- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, July 15, 20208:00 amAdvisory Council RoundtableDiscussion topic to be announcedRegistration Level:
8:00 am - 8:45 am
- VIP / Exclusive
This session is for SecureWorld Advisory Council members by invite only.8:30 amExhibitor Hall openRegistration Level:
8:30 am - 9:00 amLocation / Room: Exhibitor Floor
- Open Sessions
Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.9:00 am[Opening Keynote] Exposing The Dark Overlord: An Inside Look at the Journey that Led to the Identification of Cyber TerroristsRegistration Level:
9:00 am - 9:45 am
- Open Sessions
The Dark Overlord is considered to be one of the world’s most well-known hacking groups because of its unwillingness to discriminate in the selection of its victims. The group has made millions attacking and extorting hundreds of organizations, ranging from small medical facilities to mega fortune companies like Netflix and Disney. The group’s continued escalation of cyber terrorism and violence eventually led to the closure of over 30 school districts in the U.S. for an entire week, and the publishing of a stolen insurance video of a man’s death in a construction site accident. Based on my book, “Hunting Cyber Criminals,” this talk will present the investigative tools and techniques that led to the identification of the group’s core members.9:45 amNetworking BreakRegistration Level:
9:45 am - 10:00 amLocation / Room: Exhibitor Floor
- Open Sessions
Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.10:00 am[OneTrust] Vendor Risk Management: Overcoming Today’s Most Common ChallengesRegistration Level:
10:00 am - 10:30 am
- Open Sessions
Managing vendor risk before, during and after procurement is a continuous challenge that organizations of all sizes face. While outsourcing operations to vendors can alleviate business challenges, managing the associated risk with manual tools like spreadsheets is complex and time consuming. To streamline this process, organizations must put procedures in place to ensure that sufficient vendor security safeguards are in place. In this session, we’ll breakdown a practical approach for automating vendor risk management, as well as offer real-world practical advice to help you on your journey to developing a mature third-party risk management program.
Presentation Level: GENERAL (InfoSec best practices, trends, solutions)10:00 am[Panel Discussion] What Our Security Team Learned During COVID-19VP & CISO, BJ's Wholesale ClubCISO, Steward Health CareDirector of Compliance and Privacy, Boston MedicalEnterprise Information Security Program Administration and Governance, Partners HealthcareRegistration Level:
10:00 am - 10:30 amLocation / Room: 103
- Open Sessions
This panel features honest dialogue about securing an organization through the pandemic, so far. What changed at an organizational level that required security to pivot? What kind of immediate impacts did the security team face and how were those overcome? How did security maintain adequate communication and controls in the midst of this rapid change? What are the greatest lessons for security coming out of COVID-19? Where do we go from here?10:00 amCourting the Cloud: It's Time for a CommitmentRegistration Level:
10:00 am - 10:30 am
- Open Sessions
What is your commitment to the Cloud? Find out where you are and where you’re headed, as Mike Lopez walks you through the five stages of your relationship with the Cloud and helps you start/solidify the process towards commitment.
Director of Cloud Services at AccessIT Group, Mike Lopez has a history of designing cloud architecture with a security focused approach for government and fortune 500 clients. He has worked with private and public cloud environments including AWS, Azure, Oracle and Google Cloud. Because of his mixed background, he bridges the traditional gap between security and development teams, helping them work together in the cloud journey.
Where are you in your relationship with Cloud? AccessIT can give you a complimentary assessment of your current state against Best Practices, CIS benchmarks, or even compliance (HIPPA, PCI, etc.) with the use of our automated tools and provide you a report on how your environment measures up. To request your free security assessment, email: email@example.com and mention SecureWorld in your email!10:00 amNew Remote Workforce: Privacy and Security Risks and MitigationsRegistration Level:
10:00 am - 10:30 am
- Open Sessions
The sudden growth in the remote workforce exposed critical cybersecurity and privacy concerns that should be considered. This presentation will provide an overview of key legal considerations with remote work when it comes to privacy and security, as well as discuss some solutions to help mitigate risk as your employees work from home.10:30 amNetworking BreakRegistration Level:
10:30 am - 10:45 am
- Open Sessions
Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.10:45 amChanging Cyber Landscapes: The Battle of AlgorithmsRegistration Level:
10:45 am - 11:15 am
- Open Sessions
Among rapidly evolving technological advancements, the emergence of AI-enhanced malware is making cyberattacks exponentially more dangerous and harder to identify. In the near future, we will begin to see supercharged, AI-powered cyberattacks leveraged at scale. To protect against offensive AI attacks, organizations are turning to defensive cyber AI, which can identify and neutralize emerging malicious activity, no matter when, or where, it strikes.
In this session, learn about:
• Paradigm shifts in the cyber landscape
• Advancements in offensive AI attack techniques
• The Immune System Approach to cyber security and defensive
• Autonomous Response capabilities
• Real-world examples of emerging threats that were stopped with Cyber AI
GENERAL (InfoSec best practices, trends, solutions, etc.)10:45 amLeveraging Culture to Optimize Information SecurityRegistration Level:
10:45 am - 11:15 am
- Open Sessions
To build a culture that optimizes security, an organization needs to set information security leadership appropriately. Strategically, it needs to understand the organization’s risk tolerance, codify it as policy, and communicate it. Based on risk tolerance, it needs to create a roadmap that moves the organization from ad hoc and compliance-based cultures to one that’s risk-based. Tactically, security management needs to regularly drive buy-in for risk tolerance and policy. In addition, management needs to foster a culture that learns from incidents and failures rather than a culture that focuses on assigning blame.10:45 am[Panel] No Perimeter: Security in the CloudDistinguished Solutions Engineer - North America, Alert LogicPrincipal Security Strategist, MimecastCTO, RedSeal NetworksSecurity Evangelist, Arctic WolfMajor Accounts Systems Engineer, Palo Alto NetworksRegistration Level:
10:45 am - 11:15 am
- Open Sessions
Worldwide events have accelerated cloud adoption trends. Organizational reliance on the cloud is at an all-time high. This panel will explore cloud security risks, controls, and best practices to help ensure a secure cloud computing environment.11:15 amNetworking BreakRegistration Level:
11:15 am - 11:30 am
- Open Sessions
Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.11:30 am[Mid-Day Keynote] Tracking Down the Cyber Criminals: Revealing Malicious Infrastructures with UmbrellaRegistration Level:
11:30 am - 12:15 pm
- Open Sessions
Cyber criminals are exploiting the internet to build agile and resilient infrastructures. The internet is open and information to expose these infrastructures is out there; the challenge is making sense of the fragmented data. Connecting the dots by analyzing data (DNS queries, BGP anomalies, ASN reputation, network prefixes/IP fluctuations), allows us to map out where malicious infrastructure is and attacks are staged. This gives the defender the upper hand by letting them pivot through the criminal infrastructure.
This session will explain how some of the Cisco Umbrella classifiers work and provide examples of threats that have been detected using this technology. First, we focus on the detection models that can be built and applied (such as co-occurrences, NLP Rank, Spike Detectors, Malvertising clustering), and how these can expose malicious infrastructures and APTs. The next part provides a practical use case on how this innovative approach can be used to pivot through attackers’ infrastructure and protect organizations from advanced threats. Examples include crypto phishing and crypto jacking. Finally, we will show some of this analysis visualized in 3D.12:15 pmNetworking BreakRegistration Level:
12:15 pm - 12:30 pm
- Open Sessions
Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.12:30 pmHey, Information Security: Be Part of the Digital Transformation or Be Left Behind!Registration Level:
12:30 pm - 1:00 pm
- Open Sessions
“Digital transformation” (Dx) as a buzzword may be approaching the end of its life, but the fundamental concept—continuously improving the use of technology and data to provide value to customers—is real and critical to the survival of businesses. If information security teams don’t evolve to deliver the same Dx value and benefits to our organizations, then we risk losing our “customers” to intentional circumvention or preference for shadow IT providers. Make sure your information security team provides the core Dx attributes to your organization to cultivate value, loyalty, and trust.
Join this session to learn how you can:
• Embed security into your culture, technologies and processes
• Empower innovation and expedite time-to-market through consistent security risk governance
• Assess the impacts, goals and methods of likely cyber attacks and incidents
• Align IT and security professionals with business objectives and risk tolerance
• Prepare now for effective detection and response to reduce business impacts of incidents
Presentation level: MANAGERIAL (security and business leaders)12:30 pmLeveraging the Three Lines of Defense to Improve Your Security PositionRegistration Level:
12:30 pm - 1:00 pm
- Open Sessions
Depending on your role, a three lines of defense risk management model can be your best friend or worst enemy. No matter your view, the data produced through these channels can help you better understand your weaknesses, work more effectively with senior management, and respond to a variety of scenarios.
Presentation Level: MANAGERIAL (security and business leaders)12:30 pm[Panel] Addressing Weakness: Vulnerability ManagementSales Engineer, ReliaQuestEnterprise Sales Engineer, Egress Software Technologies LtdRegistration Level:
12:30 pm - 1:00 pm
- Open Sessions
NIST defines vulnerabilities as, “Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.” This panel will discuss current vulnerabilities and risk management through proper controls and best practices.1:00 pmNetworking BreakRegistration Level:
1:00 pm - 1:15 pm
- Open Sessions
Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.1:15 pmBlue-Teaming and Incident Response for the "Win"Registration Level:
1:15 pm - 1:45 pm
- Open Sessions
Does your company use Windows or is most of the environment Windows? Come to this session to specifically learn the ins and outs of what are the most critical things needed in order to establish a respectable blueteam program at your organization. Do you know what Windows security event log 4688 mean? What about others? What are the event logs that you should know by hand or have a cheat-sheet for? What are some tools that you should be using and how can you automate them to help detect lateral movement. Also, we will be leveraging opensource tools. No, additional $ is not required. Trying harder, building your technical skills and doing proactive threat hunting will help you and your team. “Don’t worry all of this information will be useful for all no matter what level.” Per time permitting, we might also quickly talk about incident response as well, initially. Also, bring your technical questions too during our Q&A session.
Presentation Level: TECHNICAL (deeper dive including TTPs)1:15 pmEthical Hacking and Cyber Ecosystems: Anticipating the PredatorsRegistration Level:
1:15 pm - 1:45 pm
- Open Sessions
In an ever-evolving digital landscape with cloud computing, mobility and IoT systems, more sophisticated approaches to vulnerability assessment are necessary. One of the central tools used in vulnerability testing is penetration testing, along with other techniques that are more broadly classified as ethical hacking. This discussion includes highlights from three case studies of ethical hacking in different settings. Highlights include approaches to ethical hacking and specific penetration techniques relevant to cloud computing and network security. Topics will also include challenges faced in ethical hacking within cybersecurity ecosystems and a discussion of a robust, integrative multi-layered used in ethical hacking.
Presentation Level: TECHNICAL (deeper dive including TTPs)1:15 pm[Panel] Threat Landscape in Flux: Emerging ThreatsPrincipal, IT Risk Assurance & Advisory, DGC (DiCicco, Gulman & Company)Head of Engineering, East US, Check Point Software TechnologiesVP, Global Enterprise Solutions, BlackBerrySr. Sales Engineer, MalwarebytesRegistration Level:
1:15 pm - 1:45 pm
- Open Sessions
The attack surface is shifting, threat actors are adapting, and security teams must also pivot. This panel will take a dive into various attack vectors, security gaps, and emerging threats organizations are now facing.1:15 pm[Rapid7] Risk-Based Vulnerability Management: Changing the Narrative for Your OrganizationRegistration Level:
1:15 pm - 1:45 pm
- Open Sessions
Vulnerability Management is a core process to reducing risk for organizations, yet IT and Security teams often struggle to communicate metrics that are meaningful for business leaders. Risk is often not even part of the discussion. How can we change the narrative to support a culture of collaboration? How can we overcome the IT versus Security mindset and the battle for resources? How can we communicate overall risk reduction? We’ll discuss ways you can start rethinking vulnerability management and risk.1:45 pmNetworking BreakRegistration Level:
1:45 pm - 2:00 pmLocation / Room: Exhibitor Floor
- Open Sessions
Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.2:00 pm[Closing Keynote] Identity and Access Management: A Case Study from Harvard Medical SchoolRegistration Level:
2:00 pm - 2:45 pm
- Open Sessions
Good identity management is one of the keys to good cyber hygiene within an organization, but it’s not without its fair share of challenges. Consider a large university with several schools within it, as well as a medical facility. You’ve got students, faculty, doctors, patients, and a host of random visitors all expecting access to your network.
In this keynote address from Joe Zurba, CISO at Harvard Medical School, we will hear first-hand insight about his team’s approach to developing a robust and cohesive identity strategy: how they give the right levels of access to the right people, and how they track all of the moving pieces. We will also evaluate best practices in managing key components of identities, including: verification, validation, lifecycle management, and password management. Join us for this unique opportunity to get an insider’s perspective on cybersecurity at one of the most prestigious institutions in the nation.
GENERAL (InfoSec best practices, trends, solutions, etc.)
- AccessIT GroupBooth: https://www.engagez.net/accessit-cylance
AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.
AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.
- Alert LogicBooth: https://www.engagez.net/alert-logic
Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.
- Arctic Wolf & Winslow Technology GroupBooth: https://www.engagez.net/arctic-wolf-wtg
Arctic Wolf® is the market leader in security operations. Using the cloud native Arctic Wolf® Platform, we provide security operations as a concierge service. For more information about Arctic Wolf, visit arcticwolf.com.
Winslow Technology Group, LLC (WTG) is a leading provider of IT Solutions and Consulting Services dedicated to providing “better IT solutions” for our customers since 2003. WTG enables our clients to innovate and transform their business by realizing the benefits of hyperconverged, software defined, and hybrid cloud infrastructure frameworks. WTG serves the IT needs of clients ranging from medium sized organizations to Fortune 100 companies that operate in a variety of industries including finance, healthcare, education, manufacturing, technology, legal, and more. Visit https://winslowtg.com.
- Armis, IncBooth: https://www.engagez.net/armis-inc
Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust Armis’ unique out-of-band sensing technology to discover and analyze all managed and unmanaged devices, analyze endpoint behavior to identify risks and attacks, and protect information and systems.
- AxoniusBooth: https://www.engagez.net/axonius
Axonius is the cybersecurity asset management platform that gives organizations a comprehensive asset inventory, uncovers security solution coverage gaps, and automatically validates and enforces security policies. By seamlessly integrating with over 200 security and management solutions, Axonius is deployed in minutes, improving cyber hygiene immediately.
- BitglassBooth: https://www.engagez.net/bitglass
Your company’s move to the cloud delivers flexibility and cost savings, but that doesn’t mean you should lose control of your data. Bitglass’ Cloud Access Security Broker (CASB) solution enables your enterprise to adopt cloud apps while ensuring data security and regulatory compliance. Bitglass secures your data in the cloud, at access, on any device.
Bitglass was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.
- BitSightBooth: https://www.engagez.net/bitsight
BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog or follow @BitSight on Twitter
- BlackBerryBooth: https://www.engagez.net/blackberry
BlackBerry provides intelligent security software and services to enterprises and governments around the world. The company secures more than 500M endpoints including more than 175M cars on the road today. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy solutions, and is a leader in the areas of endpoint security management, encryption, and embedded systems. BlackBerry’s vision is clear—to secure a connected future you can trust.
BlackBerry. Intelligent Security. Everywhere.
For more information, visit BlackBerry.com and follow @BlackBerry.
- CiscoBooth: https://www.engagez.net/cisco
Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.
- Code42Booth: https://www.engagez.net/code42
Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.
- CyberXBooth: https://www.engagez.net/cyberx
CyberX delivers the only cybersecurity platform built by blue-team experts with a track record of defending critical national infrastructure. That difference is the foundation for the most widely deployed platform for continuously reducing IoT risk and preventing costly outages, safety and environmental incidents, theft of intellectual property, and operational inefficiencies. For more information, visit CyberX.io
- CylanceBooth: https://www.engagez.net/accessit-cylance
Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.
- DarktraceBooth: https://www.engagez.net/darktrace-AI
Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.
The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.
- DGCBooth: https://www.engagez.net/dgc
Every business faces a variety of challenges, including rapidly changing technology, cybersecurity threats, and regulations. DGC provides a wide range of IT audit, compliance, and cyber & information security services that can help identify, evaluate, measure, and manage compliance and cybersecurity risks. Our professionals are trained to identify areas of exposure and recommend size-appropriate, cost-conscious corrective actions. DGC’s team will put together a tailored plan to safeguard your organization.
- EC-CouncilBooth: N/A
International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.
- Egress Software TechnologiesBooth: https://www.engagez.net/egress
Egress Software Technologies Ltd is a UK-based software company. It provides a range of data security services designed to protect shared information throughout its lifecycle, offering on-demand security for organisations and individuals sharing confidential information electronically.
- ForgeRockBooth: https://www.engagez.net/forgerock
ForgeRock® (NYSE: FORG) is a global leader in digital identity that delivers modern and comprehensive identity and access management solutions for consumers, employees, and things to simply and safely access the connected world. Using ForgeRock, more than 1,300 global customer organizations orchestrate, manage, and secure the complete lifecycle of identities from dynamic access controls, governance, APIs, and storing authoritative data—consumable in any cloud or hybrid environment. The company is headquartered in San Francisco, California, with offices around the world.
For more information and free downloads, visit www.forgerock.com or follow ForgeRock on social media.
- GigamonBooth: https://www.engagez.net/gigamon-bos
Gigamon is the first company to deliver unified network visibility and analytics on all information-in-transit, from raw packets to apps, across physical, virtual and cloud infrastructure. We aggregate, transform and analyze network traffic to solve for critical performance and security needs, including rapid threat detection and response, freeing your organization to drive digital innovation. Gigamon has been awarded over 75 technology patents and enjoys industry-leading customer satisfaction with more than 3,000 organizations, including over 80 percent of the Fortune 100. Headquartered in Silicon Valley, Gigamon operates globally. For the full story on how Gigamon can help you to run fast, stay secure and innovate, please visit www.gigamon.com.
- HackerOneBooth: https://www.engagez.net/hackerone
HackerOne is the #1 hacker-powered security platform. More than 1,400 organizations, including the U.S. Department of Defense, General Motors, Google Play, Twitter, GitHub, Nintendo, Panasonic Avionics, Qualcomm, Starbucks, and Dropbox, trust HackerOne to find critical software vulnerabilities.
- HUB TechBooth: https://www.engagez.net/hub-tech
HUB Tech partners with its clients becoming part of their support team. We work beside you to ensure you have a strategy that allows you to transform your Information infrastructure to keep up with the needs of your organization and your users. We have developed proprietary tools and strategies that have enabled us to lower cost and increase the quality of service to our client base, especially to state agencies, municipalities and school districts, where cost is a deciding factor in everyday decision making.
Our mission is simple – to take full ownership for all that we do, to protect those who trust in us, and to make lifelong clients from every customer contact.
- InfraGard BostonBooth: N/A
InfraGard is a United States government (FBI) and private sector alliance. InfraGard Boston was developed by the Boston FBI office in 1998 to promote protection of critical information systems. InfraGard provides formal and informal channels for the exchange of information about infrastructure threats and vulnerabilities. The purpose of the synergistic exchange is to allow members to better protect themselves and their corporate interests while enhancing the ability of the United States government to provide national security.
- Infused InnovationsBooth: https://www.engagez.net/infused-innovations
We are consultants that operate at the intersection of technology, business, data, and human interaction. We are passionate and committed to delivering the right solutions to our clients.
With staff with all manner of experiences – private business, startups, non-profit, healthcare, legal, education, data analytics, financial services, and more, we can speak your language. Our unique experiences don’t just allow us to tell you what your peers are doing, but how other industries have solved similar problems.
When you partner with Infused Innovations you get to work with people who want to be a part of the solution with you, and are genuinely excited about the opportunity to bring something new to the table.
- IOvationsBooth: https://www.engagez.net/iovations
IOvations, founded in 2006, is a value added reseller focused on protecting the data, infrastructure and applications of our customers through a combination of services and products that extend to the end point, traditional network and cloud environment. Some of the things that make us unique include multiple industry awards, a long history of working with clients who appreciate how easy we are to work with, and our strong engineering expertise providing value and thought leadership.
- (ISC)2 Eastern MassachusettsBooth: N/A
Advancing Information Security One Community at a Time
As anyone seriously involved in the information security profession can attest, peer networking is an invaluable resource. (ISC)² Eastern Massachusetts Chapter provide members with the opportunity to build a local network of peers to share knowledge, exchange resources, collaborate on projects, and create new ways to earn CPE credits!
- ISSA New EnglandBooth: N/A
The Information Systems Security Association (ISSA) is an international organization providing educational forums, publications, and peer interaction opportunities that enhance the knowledge, skills, and professional growth of its members’ information security professionals. The primary goal of ISSA is to promote management practices that will ensure availability, integrity, and confidentiality of organizational resources.
Since its inception in 1982, ISSA’s membership has grown to include more than 100 chapters around the world with members who represent a diverse collection of organizations, including major U.S. and international corporations, leading consulting firms, world-class educational institutions, and government agencies. From EDP audit and corporate security to contingency planning and disaster recovery, ISSA members are committed to protecting their organizations’ assets and resources.
Visit the National Headquarter’s website at www.issa.org.
- KasperskyBooth: https://www.engagez.net/kaspersky
We’re an independent global cybersecurity company that empowers people to make the most of technology and the endless opportunities it brings. Backed by our deep threat intelligence, security and training expertise, we give businesses the power to stay safe—and the confidence to accelerate their own success. With insights gained from our unique international reach, we secure consumers, governments and more than 270,000 organizations. We’re proud to be the world’s most tested and awarded cybersecurity, and we look forward to keeping your business safe. Bring on the future.
- LogRhythmBooth: https://www.engagez.net/logrhythm
LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.
- MalwarebytesBooth: https://www.engagez.net/malwarebytes
Malwarebytes secures endpoints, making workplaces resilient. Our adaptive attack protection predicts and detects attacks with multi-layer detection across the kill chain. We enable active threat response with machine learning that is actionable and automated, allowing for full recovery when a compromise occurs. We empower enterprise endpoint orchestration across siloed IT and Security organizations, simplifying security management and making responses effective. Malwarebytes makes endpoints resilient so workplaces can protect and remediate, and employees can regain control of their digital lives. Visit us at www.malwarebytes.com/business.
- MimecastBooth: https://www.engagez.net/mimecast
Mimecast (NASDAQ: MIME) was born in 2003 with a focus on delivering relentless protection. Each day, we take on cyber disruption for our tens of thousands of customers around the globe; always putting them first, and never giving up on tackling their biggest security challenges together. We are the company that built an intentional and scalable design ideology that solves the number one cyberattack vector—email. We continuously invest to thoughtfully integrate brand protection, security awareness training, web security, compliance and other essential capabilities. Mimecast is here to help protect large and small organizations from malicious activity, human error and technology failure; and to lead the movement toward building a more resilient world.
- <Booth: https://www.engagez.net/ncipher
- NinjaRMMBooth: https://www.engagez.net/ninjarmm
NinjaRMM is an all-in-one endpoint management platform that helps IT leaders more efficiently manage a geographically diffuse IT infrastructure by enabling their teams to remotely monitor and manage workstations, laptops, servers, and networks. NinjaRMM increases business efficiency by combining monitoring, alerting, patching, antivirus, backup, and IT automation all within a single pane of glass. NinjaRMM has been named a Leader by G2Crowd and rated the #1 RMM across 8 categories, including ease of use, product direction, quality of support and overall satisfaction.
- OktaBooth: https://www.engagez.net/okta-boston
Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.
- OneTrustBooth: https://www.engagez.net/onetrust
OneTrust is the leading and fastest growing privacy management software platform used by hundreds of organizations globally to comply with data privacy regulations across sectors and jurisdictions, including the EU GDPR and Privacy Shield.
- OptivBooth: https://www.engagez.net/optiv-tripwire
Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.
- Palo Alto NetworksBooth: https://www.engagez.net/palo-alto-networks
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before.
- ProofpointBooth: https://www.engagez.net/proofpoint-boston
Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.
Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.
- Radiant LogicBooth: https://www.engagez.net/radiant-logic-idmworks
Radiant Logic’s federated identity and directory platform, RadiantOne FID, is designed specifically for deployment in high-volume, high-complexity identity environments. RadiantOne FID includes an abstraction layer, extracting and virtualizing identity and context information out of various application and data silos, including AD domains and forests, LDAP directories, SQL databases, and more. RadiantOne FID also includes a scalable directory, HDAP, which is fully LDAP v3 compatible. RadiantOne FID re-maps the underlying data sources and presents the identity data in views customized for the needs of enterprise applications to enable authentication and fine-grained authorization for identity management and context-driven applications.
Radiant Logic’s global customer base includes many Fortune 1000 companies in the fields of banking, finance, insurance, government, communications, manufacturing, education, entertainment and healthcare. Headquartered in Novato, CA, Radiant Logic has satellite offices in Chicago and Washington, DC, and distribution channels throughout the world.
- Rapid7Booth: https://www.engagez.net/rapid7
Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.
- RedSealBooth: https://www.engagez.net/redseal
By focusing on cybersecurity fundamentals, RedSeal helps government agencies and Global 2000 companies measurably reduce their cyber risk. With RedSeal’s cyber terrain analytics platform and professional services, enterprises improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif.
- ReliaQuestBooth: https://www.engagez.net/reliaquest
ReliaQuest fortifies the world’s most trusted brands against cyber threats with its platform for proactive security model management. Acting as a force multiplier on an organization’s existing cybersecurity investments, only ReliaQuest’s GreyMatter integrates disparate technologies to provide a unified, actionable view that fills the gaps in enterprise security programs.
- RSA a Dell Technologies CompanyBooth: https://www.engagez.net/rsa
RSA Business-Driven Security™ solutions provide organizations with a unified approach to managing digital risk that hinges on integrated visibility, automated insights and coordinated actions. With solutions for rapid detection and response, user access control, consumer fraud protection, and integrated risk management, RSA customers can thrive and continuously adapt to transformational change.
- SiemplifyBooth: https://www.engagez.net/siemplify
The Siemplify team is comprised of cyber-security professionals, veterans of Israeli intelligence agencies. We bring rich experience in security analysis, management and operations and are backed by experts in data science and applied mathematics.
WE BELIEVE In the modern world of cyber threat analysis, investigation and management should be more holistic, intuitive and simple. Technology and data science should serve cyber security experts by providing all the relevant information about the threat in real-time and focus them in rapid decision making.
- SonicWallBooth: https://www.engagez.net/sonicwall
SonicWall has been fighting the cybercriminal industry for over 28 years defending small and medium businesses, enterprises and government agencies worldwide. Backed by research from SonicWall Capture Labs, our award-winning, real-time breach detection and prevention solutions secure more than a million networks, and their emails, applications and data, in over 215 countries and territories. These organizations run more effectively and fear less about security.
- SwimlaneBooth: https://www.engagez.net/swimlane
Swimlane is at the forefront of the security orchestration, automation and response (SOAR) solution market and was founded to deliver scalable security solutions to organizations struggling with alert fatigue, vendor proliferation and chronic staffing shortages.
- TechTargetBooth: N/A
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- Trend MicroBooth: https://www.engagez.net/trend-micro
Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.
- TripwireBooth: https://www.engagez.net/optiv-tripwire
Tripwire is the trusted leader for establishing a strong cybersecurity foundation. Partnering with Fortune 500 enterprises, industrial organizations and government agencies, Tripwire protects the integrity of mission-critical systems spanning physical, virtual, cloud and DevOps environments. Tripwire’s award-winning portfolio delivers top critical security controls, including asset discovery, secure configuration management, vulnerability management and log management. As the pioneers of file integrity monitoring (FIM), Tripwire’s expertise is built on a 20+ year history of innovation helping organizations discover, minimize and monitor their attack surfaces.
Learn more at https://www.tripwire.com.
- Women in CyberSecurity (WiCyS)Booth: N/A
Women in CyberSecurity (WiCyS) is the premier nonprofit organization with international reach dedicated to bringing together women in cybersecurity. Founded by Dr. Ambareen Siraj from Tennessee Tech University through a National Science Foundation grant in 2013, WiCyS offers opportunities and resources for its members and collaboration benefits for its sponsors and partners. The organization’s founding partners are Cisco, Facebook and Palo Alto Networks. WiCyS’ strategic partners include Amazon Web Services, Bloomberg, Cisco, Equifax, Facebook, Google, HERE Technologies, IBM, Lockheed Martin, Nike, Optum, Palo Alto Networks, PayPal, SANS Institute, Target, and University of California San Diego. To learn more about WiCyS, visit https://www.wicys.org.
- Vinny TroiaSecurity Researcher and Pentester, Author "Hunting Cyber Criminals"
Founder and Principal Security Consultant of Night Lion Security, Vinny Troia brings 20+ years of IT security and development experience. He is also a featured speaker on ABC, CNBC, and Fox News.
"One afternoon, I drafted an email to the CEO and CISO of a major airline company. The title read – URGENT – Data breach in your network. During our phone conversation later that evening, I proceeded to tell the security admin that I received word from a dark web contact that sensitive data from their network was about to go on sale later that week. Working in tandem with my dark web contacts and the company’s security team, we were able to identify the hacker’s position within their network, turned off their access, and closed the vulnerabilities that allowed them to gain access. This is the kind of thing I do day in and day out, and I love my job." - Vinny Troia
- Achint SehgalGlobal Head of Solutions Engineering, OneTrust
Achint Sehgal, CIPP/E, CIPM, serves as a Global Head of Solutions Engineering for OneTrust Vendorpedia—a purpose-built software designed to operationalize third-party risk management. In his role, Sehgal advises companies throughout their third-party risk management implementations to help meet requirements relating to relevant standards, frameworks, and laws (e.g. ISO, NIST, SIG, GDPR, and CCPA). Sehgal works with clients to centralize their third-party information across business units, assess risks and performance, and monitor threats throughout the entire third-party relationship, from onboarding to offboarding.
- Ravi ThatavarthyVP & CISO, BJ's Wholesale Club
Ravi Thatavarthy brings 20+ years of experience in Information Security to his role with a strong background in Security Architecture and building Security programs from ground up. His approach to Information Security is unique and well-balanced with a focus on ‘Business Value’ and ‘User Delight’. He recently appeared in ‘Profiles in Confidence’ as a Security leader running confident Security program. He spoke and served as a panelist in multiple conferences. Before joining BJ's, he was the Head of Information Security at iRobot, and previously led the Security, Policy & Compliance programs at Haemonetics where he worked as Director of Global Security & Policy.
- Esmond KaneCISO, Steward Health Care
Esmond Kane has over 20 years’ experience leading IT and Security programs in multiple industries. Esmond currently serves as Chief Information Security Officer (CISO) at Steward Health Care, a multinational healthcare delivery organization that provides world class care to millions of patients across the globe. In his role at Steward, Esmond’s focus has been on transforming Steward's approach to information security, threat and risk management to comply with industry frameworks, regulations and best practices.
- Erika BarberDirector of Compliance and Privacy, Boston Medical
- Gillian LockwoodEnterprise Information Security Program Administration and Governance, Partners Healthcare
- Michael LopezDirector of Cloud Services, AccessIT Group
Mike Lopez, Director of Cloud Services at AccessIT Group, has a history of designing cloud architecture with a security focused approach for government and fortune 500 clients. He has worked with private and public cloud environments including AWS, Azure, Oracle, and Google Cloud. Mike leads AccessIT Group’s Cloud practice by helping its customers create strategies for their cloud adoption through a vendor agnostic holistic approach to cloud security. Because of his mixed background, he bridges the traditional gap between security and development teams, helping them work together in the cloud journey. Prior to his role at AccessIT Group, Mike was the Lead Consultant of Professional Services at Check Point Software Technologies and served as the subject matter expert for their cloud security products. As a cloud specialist, Mike is AWS and Azure certified and maintains Check Point CCSE and CCVSE certifications.
- Rebecca RakoskiCo-Founder & Managing Partner, XPAN Law Partners
Rebecca L. Rakoski, Esq., is the managing partner at XPAN Law Partners. Rebecca counsels and defends public and private corporations, and their boards, during data breaches and responds to state/federal regulatory compliance and enforcement actions. She manages the intersection of state, federal, and international regulations that affect the transfer, storage, and collection of data to aggressively mitigate her client's litigation risks. As an experienced litigator, she has handled hundreds of matters in state and federal courts. Rebecca advises her clients on a proactive, multi-jurisdictional approach to identify and address data privacy and cybersecurity compliance gaps and potential liabilities. She works with clients to create and tailor a security and privacy governance program that fits their specific needs in order to limit their regulatory exposure.
As a thought leader in the area of data privacy and cybersecurity, Rebecca serves on the New Jersey State Bar Association's Cyber Task Force. Rebecca is Vice-Chair Elect for the New Jersey State Bar Association's Bankruptcy Law Section, and also served on the Complex Business Litigation Committee that drafted and revised the Court Rules involving electronic discovery in complex litigation matters. She has been appointed in several litigation matters by the New Jersey Superior Court as a Discovery Special Master.
Rebecca is on the Board of Governors for Temple University Health Systems, and is an adjunct professor at Drexel University’s Thomas R. Kline School of Law and Rowan University.
- Sabrina StanichCybersecurity Manager, Darktrace
Sabrina Stanich is a Cyber Security Manager at Darktrace, the world’s leading machine learning company for cyber defense. She has worked extensively with clients across numerous industry verticals, from financial services to manufacturing, helping them deploy Darktrace’s Enterprise Immune System, the only AI technology capable of detecting and autonomously responding to early-stage cyber-threats. Stanich graduated with a bachelor’s degree from the University of Pennsylvania and is based out of Darktrace’s New York City office.
- Don McKeownInformation Security Manager, Wolters Kluwer Health
Don McKeown is currently an information security manager for a provider of healthcare solutions that facilitate effective clinical decisions. There he developed and teaches a threat modeling course, teaches code scanning, contributes to corporate application security advisory committees, and consults for technical and product teams. Previously he helped mature security programs at LogMeIn and athenahealth. Before focusing exclusively on information security, he contributed to several infrastructure teams over many years. He earned an MBA with Distinction from Bentley University and holds the CISSP, CRISC, and GIAC Security Leadership (GSLC) certifications. For more information, go to https://www.donmckeown.net/
- Marc YbarraDistinguished Solutions Engineer - North America, Alert Logic
- Matthew GardinerPrincipal Security Strategist, Mimecast
Matthew Gardiner is a Director of Security at Mimecast and is currently focused on email & web security, phishing, awareness training, malware, and cloud security. With more than 15 years focused in security, Matthew’s expertise in various roles includes threat detection & response, network monitoring, SIEM, endpoint threat detection, threat intelligence, identity & access management, Web access management, identity federation, cloud security, and IT compliance at RSA, Netegrity, and CA Technologies. Previously he was President and a member of the board of trustees of the security industry non-profit, the Kantara Initiative. Matthew has a BS in Electrical Engineering from the University of Pennsylvania and an SM in Management from MIT's Sloan School of Management.
- Mike LloydCTO, RedSeal Networks
Dr. Mike Lloyd has more than 25 years of experience in the modeling and control of fast-moving, complex systems. He has been granted 21 patents on security, network assessment, and dynamic network control. Before joining RedSeal, Mike Lloyd was Chief Technology Officer at RouteScience Technologies (acquired by Avaya), where he pioneered self-optimizing networks. Mike served as principal architect at Cisco on the technology used to overlay MPLS VPN services across service provider backbones. He joined Cisco through the acquisition of Netsys Technologies, where he was the senior network modeling engineer.
Dr. Mike Lloyd holds a degree in mathematics from Trinity College, Dublin, Ireland, and a PhD in stochastic epidemic modeling from Heriot-Watt University, Edinburgh, Scotland.
- Marc KeatingSecurity Evangelist, Arctic Wolf
- Richard SchunkMajor Accounts Systems Engineer, Palo Alto Networks
- Adam WinnProduct Manager, Cisco Umbrella, Cisco
Adam Winn is the platform product management lead for Cisco Umbrella. He got into cloud security product management in 2013 and never looked back. In 2016, he joined OpenDNS shortly before it was rebranded as Cisco Umbrella. He is a life-long California resident and a fan of live music (and can't wait for it to come back).
- Sandy SilkDirector, Information Security Education & Consulting, Harvard University
Sandy Silk is the Director of Information Security Education and Consulting at Harvard University, Founder of Cyber Risk and Resilience Consulting, and a member of the Board of Advisors for the MS in Information Security Leadership at Brandeis University. She excels at bringing together executive leaders, business teams, and IT professionals to align cyber risk management with strategic priorities and culture, risk tolerance levels, and positive customer experience. Sandy is also involved in several WIT organizations and programs. Her prior information security career included positions with Fidelity Investments, Bose Corporation, and Wellington Management Company.
- Brendan CampbellAVP, Global Technology Governance & Control, Manulife
Brendan Campbell is currently the leader for Manulife’s Global Technology Governance & Control function and has prior experience across audit, risk management, information security. He is a part of the Global Technology Executive team and is responsible for leading the execution of risk activities globally. In addition, he is responsible for the company’s Executive Crisis Management plan. Prior to joining Technology he head of the global IT Audit function at Manulife. Prior to joining Manulife in 2007, Brendan held roles in information security specific to managing infrastructure security compliance and identity and access management initiatives.
- Kevin RomeroSales Engineer, ReliaQuest
- James SheldrakeEnterprise Sales Engineer, Egress Software Technologies Ltd
- Roy WattanasinInformation Security Leader, Healthcare Industry
Roy Wattanasin is currently a healthcare information security professional. Additionally, Roy is an avid speaker who has spoken at many conferences and webinars. Roy also enjoys data forensics & incident response and building security in. He is heavily involved with many computer security groups including OWASP Boston, ISSA and the local communities. Roy is also a member of multiple advisory groups. He was an adjunct instructor at Brandeis University as part of the Health and Medical Informatics and is also the co-founder of that program. He is credited for bringing back the Security BSides Boston conference (setting the standards) and enjoys seeing it grow each year and being successful with its new team members.
- Lauren ProvostProfessor, Computer Science, Western Governors University
Dr. Lauren E. Provost is an ethical hacker, author and professor. She directs The Ethical Hackers Cybersecurity organization, a virtual community for educators and industry providing comprehensive planning and risk management updates, network and cloud security knowledge and information on other cybersecurity topics such as general penetration testing and compliance readiness. Her publications span these areas. Her current research and practice focuses on ethical hacking. She earned her doctorate in mathematics from the University of New Hampshire after an undergraduate degree in computer science at the University of Texas at Austin.
- Nick DeLenaPrincipal, IT Risk Assurance & Advisory, DGC (DiCicco, Gulman & Company)
- Mark OstrowskiHead of Engineering, East US, Check Point Software Technologies
Mark Ostrowski is the Head of Engineering for the East region of US at Check Point Software Technologies. Mark has over 20 years' experience in IT security and has helped design and support some of the largest security environments in the country. As an evangelist at Check Point Software, Mark provides thought leadership for the IT security industry outlining the current threat landscape and helping organizations understand how they can pro-actively mitigate and manage risk in our world of digital transformation. Over the past 17 years at Check Point, Mark has worked with the top customers in both size/scope and revenue transforming how they leverage security solutions to create secure infrastructure in two of the largest cities in the US, Boston MA and NYC, NY. Most recently Mark received the ‘Region of the Year 2019’ at CPX 360. Mark holds a degree from the college of engineering at UMass Dartmouth and CCMA at Check Point.
- Thomas PaceVP, Global Enterprise Solutions, BlackBerry
Thomas Pace has an extensive background in building incident response programs, policies, procedures and playbooks at multiple top-tier organizations. Thomas has 11 years of security experience in various fields including physical security, intelligence gathering and analysis, sensitive site exploitation, incident response, intrusion analysis, and endpoint and network forensics. Thomas also has extensive experience in conducting assessments against various NIST special publications such as 800-53 and 800-171. Thomas is also currently an Adjunct Professor at Tulane University where he has developed a portion of the Homeland Security Studies program curriculum centered on cybersecurity. Thomas also currently provides guidance and expertise to the New Orleans cloud security community as the Louisiana Cloud Security Alliance Co-Chair.
Thomas served as a Senior Cybersecurity Engineer at Fluor Federal Petroleum Operations, a Department of Energy contractor supporting the Strategic Petroleum Reserve worth billions of dollars. In this role, Thomas was the lead incident response official and was responsible for ensuring all incidents were appropriately identified, contained and remediated in a timely manner and reported to proper authorities if necessary. Additionally, Thomas was responsible for conducting intrusion analysis and threat hunting on a daily basis to ensure the organization was not breached. While conducting a multitude of analyses based on intrusions and incidents, Thomas built a multitude of playbooks and processes so junior technical personnel could also conduct analyses in an efficient manner.
Thomas served in the United States Marine Corps as an infantryman and intelligence specialist. During this time, Thomas deployed to both Iraq and Afghanistan as part of the Marine Corps.
Thomas holds an M.S. in Information Science with a concentration in Information Assurance. Thomas also possesses multiple certifications such as GIAC GCIH, GCFA, GCIA, GICSP and GCWN. Thomas also is a Sourcefire certified professional, CISSP, and possesses CNSS 4011, 4012, 4013, 4014 and 4015.
- Kevin KennedySr. Sales Engineer, Malwarebytes
- Brian CareyManager, Advisory Services, Rapid7
Brian Carey is a Rapid7 Manager of Advisory Consulting, specializing in: Security Program Assessments, Security Program Development, Risk Management, Vulnerability Management Program Development, Security Awareness and Policy Development. Before joining Rapid7 Brian was Information Security Director and interim Security Officer at LafargeHolcim NA, a multinational manufacturer, where he managed and supervised the North American ISO27002 compliant ITSEC program. Brian was with LafargeHolcim (previously Holcim NA) for 14 years and held many positions over that time period. Brian is a motivated, independent security professional comfortable speaking with both technical individuals as well as business leaders about a myriad of security-related topics Brian is a team player and leader with proven experience in security management.
- Joe ZurbaCISO, Harvard Medical School
In his role as the leader of Information Security at Harvard Medical School, Joe Zurba has been responsible for defining and building capabilities to meet the requirements of an extraordinarily diverse community of clinical and research faculty, students, and staff. Joe develops strategy, improves capabilities, and manages risk for all information security, Identity and Access Management, and IT compliance efforts across the school. Joe also serves on several committees in his role as the school’s information security leader. He is a non-scientific, voting member of the Harvard Medical School Institutional Review Board (IRB), which oversees human subjects research. He is also a co-chair of Harvard Catalyst subcommittee on Emerging Technologies, Ethics, and Research Data. His expertise is often sought in the creation of University policy, programs, and other initiatives that seek to benefit from his experiences working with biomedical and basic science research. Joe has worked for over 20 years in Information Security roles within Higher education, Health Care, High Tech Manufacturing, and Technology. Prior to his current role, he served as Research Information Security Officer in the Partners Healthcare Information Security and Privacy Office and 11 years previously in information security at Harvard Medical School and Director of IT Security at Harvard University Information Technology. He currently holds certifications as a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Auditor (CISA).
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes