrating bi-directional network traffic analysis across your cloud and internal networks with email, web, endpoint detection and response, and automated deception technology, the Fidelis Elevate platform captures rich metadata and content that enables real-time and retrospective analysis, giving security teams the platform to effectively hunt for threats in their environment. Fidelis solutions are delivered as standalone products, an integrated platform, or as a 24×7 Managed Detection and Response service that augments existing security operations and incident response capabilities. Fidelis is trusted by Global 1000s and Governments as their last line of defense. Get in the hunt. For more information go to www.fidelissecurity.com.
- FireMonBooth: 217
FireMon is the only agile network security policy platform for hybrid cloud enterprises. FireMon delivers persistent network security for multi-cloud environments through a powerful fusion of real-time asset visibility, compliance and automation. Since creating the first-ever network security policy management solution, FireMon has delivered command and control over complex network security infrastructures for more than 1,700 customers located in nearly 70 countries around the world. For more information, visit www.firemon.com.
- ForeScout Technologies, Inc.Booth: Pavilion: 112
ForeScout Technologies, Inc. has pioneered an agentless approach to network security to address the explosive growth of the Internet of Things (IoT), cloud computing and operational technologies (OT). We offer a highly scalable, heterogeneous platform that provides Global 2000 enterprises and government agencies with agentless visibility and control of today’s vast array of physical and virtual devices the instant they connect to the network. Our technology continuously assesses, remediates and monitors devices and works with disparate security tools to help accelerate incident response, break down silos, automate workflows and optimize existing investments. As of June 30, 2018, more than 2,900 customers in over 80 countries improve their network security and compliance posture with ForeScout solutions.
- FortinetBooth: 504
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.
- G2 Deployment AdvisorsBooth: 203
G2 Deployment Advisors is comprised of a team of technology professionals with over 35 years of experience in enterprise solution implementation, process design, deployment, training and sales. G2’s model is to provide the highest level of expertise and representation for the solutions it provides. What you will find here are fully vetted solutions with people who know exactly how to support them. All the way from ensuring that you buy exactly what you need, through the design phase to deployment, and finally support.
- Garland TechnologyBooth: 118
Garland Technology provides the foundation to network visibility with a range of network TAPs and packet brokers. Our products deliver effective physical layer access for in-line and out-of-band monitoring solutions providing you access and visibility to see every bit, byte, and packetⓇ.Let us design your visibility plane, connecting your network and security tools.
- GemaltoBooth: Pavilion: 320
Today’s enterprises depend on the cloud, data and software to make decisive decisions. That’s why the most respected brands and largest organizations in the world rely on Thales to help them protect their most sensitive information and software wherever it is created, accessed or stored – from the cloud and data centers to devices and across networks. As the global leader in cloud and data protection, our solutions enable organizations to move to the cloud securely, achieve compliance with confidence, and create more value from their software in the devices and services used by millions of consumers every day.
- GigamonBooth: Pavilion: 114
Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com.
- Global Cyber AllianceBooth:
The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org
- GuardiCoreBooth: Pavilion: 325
Guardicore is a data center and cloud security company that protects an organization’s critical assets using flexible, quickly deployed, and easy to understand segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security for any application, in any IT environment – including IaaS, PaaS, on-premises VMs & legacy bare-metal servers. Guardicore was founded in 2013 with the goal of reinventing security to place greater emphasis on security beyond the traditional network perimeter.
- GuidePoint Security LLCBooth: 303
GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com
- HTCIABooth: 214
Investigators on the Leading Edge of Technology
The High Technology Crime Investigation Association (HTCIA) was formed to provide education and collaboration to our global members for the prevention and investigation of high tech crimes. As such, we are an organization that aspires to help all those in the high technology field by providing extensive information, education, collective partnerships, mutual member benefits, astute board leadership and professional management. Association Mission: Provide education and collaboration to our global members for the prevention and investigation of high tech crimes.
- HUB TechBooth: 116
HUB Tech partners with its clients becoming part of their support team. We work beside you to ensure you have a strategy that allows you to transform your Information infrastructure to keep up with the needs of your organization and your users. We have developed proprietary tools and strategies that have enabled us to lower cost and increase the quality of service to our client base, especially to state agencies, municipalities and school districts, where cost is a deciding factor in everyday decision making.
Our mission is simple – to take full ownership for all that we do, to protect those who trust in us, and to make lifelong clients from every customer contact.
- IBMBooth: 619
Digital is the wires, but digital intelligence, or artificial intelligence as some people call it, is about much more than that. This next decade is about how you combine those and become a cognitive business. It’s the dawn of a new era.
- IllumioBooth: 216
We built the Illumio Adaptive Security Platform (ASP)™ to provide unprecedented visualization and control of enterprise applications. Our system constantly inspects and adapts to the computing environment it is protecting, without pause.
Moreover, since 75 percent of computing interactions never leave the data center, our customers can now have complete visibility behind the firewall, whether it is running in their data center or the vibrant public cloud services of Amazon Web Services, Microsoft Azure, Google Compute Engine, Rackspace, and many others. - Illusive NetworksBooth: Pavilion: 408
Illusive Networks is a pioneer of deception technology, empowering security teams to take informed action against advanced, targeted cyberattacks by detecting and disrupting lateral movement toward critical business assets early in the attack life cycle. Agentless and driven by intelligent automation, Illusive technology enables organizations to significantly increase proactive defense ability while adding almost no operational overhead. Illusive’s Deceptions Everywhere® approach was conceived by cybersecurity experts with over 50 years of combined experience in cyber warfare and cyber intelligence. With the ability to proactively intervene in the attack process, technology-dependent organizations can preempt significant operational disruption and business losses, and function with greater confidence in today’s complex, hyper-connected world.
- ImpervaBooth: Pavilion: 311
Imperva is a leading provider of data and application security solutions that protect business-critical information in the cloud and on-premises. Cybercriminals constantly change their tactics. But what they are after, and how they ultimately make money, doesn’t change. They are after data. They make their money through extortion, via DDoS and ransomware, and through theft via data breaches. Today, data and applications are the fundamental assets of any enterprise. Data are the intellectual property and apps are what run the business. Imperva has a singular purpose: protect these critical assets from the ever-changing attacks of the cybercrime industry.
- InfoSec-Conferences.comBooth: n/a
We’re the InfoSec community’s #1 ‘Go To’ resource for cybersecurity conference listings. Since 2012 we’ve provided cybersecurity professionals with accurate event listings that are manually checked and updated every day.
- InfraGard BostonBooth: 206
InfraGard is a United States government (FBI) and private sector alliance. InfraGard Boston was developed by the Boston FBI office in 1998 to promote protection of critical information systems. InfraGard provides formal and informal channels for the exchange of information about infrastructure threats and vulnerabilities. The purpose of the synergistic exchange is to allow members to better protect themselves and their corporate interests while enhancing the ability of the United States government to provide national security.
- Integration PartnersBooth: 623
We know and understand you have options when choosing the right partner. Networking technology alone isn’t a differentiator, it’s how we do business with you. We’ve curated the best solutions not just to support IT needs, but to support your business strategy. Our culture is one that influences the customer experience. We never stop improving, and so we will never let you fall behind. From this simple and often overlooked practice, we believe the greatest customer relationships come from our mutual and shared strategies. Now just think… WHAT’S POSSIBLE.
- IntraSystemsBooth: 704
IntraSystems is a highly respected IT consulting company, managed services provider, and systems integrator that specializes in the deployment and delivery of IT infrastructure, virtualization services, security, and cloud solutions. IntraSystems has the proven expertise in solving the many technology challenges that companies face today, such as keeping up with the evolving security landscape, migrating to the cloud, and compliance requirements.
- Institute of Internal Auditors (IIA)Booth:
Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.
- IntSightsBooth: Pavilion: 322
IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the open, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world.
- IOvationsBooth: 609
IOvations, founded in 2006, is a value added reseller focused on protecting the data, infrastructure and applications of our customers through a combination of services and products that extend to the end point, traditional network and cloud environment. Some of the things that make us unique include multiple industry awards, a long history of working with clients who appreciate how easy we are to work with, and our strong engineering expertise providing value and thought leadership.
- ISACABooth: 207
As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.
- ISC2Booth: 222
ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, ISC2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation, The Center for Cyber Safety and Education™.
- ISSA New EnglandBooth: 215
The Information Systems Security Association (ISSA) is an international organization providing educational forums, publications, and peer interaction opportunities that enhance the knowledge, skills, and professional growth of its members’ information security professionals. The primary goal of ISSA is to promote management practices that will ensure availability, integrity, and confidentiality of organizational resources.
Since its inception in 1982, ISSA’s membership has grown to include more than 100 chapters around the world with members who represent a diverse collection of organizations, including major U.S. and international corporations, leading consulting firms, world-class educational institutions, and government agencies. From EDP audit and corporate security to contingency planning and disaster recovery, ISSA members are committed to protecting their organizations’ assets and resources.
Visit the National Headquarter’s website at www.issa.org.
- Ixia, a Keysight BusinessBooth: 621
We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.
- Jazz NetworksBooth: Pavilion: 471
Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.
- JuniperBooth: 714
Our customers don’t set out to build networks. They build on ideas that reinvent, reimagine, and improve the world around them. It makes sense that we should begin there, too.
Through our passion for creating high-performing networks, Juniper extends knowledge, collaboration, and human advancement in industries around the world—such as energy, healthcare, education, and many others.
While our innovative product and services portfolio evolves continuously, we need to reach farther to secure our customers’ long-term success. We’re looking beyond the horizons of today’s business challenges, and the technology future we see is built on real-time service integration. That means everything we develop must align with our vision.
- KennaBooth: Pavilion: 403
Kenna was built on the premise that cyber risk must be managed as an enterprise-wide effort. We believe cyber risk can only be effectively mitigated when the whole organization works as one, focused in the same direction and on the right target.
- LastlineBooth: 507
Lastline delivers innovative AI-powered network security that detects and defeats advanced threats entering or operating within a network. We protect network, email, cloud, and web infrastructures, minimizing the risk of damaging and costly data breaches with fewer resources and at lower cost.
- LifarsBooth: 617
LIFARS is an Incident Response, Digital Forensics, Ransomware Mitigation and Cyber Resiliency firm servicing all industries and companies of all sizes. LIFARS’ technical expertise spans decades of experience on high-profile cases and interaction with all brands of malicious actors, including the most cyber-sophisticated Nation States. The firm is among the most trusted by law enforcement, working with and for Intelligence Agencies such as the US Secret Service, FBI, DHS, Interpol, Europol and NATO.
- LogRhythmBooth: 604
LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.
- LookoutBooth: 220
Lookout is a cybersecurity company that makes it possible for individuals and enterprises to be both mobile and secure. With 100 million mobile sensors fueling a dataset of virtually all the mobile code in the world, the Lookout Security Cloud can identify connections that would otherwise go unseen—predicting and stopping mobile attacks before they do harm.
- MalwarebytesBooth: 625
Malwarebytes secures endpoints, making workplaces resilient. Our adaptive attack protection predicts and detects attacks with multi-layer detection across the kill chain. We enable active threat response with machine learning that is actionable and automated, allowing for full recovery when a compromise occurs. We empower enterprise endpoint orchestration across siloed IT and Security organizations, simplifying security management and making responses effective. Malwarebytes makes endpoints resilient so workplaces can protect and remediate, and employees can regain control of their digital lives. Visit us at www.malwarebytes.com/business.
- MarcumBooth: 617
Marcum Technology is a technology integrator specializing in security, data protection and consulting. We are a full service technology integrator that provides valuable skills and resources to some of the largest organizations in a variety of industries. Our expertise and commitment to quality are why our clients come and stay with us.
- Military Cyber Professionals Association (MCPA)Booth:
The Military Cyber Professionals Association is dedicated to developing the American military cyber profession and investing in our nation’s future through STEM education. We are working towards an American military cyber profession that is accomplishing what our nation needs, expects, and deserves. Our goal is to secure cyberspace for military, economic, and private individual pursuits.
- MimecastBooth: 620
Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.
- NetskopeBooth: Pavilion: 409
The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.
- NexumBooth: 622
Nexum, Inc. is a cybersecurity and networking company that builds and secures global networks for organizations across multiple verticals around the world. In addition to its Chicago headquarters, Nexum has sales, training and support presence in Kentucky, Michigan, New Hampshire, Ohio, and Wisconsin, as well as the Security and Network Operations Command Centers (SNOCC) in New Mexico and Illinois.
- NyotronBooth: 509
Nyotron provides the industry’s first OS-Centric Positive Security to strengthen laptop, desktop, and server protection. Unlike all other approaches, our patented technology does not care about the type of threat or the attack vector, allowing us to provide ultimate protection by stopping the intended damage.
Founded in 2012, Nyotron is headquartered in Santa Clara, CA with R&D in Israel. Nyotron has earned a top score of 5 stars from SC Magazine in its review of Endpoint Security Platforms, won GOLD in the 2017 IT World Awards for Endpoint Security and was designated as the 2017 HOT COMPANY in Endpoint Security by Cyber Defense Magazine.
- OCD TechBooth: 517
At OCD Tech, we provide independent and objective assurance of your IT controls. Using industry recognized frameworks, such as NIST and the CIS Top 20, we assess your company’s technology risks and evaluate existing controls for risk mitigation. Your business processes are constantly evolving. We ask you, are your IT controls keeping up?
- OktaBooth: Pavilion: 313
Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.
- OneLoginBooth: Pavilion: 423
OneLogin manages and secures millions of identities around the globe by bringing speed and integrity to the modern enterprise with an award-winning Identity & Access Management (IAM) solution. Our Trusted Experience Platform secures connections across users, devices, and applications, helping enterprises drive new levels of business integrity, operational velocity, and team efficiency across all their cloud and on-premise applications.
- OortBooth: 722
Oort is an early-stage Boston-area startup focused on the intersection of Edge Computing and Cybersecurity. They are pioneering a new model for efficiently delivering security-as-a-service for remote workers, IoT devices, and branch offices using hundreds of globally-distributed data centers at the Edge of the Internet.
- OptivBooth: 606
Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.
- Palo Alto NetworksBooth: 623
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before.
- PKWAREBooth: Pavilion: 323
PKWARE protects the world’s data with smart encryption software and solutions. In use by more than 35,000 customers, including government agencies and global corporations, PKWARE’s easy-to-use security armors data itself and eliminates vulnerabilities wherever data is used, shared or stored.
PKWARE offers the only data discovery and protection solution that locates and secures sensitive data to minimize organizational risks and costs, regardless of device or environment. Our software enables visibility and control of personal data, even in complex environments, making PKWARE a global leader in data discovery, security, and compliance.
- Preempt SecurityBooth: 221
Preempt delivers a modern approach to authentication and securing identity in the Enterprise. Using patented technology for Conditional Access, Preempt helps Enterprises optimize Identity hygiene and stop attackers and insider threats in real-time before they impact business. Preempt continuously detects and preempts threats based on identity, behavior and risk across all cloud and on-premises authentication & access platforms. This low friction and more prescriptive approach empowers security teams more visibility & control over accounts and privileged access, achieve compliance and auto-resolve incidents. Learn more: www.preempt.com.
- PresidioBooth: 604
Presidio is the premier provider of digital transformation; solutions built on agile secure infrastructure deployed; in a multi-cloud world with business analytics.
- PreVeilBooth: 722
PreVeil applies end-to-end encryption in a radically different way. We protect organizations’ email & files from phishing, spoofing, BEC & more. Seamless for users. Easy for admins.
- ProcessUnityBooth: 716
ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources.
- Qualys, Inc.Booth: 506
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 120 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.
- RadwareBooth: 614
Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.
- Rapid7Booth: 612
Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.
- Recorded FutureBooth: 512
Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.
- RiverbedBooth: 102
Riverbed is in the business of delivering holistic and impactful performance to its customers in today’s digital era. Today, performance is measured in many ways including: agility to solve new problems, insight into new customers and industries, improving time to market, increasing productivity, enhancing the customer experience, and security to ensure the most important applications are always running. As companies look to the cloud and beyond to fuel digital services and their business, Riverbed has designed products and solutions to create the connections and provide the network architecture necessary to maximize digital performance, drive impactful business outcomes and rethink possible.
- Safe-TBooth: 203
Safe-T® protects and secures your data and puts you in complete control of who sees the data and how the data is accessed and exchanged.
- SailPointBooth: 710
SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.
- SecurityScorecardBooth: Pavilion: 306
SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their third-parties through continuous, non-intrusive monitoring. SecurityScorecard’s proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Application Security, Malware, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Information.
- SentinelOneBooth: Pavilion: 324
SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.
- SEWORKSBooth: Pavilion
SEWORKS provides offensive and defensive app security that ensures apps are safe from dangerous hacking threats that can destroy intellectual property and expose sensitive user information.
As six-time DEFCON CTF(Capture The Flag) finalists, we know the best way to stop a hacker is to think like one. SEWORKS was founded in 2013 by a group of world-class security experts and white hat hackers to provide elite protection for applications. We are dedicated to continually advancing the state of app security for developers on Web, iOS, Android, Unity, and many other platforms. Our mission is to empower developers to focus on building great products by providing comprehensive and easy-to-use security solutions. SEWORKS is backed by Softbank Ventures, Qualcomm Ventures, Samsung Ventures, and more.
- SiemplifyBooth: 605
The Siemplify team is comprised of cyber-security professionals, veterans of Israeli intelligence agencies. We bring rich experience in security analysis, management and operations and are backed by experts in data science and applied mathematics.
WE BELIEVE In the modern world of cyber threat analysis, investigation and management should be more holistic, intuitive and simple. Technology and data science should serve cyber security experts by providing all the relevant information about the threat in real-time and focus them in rapid decision making.
- Signal SciencesBooth: Pavilion: 312
Signal Sciences Web Protection Platform (WPP) provides comprehensive threat protection and security visibility for web applications, microservices, and APIs on any platform. Built by practitioners, for practitioners, it is the only solution that works seamlessly across any cloud and infrastructure. The company is headquartered in Culver City, CA. For more information, please visit www.signalsciences.com.
- SIM BostonBooth: 209
At the Boston Chapter of SIM, we provide leading information technology executives, consultants, and academics with a place to share ideas. Our collaborative community shares best practices, trends and lessons learned for you: the person that is responsible for shaping and influencing the future of IT and IT management.
Our goal is to provide you with access to a robust community of the area’s top IT leaders so you can exchange ideas, share best practices, and stimulate your mind. As a senior-level IT profession providing both strategic and tactical direction to your division on a daily basis, you need someplace to turn for advice, answers, and guidance, too.
- Skybox SecurityBooth: Pavilion: 317
Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.
- SonatypeBooth: 522
Every day, developers rely on millions of third party and open source building blocks – known as components – to build the software that runs our world. Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don’t have to make the tradeoff between going fast and being secure. More than 120,000 organizations use Sonatype’s Nexus solutions to support agile, Continuous Delivery, and DevOps practices globally
- SpirionBooth: Pavilion: 421
Spirion is a leading enterprise data management software solution that provides high-precision searches and automated classification of unstructured and structured data with unparalleled accuracy. Spirion helps businesses reduce their sensitive data footprint and proactively minimize risks, costs and reputational damage of cyberattacks by discovering, classifying, monitoring and protecting sensitive data.
- SSH Communications SecurityBooth: 613
As the inventor of the SSH protocol, we have a twenty-year history of leading the market in developing advanced security solutions that enable, monitor, and manage encrypted networks. Over 3,000 customers across the globe trust the company’s encryption, access control and encrypted channel monitoring solutions to meet complex compliance requirements, improve their security posture and save on operational costs. SSH Communications Security is headquartered in Helsinki and has offices in the Americas, Europe and Asia. The company’s shares (SSH1V) are quoted on the NASDAQ OMX Helsinki. For more information, visit www.ssh.com
- SplunkBooth: Pavilion: 302
Splunk helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application incidents from becoming major issues, absorb shocks from digital disruptions and accelerate digital transformation.
- SymantecBooth: Pavilion: 309
Symantec is the world’s leading cyber security company. Organizations worldwide look to Symantec for strategic, integrated solutions to defend against sophisticated attacks, and more than 50 million people rely on Symantec’s Norton and LifeLock product suites to protect their digital lives at home. For more information, please visit www.symantec.com.
- SynackBooth: 624
Synack is the leader in smart crowdsourced security testing: One comprehensive platform includes vulnerability scanning, vetted red-teaming, bug bounty incentives, risk scoring analytics, insightful reports to ease remediation and compliance checks. Reduce your cyber risk with Synack as part of your security team.
- TBG SecurityBooth: 502
TBG Security is your trusted advisor when it comes to cybersecurity. We have been providing risk management solutions since 2003 to ensure your business is minimizing uncertainty in an increasingly hostile information environment. Whatever the IT security goal, TBG Security’s Information Security Advisors work with you to determine your requirements and tailor a straightforward plan of action to improve your organizations overall security posture. Our continuous commitment to new technologies and decades of threat avoidance experience make us the first choice of Fortunre 1000 companies for cybersecurity consulting services.
- TechTargetBooth:
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- TenableBooth: Pavilion: 308
Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.
- ThalesBooth: Pavilion: 316
As the global leader in cloud and data protection, we help the most trusted brands and largest organizations in the world protect their most sensitive data and software, secure the cloud and achieve compliance through our industry-leading data encryption, access management, and software licensing solutions.
- TrapX SecurityBooth: 617
TrapX Security is the pioneer and global leader in cyber deception technology. Their DeceptionGrid solution rapidly detects, deceives, and defeats advanced cyberattacks and human attackers in real-time. DeceptionGrid also provides automated, highly-accurate insight into malicious activity unseen by other types of cyber defenses. By deploying DeceptionGrid, you can create a proactive security posture, fundamentally halting the progression of an attack while changing the economics of cyberattacks by shifting the cost to the attacker. The TrapX Security customer-base includes Forbes Global 2000 commercial and government customers worldwide in sectors that include defense, healthcare, finance, energy, consumer products, and other key industries.
- Trend MicroBooth: 508
Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.
- TufinBooth: 716
As the market leader of award-winning Security Policy Orchestration solutions, Tufin provides enterprises with the ability to streamline the management of security policies across complex, heterogeneous environments. With more than 2,000 customers, Tufin automatically designs, provisions, analyzes and audits network security configuration changes – from the application layer down to the network layer – accurately and securely. It assures business continuity with a tight security posture, rapid service delivery and regulatory compliance across physical, private, public and hybrid cloud environments.
- University of MassachusettsBooth: 218
The University of Massachusetts System Office (UMSO), which includes the Office of the President and Central Administrative Services, provides overall leadership to the University, coordinates with the campuses on various academic and financial initiatives, and provides shared services in the areas of information technology, treasury, and procurement, among others.
The System Office represents the University in various ways (including but not limited to) with the Governor, Legislature, executive branch agencies, the federal government and professional organizations. It also coordinates academic affairs across the campuses and management and fiscal affairs including efficiency and effectiveness efforts, budgeting and forecasting, capital planning, information systems, legal matters, and human resources management. Overall planning, policy development and initiation of University-wide programs are carried out through the System Office by several departments that report to the President and his Vice Presidents and that are located in both Boston and Shrewsbury.
- VaronisBooth: Pavilion: 315
Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.
- VenafiBooth: Pavilion: 422
Venafi is the cybersecurity market leader in machine identity management, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, SSH, code signing, mobile and IoT. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise—on premises, mobile, virtual, cloud and IoT—at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.
With more than 30 patents, Venafi delivers innovative solutions for the world’s most demanding, security-conscious Global 5000 organizations and government agencies, including the top five U.S. health insurers; the top five U.S. airlines; the top four credit card issuers; three out of the top four accounting and consulting firms; four of the top five U.S. retailers; and the top four banks in each of the following countries: the U.S., the U.K., Australia and South Africa. Venafi is backed by top-tier investors, including TCV, Foundation Capital, Intel Capital, QuestMark Partners, Mercato Partners and NextEquity.
For more information, visit: www.venafi.com.
- VerodinBooth: Pavilion: 314
Verodin is mission-driven to help organizations remove assumptions and prove cybersecurity effectiveness with evidence-based data. Verodin’s Security Instrumentation Platform (SIP) enables customers to continuously validate that their cybersecurity controls are fully protecting their business-critical assets.
- vSOCBooth: Pavilion: 321
vSOC provides a next generation Managed Security Service Platform (MSSP) via an innovative AI platform supported by the industry’s best sec ops engineers and analysts. Cloud based, always on 24/7 security services watch your enterprise networks, apps and brand with proactive threat hunting, detection and response. vSOC’s proprietary maturity model continuously indexes and ranks your overall cybersecurity posture based on the NIST framework via our unique analytics engine.
- WallarmBooth: 722
Wallarm is AI-powered application security platform designed for the modern web applications and APIs. It organically combines vulnerability detection with next generation web application firewall (WAF).
- WatchGuardBooth: 700
WatchGuard offers industry-leading network security, secure Wi-Fi, and multi-factor authentication solutions to businesses around the world. In a world where the threat landscape is constantly evolving, and new threats emerge each day, WatchGuard provides robust security in a simple, easy-to-manage way.
- WEIBooth: 504
Why WEI? We go further.
At WEI, we’re passionate about solving your technology problems and helping you drive your desired business outcomes. We believe in challenging the status quo and thinking differently. There are a lot of companies that can take today’s technology and create a great IT solution for you. But we do more. We go further. And we have the customer, vendor and industry awards to prove it. WEI is a premier technology partner, who always puts our customers first while providing the most innovative solutions for over 29 years.
- ZensarBooth: 102
Zensar is a leading digital solutions and technology services company that specializes in partnering with global organizations across industries on their Digital Transformation journey. Zensar empowers customers to develop strategies to adhere to comprehensive security frameworks while implementing security solutions to meet industry practices and compliance requirements.
- Steve BrownThe Bald Futurist, Former Chief Evangelist and Futurist, Intel
Steve Brown is an energetic speaker, author, strategist, and advisor with over 30 years of experience in high tech. Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.
Steve is passionate about helping people to imagine and build a better future. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better.
Steve speaks and writes in plain language on how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges. His new book, Hacking Reality, will be published later this year. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Joseph FontecchioDirector of Infrastructure and Database Services, The University of Massachusetts
Joe is currently the director of infrastructure and database services for The University of Massachusetts Information Technology Services department, leading a team of security professionals who support infrastructure and applications used to host shared services. He holds a master’s degree in Information Technology from Worcester Polytechnic Institute.
- Tasneem NipplewalaVP, Information Security; MSIA, CISSP, CCSP, Eastern Bank
Tasneem is a Senior Security Architect at Eastern Bank, the largest and oldest mutual bank in the country with $11B in assets. As part of her responsibilities, she provides internal clients security services when implementing new initiatives across the bank and insurance company to ensure the solutions are built with the highest security standards. Her area of expertise includes vulnerability management, threat intelligence, emerging technology assessments, incident response, and cloud security assessments.
Tasneem has 10+ years of experience in IT and security, and has worked in various industries including software development, insurance, life sciences, and financial services. She received her Masters in Information Assurance from Northeastern University, and has a Bachelor’s degree in IT Engineering. Tasneem is also a part-time faculty for the cybersecurity graduate program at Northeastern University. She also serves as President for the New England ISSA chapter.
- Candy AlexanderPresident, ISSA International; CISO, NeuEon
Ms. Alexander has over 30 years of experience in the cybersecurity profession. She has held several positions as CISO (Chief Information Security Officer) for which she developed and managed corporate security programs. She is now working as a CISO and Cyber Risk Practice lead for NeuEon, Inc., assisting companies large and small to improve their cyber risk and security programs through effective business alignment.
Ms. Alexander is a leader within the cyber profession, where her contributions include being twice-elected as Information Systems Security Association's (ISSA) International President, chief architect for the Cyber Security Career Lifecycle, and a long-standing Director on the International Board. She is also the inaugural President and past Board Member of the ISSA Education and Research Foundation. She has been instrumental in establishing the annual ISSA/ESG research project to better understand challenges face by cybersecurity professionals worldwide.
- Moderator: Mark AielloBoard Member, (ISC)2 Eastern Massachusetts; President, CyberSN
Having more than 30 years of IT and cybersecurity consulting/staffing experience, Mark joined Signature Consultants, one of the largest IT Staffing Firms in the U.S., to lead, build and cultivate the cybersecurity talent and workforce throughout the organization’s 26 locations, serving 100s of clients throughout North America. Former President of Cyber 360, a leader in cybersecurity staffing, he harnesses his expertise in the cybersecurity/information security labor market to deploy and support a vast network of cybersecurity professionals. His passion and purpose are keeping companies safe by providing cybersecurity consultants and employees.
- Scott MargolisCISO, Massachusetts Bay Transportation Authority (MBTA)
Senior Information Technology/Security Executive with over 25 years of experience at premier institutions successfully building services and client relationships, developing methodologies, and integrating cross-functional skills. Specializes in information security and risk management, compliance, knowledge management, strategy, business continuity, and operational efficiency. Reputation for leading new initiatives focused on transforming operations, establishing partner/industry relationships, increasing revenue, and reducing cost and risk exposure. Proactive leader with intense focus on customers and beneficial outcomes.
- Ondrej KrehelCEO and Founder , LIFARS
Ondrej Krehel, CEO & Founder of LIFARS is recognized world-wide for his Digital Forensic expertise. He actively participates in many high-profile engagements around the world whereby his proprietary methodology is leveraged to achieve the most rapid root-cause analysis and remediation.
He’s the former Chief Information Security Officer of IDT911, the nation’s premier identity theft recovery and data breach management service. He previously led forensic investigations and cybersecurity consulting at StrozFriedberg encompassing US government engagements and missions, including military cyber special operations.With two decades of experience in computer security and forensics, Krehel has conducted a wide range of red team exercises, cyber resilience matters, investigations, including data breached through computer intrusions, theft of intellectual property, massive deletions, defragmentation, file carvings, anti-money laundering, financial fraud, mathematical modeling and computer hacking.
He holds an M.S. degree in Mathematical Physics from Comenius University in Bratislava and an Engineering Diploma from Technical University in Zvolen, Slovakia. Krehel is a frequent speaker at industry events and author on matters related to information security and computer forensics.
Among other industry groups, he is a member of the High Technology Crime Investigation Association (HTCIA), the Information Systems Security Certification Consortium (ISC) and the International Council of Electronic Commerce (EC Council). He also is a Certified Information Systems Security Professional (CISSP), EnCase Certified Examiner (EnCE), and a Certified Ethical Hacker (CEH). He is one of few to hold a Certified Ethical Hacker Instructor (CEI) accreditation, and to be authorized to lecture Ethical Hacking courses to both the government and private sector.His work has received attention from CNN, ABC, BBC, Reuters, The Wall Street Journal and The New York Times, among many others.
- Mike FabricoSr. Technical Sales Director, TrapX Security
Mike Fabrico is a security expert that has worked for NASDAQ and has over 20 years of industry experience in implementing, architecting, and maintaining critical infrastructure networks. He is also an advisory board member on a number of successful cybersecurity companies worldwide for APT/malware, network intrusion, threat intelligence, digital forensics, database security, web application firewalls, DDoS, SecDevOps, and Deception.
- Heather BearfieldIT Risk and Assurance Services Leader, Marcum Technology
Heather B. Bearfield is a principal in the firm’s Boston office and serves as the IT Risk and Assurance Services leader. She is also a member of the national Real Estate, Alternative Investment, Healthcare, and Financial Services Industry groups. In addition, Ms. Bearfield chairs the Marcum Diversity & Inclusion Committee. She has extensive experience with SOC engagements, internal and external audits, application reviews, internal and external vulnerability assessments, wireless assessments and penetration testing. Her main focus has been around data security and cybersecurity. Engagements include vulnerability assessments, penetration testing, wireless assessments and social engineering.
Ms. Bearfield has comprehensive experience in multiple aspects of risk management across business operations including regulatory compliance. She executes compliance engagements according to various regulations including SOX, MA 201 CMR 17.00 (Data Security), HIPAA Privacy, HIPAA Security, Meaningful Use, Dodd Frank, SOC1, 2, 3 and FISMA. She identifies process and control weaknesses, analyzes complex systems, and works with clients to streamline operations within time and resource constraints. She is also responsible for conducting global and national IT risk assessments and IT control assessments in numerous vertical markets inclusive of manufacturing, banks, financial services, colocation hosting facilities cloud providers, and application service providers.
- Joseph RogalskiSr. Director, Solution Engineering, eSentire Inc.
Joe Rogalski is an accomplished Technology and Security Professional with over 20 years of experience developing world-class programs and delivering technology-based solutions. He has served in a variety of technical and management positions during his career, including Security Strategist at Symantec and Information Security Officer at First Niagara Bank.
As the Director of Solutions Engineering at eSentire, Joe consults with clients to understand business needs while assessing their security requirements, helping to reduce risks and meet regulatory compliance. Joe is also a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and is Certified in Risk and Information Systems Control (CRISC).
- Steve BrownThe Bald Futurist, Former Chief Evangelist and Futurist, Intel
Steve Brown is an energetic speaker, author, strategist, and advisor with over 30 years of experience in high tech. Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.
Steve is passionate about helping people to imagine and build a better future. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better.
Steve speaks and writes in plain language on how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges. His new book, Hacking Reality, will be published later this year. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets.
- Bruce SchneierSecurity and Cryptography Expert and Author
Bruce Schneier is an internationally-renowned security technologist, called a security guru by the Economist. He is the author of 14 books—including the best-seller "Click Here to Kill Everybody"—as well as hundreds of articles, essays, and academic papers. His influential newsletter Crypto-Gram and blog Schneier on Security are read by over 250,000 people. Schneier is a Fellow at the Berkman Klein Center for Internet and Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an advisory board member of EPIC and VerifiedVoting.org. He is also a special advisor to IBM Security.
- Sandy BacikDirector, Audit and Compliance, CipherTechs, Inc.
Sandy Bacik, CISSP, ISSMP, CGEIT, CISA, CDPSE, PCI QSA, is CipherTechs’ Director Audit & Compliance, has over 20 years’ direct information security and operational experience in the areas of IT Audit and Compliance, BCP/DR, Incident Response, Physical security, Privacy, Regulatory Compliance and Audit, Policies/Procedures, Operations, and Management and is a former CISO. With an additional 15 years in Information Technology Operations. Ms. Bacik has been heavily involved with local, national, and international security industry events. Ms. Bacik is the author of Building an Effective Security Policy Architecture and a contributing author to the past years of Information Security Management Handbook.
- Candy AlexanderPresident, ISSA International; CISO, NeuEon
Ms. Alexander has over 30 years of experience in the cybersecurity profession. She has held several positions as CISO (Chief Information Security Officer) for which she developed and managed corporate security programs. She is now working as a CISO and Cyber Risk Practice lead for NeuEon, Inc., assisting companies large and small to improve their cyber risk and security programs through effective business alignment.
Ms. Alexander is a leader within the cyber profession, where her contributions include being twice-elected as Information Systems Security Association's (ISSA) International President, chief architect for the Cyber Security Career Lifecycle, and a long-standing Director on the International Board. She is also the inaugural President and past Board Member of the ISSA Education and Research Foundation. She has been instrumental in establishing the annual ISSA/ESG research project to better understand challenges face by cybersecurity professionals worldwide.
- Robert TroupExecutive Sales Manager, baramundi Software USA Inc.
Bob Troup is Executive Sales Manager for baramundi Software USA Inc., Headquartered in Framingham, MA,. Bob is a 30-year industry veteran in corporate networking and endpoint management sales and consulting with companies including, Ivanti, VMWare, Auria Corp., and Xyplex. He specializes in solutions and deployment consulting for complex networks and cloud-based software environments.
- Ron WinwardSecurity Evangelist, North America, Radware
As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America.
Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation. - Adib SarakbySr. Sales Engineer, Mimecast
Adib Sarakby joined Mimecast as a Service Delivery and, after a year, was promoted to a Sales Engineer role. He works closely with the Sales, Marketing, and Educational teams to continually enhance Mimecast's products and promote Cyber Resilience. Email Security is Adib's passion, and as the threat landscape evolves, he splits his time between understanding the anatomy of attacks and explaining to his friends and family how to stay safe in today’s #1 form of communication, email!
- Bruce FormanCISO, UMassMemorial Health Care
Bruce has several degrees including an MBA in Biotechnology and Health Industry Management. Prior to his current position at UMass, he held other IT Management positions, focusing on Information Security, Risk Advisory, and Security Strategy and Policy, as well as offering consultative services. Bruce is a past president of the Information Systems Security Association (ISSA) Delaware Chapter.
- Bryan ScovillManager, Telecom & Network Ops, University of New Hampshire
Lead of the network security team at the University of New Hampshire for 18 years. Areas of focus include development and architicture in the UNH networking enviroment.
- Rori Boyce-WernerInformation Security Compliance Program Manager, University of New Hampshire
Rori Boyce-Werner is currently the Information Security Compliance Program Manager for the University of New Hampshire, where she was previously the Associate Director of IT Client Services and Identity and Access Management Service Owner.She holds a Bachelor’s of Science in Business Administration and is working towards her Masters of Cybersecurity Policy and Risk Management.She spent the majority of her career in financial services specializing in bridging the gap between the business and IT through business analysis, business process design/redesign, project/program management.
- David DumasSr. Principal, Security Risk Management, Verizon
David Dumas, CISSP, CISM, ISSA Distinguished Fellow, is a Senior Principal in Security Risk Management for Verizon's Wireline Security Operations group. He has 32 years in the security field, working at Digital Equipment and Verizon. He has been on the ISSA New England Chapter Board since 1998.
- Bruce SchneierSecurity and Cryptography Expert and Author
Bruce Schneier is an internationally-renowned security technologist, called a security guru by the Economist. He is the author of 14 books—including the best-seller "Click Here to Kill Everybody"—as well as hundreds of articles, essays, and academic papers. His influential newsletter Crypto-Gram and blog Schneier on Security are read by over 250,000 people. Schneier is a Fellow at the Berkman Klein Center for Internet and Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an advisory board member of EPIC and VerifiedVoting.org. He is also a special advisor to IBM Security.
- Sandy BacikDirector, Audit and Compliance, CipherTechs, Inc.
Sandy Bacik, CISSP, ISSMP, CGEIT, CISA, CDPSE, PCI QSA, is CipherTechs’ Director Audit & Compliance, has over 20 years’ direct information security and operational experience in the areas of IT Audit and Compliance, BCP/DR, Incident Response, Physical security, Privacy, Regulatory Compliance and Audit, Policies/Procedures, Operations, and Management and is a former CISO. With an additional 15 years in Information Technology Operations. Ms. Bacik has been heavily involved with local, national, and international security industry events. Ms. Bacik is the author of Building an Effective Security Policy Architecture and a contributing author to the past years of Information Security Management Handbook.
- Jordan Fischer, InstructorFounding Partner & Owner, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP) - Brian TobiaConsulting Systems Engineer, Cisco
Brian has been an IT practitioner, consultant, and pre-sales engineer for 15 years, focusing on network and virtualization security. He currently is a consulting systems engineer covering cloud security solutions at Cisco. He holds a CISSP along with other industry certifications.
- Edward DavisPresident & CEO, Edward Davis, LLC
Davis has been in law enforcement for 35 years. He served as the Police Commissioner of the City of Boston from December 2006 until October 2013. He administered 6 world championship celebrations and led the highly successful response to the Boston Marathon bombing. Prior to that, Davis was the Superintendent of the Lowell Police Department, a position he held for 12 years and one he rose to after starting out as a patrol officer in 1978. He comes from a police family, which has allowed him to better understand the needs of police officers and the communities they serve. He is a recognized expert in crisis management and community policing. He brings with him a strong record of interagency collaboration and a broad range of local, state, national and international experience in law enforcement and public safety.
- Michael BrownRear Admiral, U.S. Navy (Ret.), President, Spinnaker Security LLC; ACSC Board Clerk
Michael Brown, Rear Admiral, United States Navy (Retired) is the Founder and President, Spinnaker Security LLC, a cybersecurity consulting business focused on understanding, identifying and mitigating business risks associated with cybersecurity. Additionally, Brown brings executive leadership, including crisis management, from both public and private sector experiences. Just prior to this position, he was President, RSA Federal LLC and Vice President/General Manager Global Public Sector of RSA Security LLC. Responsibilities also included RSA Information Technology, Security and Enterprise Risk Management portfolios. RSA is part of Dell Technologies and formerly of EMC.
- Ernesto DiGiambattistaCEO & Founder, CYBRIC
Ernesto DiGiambattista founded CYBRIC to enable organizations to more easily, confidently and holistically answer the question “How secure are we?” Prior to founding CYBRIC and developing the CYBRIC Continuous Application Security Platform, Ernesto was the Chief Technology & Security Officer for Sentinel Benefits & Financial Group, responsible for transforming a legacy technology organization into a technology innovation service group. As a senior member of Bank of America's Information Security & Resiliency Group and Corporate Audit organization, Ernesto was responsible for assessing and managing the information security risk of global technology vendors. Further, Ernesto has been a trusted advisor on cybersecurity private and public policy to members of the U.S. Senate and House of Representatives. He is a member of the Massachusetts Cybersecurity Strategy Council and currently serves on the board of the Massachusetts Technology Collaborative.
- Steve BrownThe Bald Futurist, Former Chief Evangelist and Futurist, Intel
Steve Brown is an energetic speaker, author, strategist, and advisor with over 30 years of experience in high tech. Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.
Steve is passionate about helping people to imagine and build a better future. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better.
Steve speaks and writes in plain language on how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges. His new book, Hacking Reality, will be published later this year. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Joseph FontecchioDirector of Infrastructure and Database Services, The University of Massachusetts
Joe is currently the director of infrastructure and database services for The University of Massachusetts Information Technology Services department, leading a team of security professionals who support infrastructure and applications used to host shared services. He holds a master’s degree in Information Technology from Worcester Polytechnic Institute.
- Happy Hour
- Steve BrownThe Bald Futurist, Former Chief Evangelist and Futurist, Intel
Steve Brown is an energetic speaker, author, strategist, and advisor with over 30 years of experience in high tech. Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.
Steve is passionate about helping people to imagine and build a better future. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better.
Steve speaks and writes in plain language on how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges. His new book, Hacking Reality, will be published later this year. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Joseph FontecchioDirector of Infrastructure and Database Services, The University of Massachusetts
Joe is currently the director of infrastructure and database services for The University of Massachusetts Information Technology Services department, leading a team of security professionals who support infrastructure and applications used to host shared services. He holds a master’s degree in Information Technology from Worcester Polytechnic Institute.
- Kevin McPeakPrincipal Cyber Architect, U.S. Federal Government, Symantec
Kevin McPeak is Symantec’s Principal Cyber Architect for the U.S. Federal Government. In this capacity, he serves as the technical SME for eight distinct enterprise defensive technologies. In addition to his CISSP and ITILv3 certifications, Kevin also holds two Masters of Science degrees from Johns Hopkins University and Virginia Tech. In addition to Symantec, Kevin is currently serving as an Army Reserve Chief Warrant Officer 3, with over 25 years of continuous service. In the course of his service, he is a veteran of both Operation Enduring Freedom (2003) and operation Iraqi Freedom (2010 - 2011). Prior to working for Symantec, Kevin worked for several systems integrators to include CACI, Lockheed Martin and Alphalnsight.
- Sean BaggettVP & CISO, Blue Cross Blue Shield of Massachusetts
Sean Baggett is the Vice President and Chief Information Security Officer at Blue Cross Blue Shield of Massachusetts. Sean has been an IT and Security leader in the healthcare industry for over 20 years. He has a BS from the Massachusetts Maritime Academy and is a former U.S Navy Surface Warfare Officer. He currently holds CISSP and CISM certifications.
- Jordan Fischer, InstructorFounding Partner & Owner, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP) - Jimmy MillsSenior Solutions Architect, SSH.COM
Jimmy Mills is a Senior Solutions Architect for SSH.COM and has worked with several large enterprises assisting and overseeing SSH Key Management remediation projects. He has 20+ years experience coming from Unix Engineering and Access Management roles before joining the thought leadership team at SSH.
- Roy WattanasinResearch Security Officer, Massachusetts Institute of Technology
Roy Wattanasin is an information security professional. He is an avid speaker providing thought leadership at many conferences and webinars. Roy enjoys incident response and building security programs. He is involved with many computer security groups including the Boston Application Security Conference (BASC), OWASP Boston and other local associations. Roy is a member of multiple advisory groups, including SecureWorld Boston. He was previously an adjunct instructor at Brandeis University as part of the Health and Medical Informatics program. He is the co-founder of the decade-old program.
- Mark StanfordSE Manager, Cloud Security, Cisco
Mark Stanford is a 22-year vet of the security industry, running the gamut of positions: from crypto engineer to solutions architect to manager/director of SE’s. He’s had the opportunity to work with incredible teams and great technology with several companies, including F-Secure, Blue Coat, F5, FireEye, and currently Cisco Cloud Security. Exposure to these teams/tech has allowed him to experience a multitude of strategic initiatives and take part in security design/implementation in almost every sized company/vertical. Hobbies include malware analysis, threat analytics, threat hunting, security architecture, cycling, golf and family.
- Jockel CarterSr. Cybersecurity Advisor, Sage Data Security
- Sandy SilkDirector, Information Security Education & Consulting, Harvard University
Sandy Silk is the Director of Information Security Education and Consulting at Harvard University, Founder of Cyber Risk and Resilience Consulting, and a member of the Board of Advisors for the MS in Information Security Leadership at Brandeis University. She excels at bringing together executive leaders, business teams, and IT professionals to align cyber risk management with strategic priorities and culture, risk tolerance levels, and positive customer experience. Sandy is also involved in several WIT organizations and programs. Her prior information security career included positions with Fidelity Investments, Bose Corporation, and Wellington Management Company.
- Joan AntokolPartner, Park Legal LLC
Joan has experience as an in-house global privacy officer for a Fortune 500 company, and also served as a Partner and chair of the data privacy practice for a large international law firm. Since 2010, she has operated her own law firm, Park Legal, LLC, with offices in New Jersey and Indianapolis. Since 2003, Joan has been invited to be a member of the International Working Group on Data Protection in Technology (IWGDPT), which is an international group of data protection regulators chaired by the Berlin Data Protection Commissioner. Joan has also presented multiple times at the International Data Protection Commissioners' Conferences and has written a number of articles on data protection and security topics.
- Bob RudisSr. Director, Chief Security Data Scientist, Rapid7
Bob Rudis has over 20 years of experience using data to help defend global Fortune 100 companies and is currently [Master] Chief Data Scientist at Rapid7, where he specializes in research on internet-scale exposure. He was formerly a Security Data Scientist & Managing Principal at Verizon, overseeing the team that produces the annual Data Breach Investigations Report. Bob is a serial tweeter (@hrbrmstr), avid blogger (rud.is), R (#rstats) avunculur, author (Data-Driven Security), speaker, and regular contributor to the open source community.
- Jonathan VillaPractice Director, Cloud Security, GuidePoint Security
Jonathan Villa has 19 years of experience as a technology consultant including 18 years of direct information security experience. For over 10 years Jonathan consulted to a large municipality across several competencies including PCI compliance and training, application architecture and security, vulnerability management, secure coding, web application firewalls, and co-architected a CI environment for 150 applications. Jonathan has worked with cloud technologies since 2007 with a focus on cloud security since 2010. Jonathan has worked with clients in the USA, South America, and Asia to design and implement secure cloud environments, integrate security into CI/CD, and develop cloud-native solutions.
- Esmond KaneCISO, Steward Health Care
Esmond Kane brings more than two decades of expertise as a distinguished leader in information security, safeguarding vital sectors. With a rich leadership background at prestigious institutions like Harvard University, Mass General Brigham, and Steward Health Care, he also serves on the advisory boards of multiple companies, providing valuable insights on cyber matters. Kane excels as a trusted consultant to top executives and founders, ensuring secure IT operations, regulatory compliance, and resilient design. His stellar track record is a testament to his recognized authority in the field.
- Joel WeinsteinPresident, Greater Boston Chapter, Association of Continuity Professionals (ACP)
Joel Weinstein, a native of Washington DC, moved to Boston in 1977, formed his first company in 1986, and currently is in his second term as president of the Greater Boston Chapter of ACP. He has taught at Boston University, Northeastern University, Benjamin Franklin Institute, and ITT Technical Institute for more than 40 years. Joel is interested in emergency and contingency management for independent schools, and holds a Masters Degree in Information Systems.
- Daniel SmithHead of Research, Threat Intelligence Division, Radware
Daniel is the Head of Research for Radware’s Threat Intelligence division. He helps produce actionable intelligence to protect against botnet-related threats by working behind the scenes to identify network and application-based vulnerabilities. Daniel brings over ten years of experience to the Radware Threat Intelligence division. Before joining, Daniel was a member of Radware’s Emergency Response Team (ERT-SOC), where he applied his unique expertise and intimate knowledge of threat actors’ tactics, techniques, and procedures to help develop signatures and mitigate attacks proactively for customers.
- Velu JeganathanVP, Security Engineering Solutions Team, State Street Corporation
Velu Jeganathan has more than 20 years of IT experience, most of which is around Information Security. He has been extensivly involved in various roles in penetration testing, vulnerability management, security project consulting, and developing security processes, with an emphasis on integrating security into the project lifecycle.
- Rori Boyce-WernerInformation Security Compliance Program Manager, University of New Hampshire
Rori Boyce-Werner is currently the Information Security Compliance Program Manager for the University of New Hampshire, where she was previously the Associate Director of IT Client Services and Identity and Access Management Service Owner.She holds a Bachelor’s of Science in Business Administration and is working towards her Masters of Cybersecurity Policy and Risk Management.She spent the majority of her career in financial services specializing in bridging the gap between the business and IT through business analysis, business process design/redesign, project/program management.
- Matt ConnorsIdentity and Access Management Program Manager, University of New Hampshire
Matt Connors is the Identity and Access Management Program Manager for the University of New Hampshire. His role sits at the cross section of enterprise infrastructure, client experience, and security; as well as leading IAM strategy and practice for a Tier 1 Research University. Matt enjoys collaborating and sharing knowledge with technology professional; speaking at VMWorld 2016 through 2018, Identiverse 2018, Boston IAM User Group, and now SecureWorld Boston. Matt holds a Master of Science in Project Management and Project Management Professional Certification.
- Sue BergamoCIO & CISO, BTE Partners
A global CIO & CISO, Sue brings broad technology and operational experience to help companies secure and grow through innovation, and optimization in cloud, on-prem environments and acquisition. She’s held strategic positions at Microsoft, ActiveCampaign, Precisely, Episerver, Aramark, and CVS Pharmacy. Sue is the author of "So, You Want to be a CISO?" and is a sought-after speaker, investor, executive advisor and a multiple industry award winner in cybersecurity.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes