googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, March 9, 2022
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    Advisory Council Roundtable Breakfast – (VIP / Invite only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    7:30 am - 8:20 am

    This roundtable discussion is for our Advisory Council members only.

    7:30 am
    ISSA New England Chapter Meeting and Presentation
    • session level icon
    Open to members and prospective members | Breakfast provided
    speaker photo
    Sr. Principal, Security Risk Management, Verizon
    Registration Level:
    • session level iconOpen Sessions
    7:30 am - 8:20 am

    Discussion moderated by David Dumas, chapter vice president.

    7:30 am
    [PLUS Course] Developing a Comprehensive Ransomware Security Program
    • session level icon
    Part 1
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 8:30 am

    Ransomware is a specific and extremely harmful type of malware used by cybercriminals to extort money from individuals, organizations, and businesses. The infections block access to your data until you make a ransom payment, at which point you’re supposed to regain access. In reality, nearly 40% of the victims who pay the ransom never get their data back and 73% of those who pay the ransom are targeted again later – which is why everyone must protect against ransomware. In the past year, targeted ransomware attacks against government agencies, educational establishments, and healthcare providers have raised the stakes for those charged with protecting organizations. Ransomware attacks not only damage business, but also put health, safety, and lives at risk.

    Active Directory has become a popular pathway for ransomware attacks. The main reason cybercriminals target Active Directory is because it serves as a gateway to the rest of the network as a service for managing, networking, grouping, authenticating, and securing users across corporate domain networks. Users and computers rely on Active Directory to access various network resources. As such, cybercriminals understand that ransomware attacks on Active Directory can wreak havoc on any organization, making it an excellent extortion mechanism.

    In the fight against ransomware, organizations need to strategically prepare to protect against and respond to attacks. However, many IT organizations struggle to prioritize the appropriate initiatives to combat and mitigate the impact of ransomware. With more tools, technologies and processes than ever, a comprehensive ransomware security program is a must to help detect, prevent, respond and limit the overall exposure to ransomware and other destructive attacks. This comprehensive training course will help organizations to design, build, and manage a comprehensive Ransomware Security Program.

    Part 1: Ransomware Overview (90 Minutes)

    1.1 – Background & Introduction

    • What is ransomware?
    • How do ransomware attacks work?
    • How ransomware attacks have evolved (2016) – WannaCry and Petya / NotPetya
    • How ransomware attacks have evolved (2021) – REvil and Ryuk
    • Top six Ransomware Attacks of 2021 / 2022

    1.2 – Today’s Ransomware Problem

    • Human Operated Ransomware Attacks (Double Extortion)
    • Supply Chain Attacks
    • Ransomware as a Service (RaaS)
    • Attacking Unpatched Systems
    • Phishing Emails
    • Penetration Testing Tools (Cobalt Strike)

    1.3 – Ransomware Attacks against Information Technology (IT) Networks and Systems

    • Ransomware attack stages (initial access, lateral movement, privilege escalation, extortion, encryption)
    • The Ireland Health Service Elective (HSE) ransomware attack
    • How Conti Ransomware works
    • Lessons learned from the HSE Ransomware Attack

    1.4 – Ransomware Attacks against Operational Technology (OT) Networks and Systems

    • Ransomware attack stages (initial access, lateral movement, privilege escalation, extortion, encryption)
    • The Colonial Pipeline ransomware attack
    • How DarkSide Ransomware works
    • Lessons learned from the Colonial Pipeline Ransomware Attack

    Part 2: Understanding Ransomware Attacks (90 Minutes)

    2.1 – The MITRE ATT&CK Framework

    • What are the current Attack Models and how do they work?
    • What is the MITRE ATT&CK Framework?
    • What are MITRE Tactics?
    • What are MMITRE Techniques?
    • What are MITRE Procedures?
    • What is the MITRE D3FEND Matrix?

    2.2 – Mapping Ransomware Tactics, Techniques, Procedures (TTPs) to MITRE ATT&CK

    • Mapping REvil Ransomware to the MITRE ATT&CK Framework
    • Mapping Conti Ransomware to the MITRE ATT&CK Framework
    • Mapping Maze Ransomware to the MITRE ATT&CK Framework
    • Mapping Ryuk Ransomware to the MITRE ATT&CK Framework
    • Mapping DarkSide Ransomware to the MITRE ATT&CK Framework

    2.3 – Pen Testing Tools and the MITRE ATT&CK Framework

    • The Pen Testing Execution Standard (PTES)
    • NIST SP 800-115 Technical Guide to Information Security Testing and Assessment
    • The Cobalt Strike Penetration Testing Platform
    • Mapping Cobalt Strike to the MITRE ATT&CK Framework

    2.4 – Understanding Cyber Threat Intelligence (CTI)

    • What is Cyber Threat Intelligence (CTI)?
    • How does Cyber Threat Intelligence Work?
    • Who are the main providers of Cyber Threat Intelligence?
    • What are the main themes of Cyber Threat Intelligence in 2021?

    Part 3: Building a Ransomware Security Program (90 Minutes)

    3.1 – Ransomware Security Controls / Guides

    • CISA_MS-ISAC Ransomware Guide
    • Higher Education Ransomware Playbook
    • CSBS Ransomware Self-Assessment Tool
    • NIST IR 8374 – NIST Cybersecurity Framework (CSF) Guidance on Ransomware
    • US Government Interagency Technical Guidance – How to Protect your Networks from Ransomware
    • Canadian Centre for Cyber Security Ransomware Playbook

    3.2 – NIST SP 1800 Practice Guides on Ransomware

    • NIST SP1800-25 – Identifying and Protecting Assets Against Ransomware and Other Destructive Events
    • NIST SP 1800-26 – Detecting and Responding to Ransomware and Other Destructive Events.
    • NIST SP 1800-11 – Recovering from Ransomware and Other Destructive Events

    3.3 – Free Cybersecurity Tools and Services > https://www.cisa.gov/free-cybersecurity-services-and-tools

    • Tools that focus on reducing the likelihood of a damaging cyber incident
    • Tools that focus on detecting malicious activity quickly
    • Tools that focus on responding effectively to confirmed incidents
    • Tools that focus on maximizing resilience to a destructive cyber event

    3.4 – Building a Ransomware Security Program

    • Cybersecurity Program Assessment: based on CIS Security Controls Scorecard
    • Ransomware Program Assessment: based on CISA MS-ISAC Ransomware Controls Scorecard
    • Develop a Plan of Action and Milestones (POA&M)
    • Document an Executive Summary
    • Conduct Read Team, Blue Team, Purple Team and Table-Top Exercises
    7:30 am
    [PLUS Course] Cloud Computing: Know Where You Want to Go
    • session level icon
    Part 1: Understanding Today's Heterogeneous Environment
    speaker photo
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 8:30 am

    In today’s modern computing world, many of us are seeking the benefits of Cloud Computing. We’ve learned that it’s not always cheaper and that we have to design smartly in order to gain advantages, secure the architecture, and reduce risk. The major vendors in this space are attempting to make the transformation easier with their offerings and competitiveness. There is a plethora of offerings out there and it can get confusing unless you take the time and plan ahead, talk with others in similar industries and learn from events like this one.

    In this course, we’ll take a holistic view of managing security and minimizing risk in the cloud. How to best develop operational effectiveness, take advantage of smart automations, and learn which metrics are right for us and our heterogeneous challenges. We’ll learn about the threats out there today and how to best keep them at bay.

    Whether you are in the Cloud, looking to upgrade your residence there, or whether you are looking to move into the Cloud realm, this course is for you if security, risk reduction, automation, and metrics, is something you are concerned about. Enroll in this course and let’s talk about it. We’ll hold four one-hour sessions to get us started with our secure digital transformation.

    Part 1: Know Where You Want to Go – Understanding Today’s Heterogeneous Environment

    • Fundamentals of Cloud Computing
    • Discover AWS
    • Discover Azure
    • Discuss the other vendors, GCP, Rackspace, and more.

    Part 2: Review of Security Architectures

    • Review the many layers of Security in the Cloud
    • Discuss modern day service weaknesses and attacks
    • Learn some nuances of modern day design

    Part 3: Design Principles for Security

    • Harden your baselines
    • Follow the frameworks
    • Use the tools effectively

    Part 4: Assessment of Secure Design

    • Establish metrics (OKRs, KPIs, KRIs, and more)
    • Realize the advantages of cloud reporting systems
    • Reporting to the Board
    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 3:15 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:30 am
    [Opening Keynote] BEC Attacks, Crypto, and the Investigative Powers of the Secret Service
    • session level icon
    speaker photo
    Financial Fraud Investigator, Global Investigative Operations Center, U.S. Secret Service
    speaker photo
    Assistant to the Special Agent in Charge, New York Field Office, U.S. Secret Service
    speaker photo
    Technical Staff Assistant (Special Agent), Boston Field Office, United States Secret Service
    speaker photo
    Managing Partner, SideChannel
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    9:15 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:15 am - 9:45 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    9:45 am
    Benefiting from CISA's Expanding Role in Cybersecurity
    • session level icon
    speaker photo
    Director, Cybersecurity Architecture, Draper Labs; Colonel, U.S. Army Reserve; President, New England Chapter, MCPA
    Registration Level:
    • session level iconConference Pass
    9:45 am - 10:30 am

    Key Takeaway:
    Walk away from this session with a better understanding of how you can partner with and benefit from CISA and its resources.

    For years, cybersecurity leaders have been asking for more help from the federal government, and it is finally happening. Now more than ever, the federal government has free resources to help you fight against sophisticated cyber actors and nation-states with the ability to disrupt, destroy, or threaten the delivery of essential services. With the risk and potential consequences of cyber events, strengthening the security and resilience of cyberspace has become an important homeland security mission, and CISA can help.

    9:45 am
    PCI 4.0: What Is Coming?
    • session level icon
    speaker photo
    Director, Audit and Compliance, CipherTechs, Inc.
    Registration Level:
    • session level iconConference Pass
    9:45 am - 10:30 am

    PCI 4.0 is coming out at the end of first quarter 2022. There are many changes that are involved with wording, testing, and the forms for submission. This session will talk about some of the changes that may affect you for the SAQs and the ROCs, such as what additional documentation and activities you will need prior to having PCI 4.0 implemented by the end of 2024 going into 2025.

    9:45 am
    Chains of Behavior: From Ransomware to Supply Chains
    • session level icon
    speaker photo
    VP & CISO, Zscaler
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:30 am

    Our collective goal is to reverse the advantage in cyber conflict enjoyed by attackers and to give defenders an asymmetric edge. To date, that hasn’t been working as most of our tools and technologies are geared to yesterday’s cyberwar. The key here is to of course align with the business and deploy people, process, and technology correctly; but we need to lean into behavioral telemetry, new data structures, and focus on the results we want. This will help us get ahead of emerging Supply Chain threats now visible beneath the waterline and to counter the scourge of ransomware. It’s time to put the older technologies and processes of security in their right place and to embrace new and emerging technologies that work, to experiment, and to innovate in ways that the industry has lacked for at least a decade. We are headed to a future-proof security stack, and it’s attainable now!

    9:45 am
    Hacking Your Organization: 7 Steps Cybercriminals Use to Take Total Control of Your Network
    • session level icon
    speaker photo
    Data-Driven Defense Evangelist, KnowBe4
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:30 am

    The scary fact is that the majority of data breaches are caused by human error. With so many technical controls in place hackers are still getting through to your end users. How are they so easily manipulated into giving the cybercriminals what they want? Well, hackers are crafty. And the best way to beat them is to understand the way they work.

    In this session, Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, will take you through the “Cyber Kill Chain” in detail to show you how a single email slip up can lead to the total takeover of your network.

    Roger will show you:

    • How detailed data is harvested using public databases and surprising techniques
    • Tricks used to craft a compelling social engineering attack that your users WILL click
    • Cunning ways hackers deliver malicious code to take control of an endpoint
    • Taking over your domain controller and subsequently your entire network

    But not all hope is lost. Roger will also share actionable strategies you can put in place now to greatly reduce your risk. Find out how to protect your organization before it’s too late!

    10:40 am
    Congratulations on CISO, Now What?
    • session level icon
    speaker photo
    CISO & Data Privacy Officer, Emburse
    Registration Level:
    • session level iconConference Pass
    10:40 am - 11:25 am

    In this talk, Bill Bowman will lay out a plan for your first year on the job. He will give you guidance on building relationships, finding the skeletons, advocating for funding, and building your team. Identifying the risks, articulating a path forward, and maturing the organization will be the take- aways. If you are forced into the role or finally arriving after years of building your brand, this talk will give you confidence to walk into your boss’s office tomorrow morning and chart the path forward as the Chief Information Security Officer.

    10:40 am
    An Enlightened Path to AppSec Nirvana from Code to Cloud
    • session level icon
    speaker photo
    Director of Application Security, GoodLeap LLC
    Registration Level:
    • session level iconConference Pass
    10:40 am - 11:25 am

    Key Takeaway:
    You’ll leave with an executable roadmap to improving the security of your applications.

    This session will be high-level and cover the various elements of a comprehensive application security program and how the pieces fit together. We’ll also review the various secure development models to equip you with a choice of standards you can adopt. Finally, we’ll cover sequencing and speed so you can follow a path to achieving your own AppSec nirvana.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    10:40 am
    A Macroscopic Review of Cloud Exploits and Exposures
    • session level icon
    speaker photo
    Principal Data Scientist, Rapid7
    Registration Level:
    • session level iconOpen Sessions
    10:40 am - 11:25 am

    In this talk, we’ll take a moment to systematically review some of the most prominent cloud exploits in 2021 that have since been publicly disclosed. We’ll cover details about the industry distributions that were known to be harmed, the types and scale of exposures that occurred, and the underlying factors that contributed to exposure.

    We’ll also supplement that review of the state of cloud security in 2021 with an assessment of internet-wde telemetry collected across the entirety of the IPv4 space to identify exposures that could hint at opportunistic targets within cloud infrastructures.

    With this knowledge, organizations can take focused, proactive measures to mitigate the risks facing cloud implementations.

    10:40 am
    Congrats on the Anniversary of the Unknown Breach – Where Is the Threat Actor Now?
    • session level icon
    speaker photo
    Sr. Security Consultant, Gigamon
    Registration Level:
    • session level iconOpen Sessions
    10:40 am - 11:25 am

    If you talk to any mason out there, they will tell you that there are two types of cement: cement that is going to crack and cement that has already cracked. Likewise, there are two types of business environments: those that will be breached and those that are already breached.

    In this session, we will talk about those environments already breached. We will identify considerations you need to keep in mind before a threat actor extorts money from the business, steals your intellectual property, causes irreversible harm to the business’s reputation, or attempts to compromise your employees.

    11:30 am
    [Lunch Keynote] Demystifying Zero Trust and Its Role in Cybersecurity
    • session level icon
    speaker photo
    CEO & Co-Founder, ThreatLocker
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:30 pm
    Location / Room: Keynote Theater

    The Zero Trust framework is based on the principle of “never trust, always verify.” Join us to learn about Zero Trust, how to adopt it, and the technologies you need to take control of your environment in the fight against ransomware.

    11:30 am
    Advisory Council Lunch Roundtable - (VIP / Invite Only)
    • session level icon
    The Future of Work
    Registration Level:
    • session level iconVIP / Exclusive
    11:30 am - 12:30 pm

    Sponsored By:

    12:30 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:30 pm - 1:00 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    1:00 pm
    [Panel] Cloud: Doing More with Less
    • session level icon
    speaker photo
    Sr. Security Consultant, Gigamon
    speaker photo
    Security Strategist, Mimecast
    speaker photo
    Senior Principal Engineer, ForgeRock
    speaker photo
    Sr. Systems Engineer, Abnormal Security
    speaker photo
    Director of Cloud Security Sales, Fortinet
    speaker photo
    CISO, Cyber Guide LLC
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:50 pm
    Location / Room: Keynote Theater

    The cloud saved many businesses when the pandemic hit. Some were already there and found new ways to thrive. For others, it was their first jump. It’s been almost two years now. Our panel will share what we’ve learned in this journey to the cloud—from doing more with less, to the ever-present insider threat risk, to supporting our DevOps teams like never before.

    1:00 pm
    [Panel] The Current Threat Landscape
    • session level icon
    speaker photo
    VP of Product, Balbix
    speaker photo
    Sr. Solution Architect, Cymulate
    speaker photo
    Solutions Engineer, Tessian
    speaker photo
    Vice President, Product, Recorded Future
    speaker photo
    Director, Solutions Engineering and Alliances, Automox
    speaker photo
    Cybersecurity Threat Hunter and Incident Responder, Eversource Energy
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:50 pm
    Location / Room: Room 103

    If we’ve learned one thing from the pandemic it’s that cybercriminals do not take breaks. They are constantly retooling and trying new approaches. They collaborate—often better than we do. It is time for us to join forces, identify the most likely of risks to our organizations, and strengthen our networks. We’ve got to get our developers on board, as well, as it’s got to be secure before it goes to market. And what about all the careless clicking from employees?

    It’s a huge task, but we don’t have to do it alone. Join our panel of experts as they unpack the current threat landscape and offer ideas on how to start making effective changes within your organization.

    1:00 pm
    Speed Kills Malware: Why 20ms Makes All the Difference
    • session level icon
    speaker photo
    Director of Sales Engineering, Deep Instinct
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:50 pm

    During this session, we will examine the approaches to prevent and detect threats with AI, ML, and DL, and dive into how deep learning (DL) provides greater speed and accuracy to stop malware faster than ML. Learn more on the chronology of an unknown attack and why 20ms is the difference between security and a breach.

    • 1.5 secs: Ransomware begins to spread, infect, and encrypt
    • 3 secs: Malware has control and elevated privileges
    • 1 minute: Avg time to detect unknown malware
    2:00 pm
    A Whole Lotta BS (Behavioral Science) About Cybersecurity
    • session level icon
    speaker photo
    Executive Director, National Cybersecurity Alliance
    Registration Level:
    • session level iconConference Pass
    2:00 pm - 2:45 pm

    Let’s be honest: people can frustrate us. They don’t always do the things we’d like, and they often do some things we’d rather they didn’t. New research from the National Cybersecurity Alliance reveals insights about the public’s attitudes and beliefs about security.  We’ll explore the 2022 “Oh Behave! Cybersecurity Attitudes and Behaviors Report,” and some of the findings may surprise you! We’ll also give you practical, actionable advice on how you can better communicate to influence the behavior change you want to see.

     

    2:00 pm
    Incident Response: Look Who's Talking
    • session level icon
    speaker photo
    Americas Lead for Human Cyber Risk and Education, EY
    Registration Level:
    • session level iconConference Pass
    2:00 pm - 2:45 pm

    Key Takeaway:
    Learn the essential elements of crisis communications and reputation control for the cybersecurity team and the elements not exercised in most Incident Response plans.

    The ability to control the narrative during a cyber event will shape public perception of the company’s preparedness for a cyber event. In a cyber crisis, for everyone outside of the technical teams, perception is reality, and that reality may affect the company’s reputation long after the incident is over. Businesses have a significant reliance on technology; a breach of customer trust can be just as devastating as a network breach. Employees who are unsure of the circumstances will not hesitate to share on social media. Does the Incident Response plan account for reputation control? How will the company handle crisis communications during a cyber incident?

    2:00 pm
    Threat Detection: Beyond Prevention
    • session level icon
    speaker photo
    Senior Solution Stragegist, ConnectWise
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:45 pm
    2:00 pm
    ISACA New England Chapter Meeting
    • session level icon
    Open to all attendees
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:45 pm
    2:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:45 pm - 3:15 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    3:15 pm
    AccessIT - How Does Your Crisis Management Playbook Stack up During a Real-World Conflict?
    • session level icon
    speaker photo
    CISO, Steward Health Care
    speaker photo
    CISO, Houghton Mifflin Harcourt
    speaker photo
    VP, Infrastructure & Security, Emsi Burning Glass
    speaker photo
    CISO, Afiniti
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 4:00 pm
    Location / Room: Keynote Theater

    With the threat of cyberwarfare looming stateside, is your company prepared for the possible digital infrastructure and data attacks against them? Hear Andrew Smeaton, CISO for DataRobot, share his experiences of executing a crisis management plan in the midst of real-time warfare. Andy will be joining us to share what he has witnessed happen on the ground in Ukraine and discuss with fellow CISO panelists how InfoSec executives are pivoting their cyber skills to aid in humanitarian efforts and why your organization should be reviewing your crisis management playbook to adapt to conflict in real-time.

    Sponsored by:

    3:15 pm
    "Birds of a Feather" Discussion Group
    • session level icon
    Topic: Prioritizing Current Threats
    speaker photo
    Secretariat Security Liason, Massachusetts Executive Office of Health and Human Services
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 4:00 pm

    Discussion moderator: James Cusson

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

    3:15 pm
    Happy Hour
    • session level icon
    Sponsored by Atlantic Data Security
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 5:00 pm
    Location / Room: Boylston Hallway

    Join your peers for complimentary hors d’oeuvres, beverages, and conversation following the first day of SecureWorld. This is a great opportunity to network with other security professionals from the area, and to discuss the hot topics from the day.

    Generously sponsored by:

    3:15 pm
    [PLUS Course] Developing a Comprehensive Ransomware Security Program
    • session level icon
    Part 2
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    3:15 pm - 4:30 pm
    3:15 pm
    [PLUS Course] Cloud Computing: Know Where You Want to Go
    • session level icon
    Part 2: Review of Security Architectures
    speaker photo
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
    Registration Level:
    • session level iconSecureWorld Plus
    3:15 pm - 4:30 pm

    Whether you are in the Cloud, looking to upgrade your residence there, or whether you are looking to move into the Cloud realm, this course is for you if security, risk reduction, automation, and metrics, is something you are concerned about. Enroll in this course and let’s talk about it.

    • Review the many layers of Security in the Cloud
    • Discuss modern day service weaknesses and attacks
    • Learn some nuances of modern day design
  • Thursday, March 10, 2022
    7:00 am
    Registration open
    Registration Level:
    7:00 am - 3:00 pm
    Location / Room: Registration Desk / Lobby

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    [Advisory Council Roundtable] Learn from Your Peers: What's Working and What's Not with Application Security
    • session level icon
    VIP / Invite Only
    speaker photo
    Director, WhiteSource
    Registration Level:
    • session level iconVIP / Exclusive
    7:30 am - 8:20 am
    Location / Room: 101

    Application security is a rapidly changing area, given the rapid adoption of cloud-native architectures, open source software, containers, and DevOps. Surveys indicate that application security is the #1 area of new investment by large enterprises. Attend this session to share with your peers and learn how other organizations are struggling (or succeeding!) with their application security programs. Specific topics that will be explored during this session include:

    • Lessons learned from the Log4j exercise
    • How security teams can gain developers’ trust and collaboration
    • Can a single set of security tools meet the needs of different development teams
    • How can you best secure Infrastructure as Code

    Sponsored by:

    7:30 am
    [PLUS Course] Developing a Comprehensive Ransomware Security Program
    • session level icon
    Part 3
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 8:30 am
    7:30 am
    [PLUS Course] Cloud Computing: Know Where You Want to Go
    • session level icon
    Part 3: Design Principles for Security
    speaker photo
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 8:30 am

    Whether you are in the Cloud, looking to upgrade your residence there, or whether you are looking to move into the Cloud realm, this course is for you if security, risk reduction, automation, and metrics, is something you are concerned about. Enroll in this course and let’s talk about it.

    • Harden your baselines
    • Follow the frameworks
    • Use the tools effectively
    8:00 am
    Exhibitor Hall open
    Registration Level:
    8:00 am - 3:15 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:30 am
    [Opening Keynote] CISO Panel: The Future of Work
    • session level icon
    speaker photo
    CISO, City of Boston
    speaker photo
    CISO, Draper
    speaker photo
    Cybersecurity Advisor (CSA), Integrated Operations Division | Region 1, CISA
    speaker photo
    CISO, Massachusetts Bay Transportation Authority (MBTA)
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Keynote Theater
    9:15 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:15 am - 9:45 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    9:45 am
    Reframing the Conversation around Cybersecurity Fatigue
    • session level icon
    From Military Conflict to Therapy and Addiction
    speaker photo
    CISO, Steward Health Care
    Registration Level:
    • session level iconConference Pass
    9:45 am - 10:30 am
    9:45 am
    5 Steps to Zero Trust
    • session level icon
    speaker photo
    Senior Director of Sales Enablement, Varonis
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:30 am

    Protecting the edge of your network isn’t enough in a world where anyone can access data from anywhere. The principles of Zero Trust turn the traditional perimeter-centric model on its head and focus on securing what matters most: the data.

    See how a data-centric approach to security can help you defend against ransomware, APTs, and insider threats.

    We’ll break down how to get to Zero Trust, covering how to:

    • Identify sensitive data with scalable classification
    • Create an audit trail around sensitive data
    • Architect microperimeters by limiting who has access to data
    • Monitor for potential threats
    • Use automation for remediation and response

    Learn about what Zero Trust means and concrete steps you can take to implement it in practice.

    9:45 am
    The 3 Biggest Challenges Security Teams Have
    • session level icon
    And How to Overcome Them
    speaker photo
    Chief Evangelist, Team Cymru
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:30 am

    In this session, we’ll look at three practical challenges that seriously impede an organization’s security strategy. In the 2021 State of Threat Hunting and the Role of the Analyst survey, 66% of 1778 respondents said they lacked visibility into their own network and 56% said they lacked visibility across their supply chains.

    Lack of visibility, the existence of legitimate business processes that cannot be blocked, and the fact that large organizations are plagued with alerting noise present challenges that can only be overcome by looking at your enterprise and third-party ecosystem from the perspective of the cyber attacker.

    During this presentation, we’ll illustrate the operational and financial outcomes associated with making external threat hunting a strategic priority. We also walk through a Cobalt Strike C2 mapping exercise as an example of what elite teams at many organizations are doing today to put themselves in a position to do the following…

      • Block phishing attacks
      • Identify impending attacks against themselves and third parties
      • Detect compromises within supply chain enterprises
      • Improve alert validation and prioritization
      • Optimize incident response from root cause analysis to remediation
    9:45 am
    Why Wait? Find Cloud Risks and Threats in Real Time with Stream Detection
    • session level icon
    speaker photo
    Principal Security Architect, Sysdig
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:30 am

    Cloud service providers offer cost-effective and efficient collection and storage of cloud logs, which is a rich source of data for DevOps and security teams. Copying logs out of the cloud to query them later is expensive and complex to manage. With stream detection, you can find risks and threats in real-time and fix issues faster while saving time and money.

    Rich Schofield, Principal Security Architect at Sysdig, will share how stream detection has evolved from the era of securing network computing and is being applied for securing the cloud and containers today.

    10:40 am
    A Holistic Approach to Third-Party Risk Management
    • session level icon
    speaker photo
    VP, CISO, Surgery Partners, Inc.
    Registration Level:
    • session level iconConference Pass
    10:40 am - 11:25 am

    Key Takeaway: Tips on creating a holistic third-party risk management program.

    This session will show how Blue Cross & Blue Shield of Rhode Island (BCBSRI) manages third-party risk. The team will give you a sense of how they have expanded beyond traditional “questionnaires” into a full-cycle program encompassing threat intelligence, privacy, business continuity, enterprise risk, and exception management.

    Presentation Level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    10:40 am
    Driving Business Strategy and Growth Using Cybersecurity
    • session level icon
    speaker photo
    Sr. Demand and Delivery Director, Data Protection
    Registration Level:
    • session level iconConference Pass
    10:40 am - 11:25 am
    Traditionally, cybersecurity is often viewed as a means to reducing risks to an organization, thwarting the attacks of threat actors and securing company assets and infrastructure. When we examine the strategic goals and objectives that organizations undertake to promote their growth and success, we can often identify the interlinkage between business objectives and the services cybersecurity provides. By shifting the focus on how cybersecurity could enable an organization to bring products to market faster, make it easier for customers to conduct business with the company, create an environment to attract and retain employees and become the vendor of choice to our customers, we can strengthen our relationship with executive leadership and board of directors, become a trusted partner to the business, serve as a trusted advisor to line of business owners and shift the paradigm of cybersecurity from risk reduction cost center to a business enablement service line.
    10:40 am
    Déjà Vu All Over Again: The Student Body Left Problem
    • session level icon
    speaker photo
    CISO of North America, Checkmarx
    Registration Level:
    • session level iconOpen Sessions
    10:40 am - 11:25 am

    Recent Common Vulnerabilities and Exposures (CVE) announcements like Apache Log4j have upended software teams all over the world. Scheduled work comes to a grinding halt, and triage and emergency surgery must be performed on applications. If not prepared, this unplanned work can derail productivity for weeks or even months. The longer it takes, the more pressure is applied by management. You can reduce the impact.

    Secure software development isn’t always a top concern to the business unless you are in a highly regulated industry. Today, time to market is often more important than security, increasing the value of the product that you sell with continuous improvement and quick software releases. To create and maintain a lead on the competition, you have to be really good at Agile and DevOps.

    A potential scenario: the security team has called an emergency meeting. A new vulnerability has been publicly disclosed that impacts not only your software, but your company and your customers. Will the required remediation take hours or even weeks to complete? It depends on your preparedness.

    To improve your readiness and reduce impact, we will look at tips and actions you can take now.

    1. Learn more about the scope of the mess that was created by the Log4j CVE.
    2. Why most companies struggled to address it quickly.
    3. What steps you can take now to be ready for the next one.
    10:40 am
    Threat Perception and Security Graph
    • session level icon
    speaker photo
    Global Security Strategist, Google Cloud Security
    Registration Level:
    • session level iconOpen Sessions
    10:40 am - 11:25 am
    Location / Room: 103

    Trevor Welsh, who leads Global Security Strategy at Google, will discuss how detection can evolve to address threats of today and tomorrow. This includes conversation about insider work being done to shift left in the detection and response process.

    11:30 am
    [Lunch Keynote] Cybersecurity Training & Education: An 'All-Hands' Approach to Filling the Skills Gap
    • session level icon
    speaker photo
    Founder and Director, Master of Science in Cybersecurity Policy & Governance Program, Boston College
    speaker photo
    CEO & Founder, HYCU, Inc.
    speaker photo
    Director of Cybersecurity, Massachusetts Port Authority
    speaker photo
    Fulbright Scholar, Boston College Cybersecurity Graduate Programs
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:30 pm
    Location / Room: Keynote Theater

    It is estimated that there will be 3.5 million cybersecurity job openings in 2025 and, by some estimates, the global cybersecurity workforce needs to grow at 145 percent each year simply to keep pace with the demand for skilled talent. All of this while each day there is a headline grabbing news piece involving another cyberattack resulting in the theft of digital information (e.g., sensitive and private personal data, intellectual property, trade secrets, financial information, classified and confidential materials) or the disruption of government and business functions. What to do?

    In our address, we will discuss and provide practical advice on:

    • Ways in which academia, private industry, and government have been collaborating to address the cybersecurity skills gap and, through research, address today’s cyberthreats;
    • Strategies to develop training programs not only for cyber professionals, but also staff, administrators, business managers, and executives; and
    • A path forward to address the skills gap and the need for diversity in the profession
    11:30 am
    Advisory Council Roundtable Lunch [VIP / Invite Only]
    • session level icon
    Topic: De-Risking IT/OT Convergence
    speaker photo
    Director, North America Systems Engineering, Skybox Security
    Registration Level:
    • session level iconVIP / Exclusive
    11:30 am - 12:30 pm

    The convergence of operational technology (OT) and IT systems creates complexity and places organizations at high risk of cyber-attacks. The proliferation of networked sensors (IoT) has increased the attack surface, taxing the responsiveness of network perimeter security and vulnerability management teams. Concepts like ZTA and SASE, while conceptually beneficial, can introduce even more uncertainty to the hybrid environment. These problems used to be confined within the data center walls but Digital Transformation projects have greatly increased the scope of challenges. It’s not just an IT problem anymore as industrial control systems and the like look to leverage the benefits of automation and centralized control via the network.

    We will explore some of these challenges, approaches taken by your fellow leaders, and outcomes.

    Presented by:

    12:30 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:30 pm - 1:00 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    1:00 pm
    [Panel] The Battle to Control the Endpoints
    • session level icon
    speaker photo
    CEO & Co-Founder, ThreatLocker
    speaker photo
    CEO & President, Apexa IQ
    speaker photo
    Senior Sales Engineer, Open Systems
    speaker photo
    Senior Security Solutions Architect, Securonix
    speaker photo
    Healthcare Information Security Officer, Healthcare Organization
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:50 pm
    Location / Room: Keynote Theater

    In a recent survey, the SecureWorld media team uncovered that a whopping 30% of IT professionals admitted they didn’t actually know if they had visibility on all the endpoints within their organizations! With close to a thousand endpoints (in the majority of those surveyed) that included: servers, office PCs, printers, employee-owned devices, smart watches, IoT—the list goes on and on. What does the cloud do to impact this count? What was missed? Join our experts as they help us gain better visibility into the battle to control ALL the endpoints.

    1:00 pm
    [Panel] Securing the Code: AppSec and DevOps 101
    • session level icon
    speaker photo
    Principal Security Strategist, Synopsys
    speaker photo
    President & Co-Founder, HackEDU
    speaker photo
    Principal Security Engineer, Salt Security
    speaker photo
    CISO of North America, Checkmarx
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:50 pm

    Everyone says you’ve got to bake security into the development process, but it doesn’t always get done. Speed to market and “other considerations” can get in the way of good, clean secure code. Some developers share code or borrow from open-source platforms on the internet. Is that safe? How do you work with your DevOps teams to create a collaborative, proactive environment where they have the time and resources to build that security in from the beginning? How do you deal with burnout and fatigue? Our panel will address these concerns and more to help you get a handle on securing the code.

    1:00 pm
    CNAPP: Finding the Worst Security Risks
    • session level icon
    speaker photo
    Enterprise Solutions Engineer, Wiz
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:50 pm

    Are you familiar with the new category of CNAPP? Security challenges in the Cloud are different than those that exist on perm, but the overall processes to build and maintain a secure environment are the same. A cloud-native application protection platform is a simplified security architecture that enables enterprises to holistically benefit from the cloud-native ecosystem. It enables them to leapfrog the cost and complexity of siloed security products to a continuous security fabric without major investments in tools or developer talent. Learn first hand from the experts on the ROI/Benefits of CNAPP and real-world approaches to deploying in your existing environment.

    2:00 pm
    The Last 2%: The Defense in Depth Layers No One Wants to Talk About
    • session level icon
    Perception Management, Value, and Trust
    speaker photo
    VP & CISO, Blue Cross Blue Shield of Massachusetts
    Registration Level:
    • session level iconConference Pass
    2:00 pm - 2:45 pm

    Having an effective security program is more than just having great technology. It’s about turning data into information and information into action. True success comes in the form of the business “wanting” you involved because they trust you and value the services your team provides. It doesn’t happen overnight and like any other part of your program, it needs to be deliberately designed in.

    2:00 pm
    (ISC)2 Chapter Meeting - Open to all attendees
    • session level icon
    Discussion Topic: Cyber Pros, Know Your Worth
    speaker photo
    Board Member, (ISC)2 Eastern Massachusetts; President, CyberSN
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:45 pm
    Location / Room: 103

    The labor market has changed dramatically over the last two years for cybersecurity professionals. Learn how to communicate the value of your experience, skills, and credentials to maximize your income potential over the course of your career.

    • Understand the value of your skills, experience, and interests in today’s market
    • Identify the highest impact areas for personal and career development
    • Surface and share what you truly do and have it valued appropriately by the market
    • Be informed about the market to make smarter career and job decisions
    2:00 pm
    Remediating Critical Vulnerabilities in 12 Hours or Less: Lessons Learned from Log4j
    • session level icon
    speaker photo
    SVP, Customer Solutions Architecture and Engineering, Qualys
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:45 pm
    2:00 pm
    [Panel] Don't Let the Past Cloud Your Vision, Look Ahead to the Future of Cloud Security
    • session level icon
    speaker photo
    Principal Architect, Sales Engineering, Imperva
    speaker photo
    Head of Engineering, East US, Check Point Software Technologies
    speaker photo
    Director of Netskope Threat Labs, Netskope
    speaker photo
    Sr. Sales Engineer, Orca Security
    speaker photo
    Director, Security Architecture, AccessIT Group
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:45 pm

    Prior to the COVID-19 outbreak, people had mixed feelings and results when it came to cloud security, partly because they didn’t really understand it. Now, as we are climbing out of the pandemic, organizations are sharing their success stories from the cloud over the last few years. Join our experts as they share some of these successes, as well as a new path forward!

    2:45 pm
    Networking Break and Dash for Prizes
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:45 pm - 3:15 pm
    Location / Room: Exhibitor Hall

    Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

    Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

    3:15 pm
    Diversity Is the Result of Inclusive Cultures
    • session level icon
    speaker photo
    Founder and CEO, CyberSN and Secure Diversity
    Registration Level:
    • session level iconConference Pass
    3:15 pm - 4:00 pm

    This talk centers on a 9-piece framework to help you create inclusive cultures that will result in diverse workplaces, called the Standards of Inclusive Behavior. We will explore how each of the nine standards for interactions impacts our professional environments and how to use this framework to create equality and diversity of thought. When we establish a baseline of standards for human interactions that are framed through the window of cybersecurity, our teams and organizations can excel because expectations are clear and fair.

    Our security, privacy, economic well-being, and mental health depend on the ability to engage others positively and this is a skill that employers rarely teach.

    3:15 pm
    Experiment-Driven Threat Modeling
    • session level icon
    speaker photo
    Counter Threat Unit Researcher, Secureworks
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 4:00 pm

    Creating and maintaining useful threat models amid an ever-evolving threat landscape is no easy task. In this talk, Trenton will share how your organization can effectively leverage collaborative adversaries to run experiments that improve threat models and exercise defenders.

    3:15 pm
    [PLUS Course] Developing a Comprehensive Ransomware Security Program
    • session level icon
    Part 4
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    3:15 pm - 4:30 pm
    3:15 pm
    [PLUS Course] Cloud Computing: Know Where You Want to Go
    • session level icon
    Part 4: Assessment of Secure Design
    speaker photo
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
    Registration Level:
    • session level iconSecureWorld Plus
    3:15 pm - 4:30 pm

    Whether you are in the Cloud, looking to upgrade your residence there, or whether you are looking to move into the Cloud realm, this course is for you if security, risk reduction, automation, and metrics, is something you are concerned about. Enroll in this course and let’s talk about it.

    • Establish Metrics (OKRs, KPIs, KRIs, and more)
    • Realize the advantages of cloud reporting systems
    • Reporting to the Board
    4:00 pm
    CISO Happy Hour
    • session level icon
    VIP / Invite Only
    Registration Level:
    • session level iconVIP / Exclusive
    4:00 pm - 5:30 pm

    Join your fellow CISOs and senior leaders for complimentary hors d’oeuvres, beverages, and conversation following the conclusion of Day 1. This is a great opportunity to network with other security professionals from the area and to discuss the hot topics from the day.

    Hosted by The Cyber Breakfast Club™ and sponsored by CyberSN and CYBER BUYER. Register here: https://www.eventbrite.com/e/274216989397

Exhibitors
  • Abnormal Security
    Booth: 136

    Abnormal is the most precise human behavior security engine for blocking all email attacks, including phishing, malware, ransomware, social engineering, executive impersonation, supply chain compromise, internal account compromise, spam, and graymail.
    Secure email gateways and built-in Microsoft and Google security struggle to block email attacks that pass reputation checks, have no URLs or attachments, and appear to come from trusted sources.

    Only Abnormal uses behavioral AI to profile known good behavior and analyzes over 45,000 signals to detect anomalies that deviate from these baselines, delivering maximum protection for global enterprises.

  • Accedian
    Booth: 125

    Accedian is the leader in Performance Assured Networking™ for mobile backhaul, business services, and cloud connectivity. Our solutions provide service providers and network operators with visibility into their networks, and this differentiating ability empowers them to optimize, improve, and manage the performance of their network, thereby delivering the best possible experience to their subscribers.

  • AccessIT Group
    Booth: AccessIT Partner Pavilion

    AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.

    AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.

  • Apexa iQ
    Booth: 247

    ApexaiQ™ is the Most Relevant IT risk rating score in the market.

    The Apexa platform discovers and rate your entire IT estate in minutes.

    KNOW EXACTLY WHERE YOU STAND AND WHAT TO DO NEXT.

    With ApexaiQ™ you instantly get:

    1. Insight into every device on your network.
    2. A Comprehensive single-dashboard view with security gaps — including IT hygiene and obsolescence status.
    3. Compliance and audit reports.
    4. A Prioritized list of exactly what’s needed to make lifecycle improvements, reduce technical debt, and eliminate security risks.
  • Arctic Wolf Networks
    Booth:

    Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOC™ service is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting, and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit  https://www.arcticwolf.com.

  • Area 1 Security
    Booth: 235

    Area 1 Security is the only company that preemptively stops Business Email Compromise, malware, ransomware and targeted phishing attacks. By focusing on the earliest stages of an attack, Area 1 stops phish — the root cause of 95 percent of breaches — 24 days (on average) before they launch. Area 1 also offers the cybersecurity industry’s first and only performance-based pricing model, Pay-per-Phish.

    Area 1 is trusted by Fortune 500 enterprises across financial services, healthcare, critical infrastructure and other industries, to preempt targeted phishing attacks, improve their cybersecurity posture, and change outcomes.

    Area 1 is a Certified Microsoft Partner, and Google Cloud Technology Partner of the Year for Security.

  • Armis, Inc
    Booth: 114

    Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust Armis’ unique out-of-band sensing technology to discover and analyze all managed and unmanaged devices, analyze endpoint behavior to identify risks and attacks, and protect information and systems.

  • ASIS
    Booth:

    ASIS International is the world’s largest membership association for security professionals. With hundreds of chapters across the globe, ASIS is recognized as the premier source for learning, networking, standards, and research. ASIS ensures its members and the security community have access to the intelligence and resources necessary to protect their people, property, and information assets. www.asisonline.org

  • Atlantic Data Security
    Booth: 114

    Since 1993, Atlantic has been representing industry leading security products to help get customers to an acceptable level of IT security risk. Atlantic works extensively with both large enterprises and SMB markets, understanding their business goals before any solution is recommended. Atlantic’s strict focus ensures that customers receive the highest level of both service and support.

  • Authomize
    Booth: 253

    Authomize continuously monitors your identities, access privileges, assets, and activities, in order to secure all your apps and cloud services. Our granular visibility across IaaS, SaaS, and various data services enables organizations to ensure effective control over their access privileges and the security of their assets.

  • Automox
    Booth: 338

    Automox tackles one of today’s biggest cybersecurity challenges: misconfigured and out-of-date systems that can easily be exploited. Legacy tools simply cannot remediate known vulnerabilities as efficiently as modern IT demands. Automox is rewriting those rules with a cloud-native endpoint hardening platform that delivers unprecedented speed, simplicity, and automation—whether it is on-prem, in the cloud, or on the move.

  • Balbix
    Booth: 242

    Balbix is the world’s leading platform for cybersecurity posture automation. Using Balbix, organizations can discover, prioritize and mitigate unseen risks and vulnerabilities at high velocity. With seamless data collection and petabyte-scale analysis capabilities, Balbix is deployed and operational within hours, and helps to decrease breach risk immediately. Balbix counts many global 1000 companies among its rapidly growing customer base and was named a “Cool Vendor” by Gartner in 2018.

  • BlackBerry Corporation
    Booth: 125

    BlackBerry Cybersecurity is a leader in endpoint security, endpoint management, encryption, and embedded systems, protecting enterprises and governments around the world. Our end-to-end approach is deeply rooted in Cylance® AI and machine learning, providing continuous preventative protection, detection, and instant response. We extend protection for your organization against current and future cyberthreats by combining network and endpoint telemetry and by delivering innovative solutions in the areas of cybersecurity, safety, and data privacy.

  • BlackCloak, Inc
    Booth: 246

    BlackCloak provides digital protection for corporate executives, Board Members, and high-profile and high-net-worth individuals and their families. Its award-winning Concierge Cybersecurity & Privacy™ Platform combines proprietary software with white-glove client service to prevent cyberattacks originating in an enterprise leader’s personal life from moving laterally into the organization. The Platform also protects individuals and their families from financial fraud, identity theft, targeted cyberattacks, reputational damage and other threats to privacy and security. Thousands of CISOs, CIOs, CFOs, and General Counsels trust BlackCloak to protect the personal privacy, devices, and homes of their most important personnel so they can continue to focus exclusively on what they do best: protecting the enterprise from cyberattack.

  • Black Kite
    Booth: 129

    At Black Kite, we’re redefining vendor risk management with the world’s first global third-party cyber risk monitoring platform, built from a hacker’s perspective.

    We’re committed to improving the health and safety of the entire planet’s

    cyber ecosystem with the industry’s most accurate and comprehensive cyber intelligence. While other security ratings service (SRS) providers try to narrow the scope, Black Kite provides the only standards-based cyber risk assessments that analyze your supply chain’s cybersecurity posture from three critical dimensions: technical, financial and compliance.

    Check us out at: https://blackkite.com/

  • Centripetal
    Booth: 134

    Centripetal is a three-time Deloitte Fast 500 company, whose cyber security systems are deployed in many of the world’s most mission critical networks. Our mission is to make the most advanced intelligence-based defense available to everyone as a service. Through our research we are resolving each of the technological challenges to put trust back into internet connection.

  • Checkmarx Inc.
    Booth: 341

    Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.

  • Check Point Software Technologies
    Booth: 114

    Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • Cobalt
    Booth:

    Cobalt’s Pentest as a Service (PtaaS) platform is modernizing traditional pentesting. By combining a SaaS platform with an exclusive community of testers, we deliver the real-time insights you need to remediate risk quickly and innovate securely.

  • ConnectWise
    Booth: 345

    ConnectWise is the world’s leading software company dedicated to the success of IT solution providers through unmatched software, services, community, and marketplace of integrations. ConnectWise’s innovative, integrated, and security-centric platform – Asio™ – provides unmatched flexibility that fuels profitable, long-term growth for partners. ConnectWise enables ITSPs to drive business efficiency with automation, IT documentation, and data management capabilities – and increase revenue using remote monitoring, cybersecurity, and backup and disaster recovery technologies. For more information, visit connectwise.com.

  • Consortium Networks
    Booth:

    Consortium Networks is committed to providing businesses with the most relevant, up-to-date technology information, with a focus on cybersecurity.

  • Corelight
    Booth: 250

    Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com

  • Critical Start
    Booth: 114

    Critical Start Managed Cyber Risk Reduction solutions deliver continuous security cyber risk monitoring and mitigation enabling strong protection against threats. Combined with a team of expert risk mitigators, our platform provides maturity assessments, posture and event analytics, response capabilities, comprehensive threat intelligence, and security workload management capabilities. We help you achieve the highest level of cyber risk reduction for every dollar invested, leading to increased confidence in reaching your desired level of security posture.

  • Cybercrime Support Network
    Booth: n/a

    Cybercrime Support Network (CSN) is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime. CSN’s mission is to improve the plight of Americans facing the ever growing impact of cybercrime by bringing together national partners to support cybercrime victims before, during, and after.

  • Cyberhaven
    Booth: 241

    When the DLP market first emerged 20 years ago, the goal was to protect confidential information in on-premises databases, file servers, application servers, other data repositories, and endpoints. Today millions of sensitive documents, files, and other data are being exfiltrated in violation of corporate data policies every day because DLP is completely ineffective in the era of cloud-first applications and Zero Trust security. These data breaches result in stolen IP, damaged brands, and significant financial penalties. Let’s face it, DLP in its current form is nothing more than a compliance checkbox. Cyberhaven is transforming the DLP market and helping organizations secure all of the high-value data they must protect in order to compete and thrive in the digital economy. It’s a big hairy problem, and we are up to the challenge.

  • Cybereason
    Booth: 301

    Cybereason was founded in 2012 by a team of ex-military cybersecurity experts with the mission of detecting and responding to complex cyber-attacks in real time. Cybereason is the only Endpoint Detection and Response platform deployed in user space that detects both known and unknown attacks and connects isolated indicators of compromise to form a complete, contextual attack story. Cybereason’s behavioral analytics engine continuously hunts for adversaries and reveals the timeline, root cause, adversarial activity, related communication and affected endpoints and users of every attack. Cybereason provides security teams with actionable data, enabling fast decision making and proper response.

  • Cymulate
    Booth: 339

    Cymulate SaaS-based continuous security validation makes it simple to measure and improve your security posture across the full attack kill-chain. Every assessment is scored and includes actionable remediation guidance to mitigate risk and optimize security control effectiveness. Cymulate enables you to take data-driven decisions and manage your security resources efficiently.

  • Cynet
    Booth: 177

    Cynet 360 is the world’s first autonomous breach protection platform. Cynet eliminates the need of complex multi-product stacks, making robust breach protection within reach for any organization.

  • Deep Instinct
    Booth: 357

    Deep Instinct is a cybersecurity company that applies deep learning to cybersecurity. The company implements advanced artificial intelligence to the task of preventing and detecting malware.The company was the recipient of the Technology Pioneer by The World Economic Forum in 2017.

  • Endace
    Booth: 171

    Customers choose Endace products for one primary reason: they deliver, where competitor products fail. Whether it is capture accuracy, fidelity of time stamps, write-to-disk performance or speed of traffic retrieval, Endace is famous for delivering the very best performing products. Telcos, broadcasters, governments, defence departments, investment banks and many other large enterprises trust our products to help them manage their critical data networks.

  • Entrust
    Booth:

    Entrust keeps the world moving safely by enabling trusted identities, payments and data protection around the globe. Today more than ever, people demand seamless, secure experiences, whether they’re crossing borders, making a purchase, or accessing corporate networks. With our unmatched breadth of digital security and credential issuance solutions, it’s no wonder the world’s most entrusted organizations trust us.

  • Envision Technology Advisors
    Booth: 155

    Envision Technology Advisors is a business and technology consultancy specializing in Digital Transformation, Cybersecurity, Business Continuity, Infrastructure Consulting, Web Design and Development, and much more. With offices in Rhode Island and the Boston area, Envision serves clients throughout New England and beyond.

  • ExtraHop
    Booth: 234

    ExtraHop is a force multiplier for IT teams struggling with increasing complexity. With the ExtraHop platform, organizations can regain control over the security and performance of their applications and infrastructure, and capitalize on their data analytics opportunity to improve business operations and results. Learn more at www.extrahop.com

  • ForgeRock / Ping Identity
    Booth: 348

    ForgeRock is a global leader in digital identity that delivers modern and comprehensive identity and access management solutions for consumers, employees, and things to simply and safely access the connected world. Using ForgeRock, more than 1,300 global customer organizations orchestrate, manage, and secure the complete lifecycle of identities from dynamic access controls, governance, APIs, and storing authoritative data—consumable in any cloud or hybrid environment. The company is headquartered in San Francisco, California, with offices around the world.

    For more information and free downloads, visit www.forgerock.com or follow ForgeRock on social media.

  • Fortinet
    Booth:

    Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.

  • GateScanner
    Booth: 146

    GATESCANNER® utilizes Content Disarm and Reconstruction technology to prevent file-based malware attacks on multiple attack vectors. Traditional anti-malware protection solutions are not enough in today’s complex reality of APTs and sophisticated hackers—requiring security layers for the prevention of advanced file-based malware. The GATESCANNER CDR suite ensures that files from all routes are Zero-Day and malware-free. The CDR process transforms all files into safe, neutralized, and harmless copies while maintaining full file fidelity and usability.

  • Gigamon
    Booth: 355

    Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com. 

  • Google Cloud
    Booth: n/a

    Google Cloud provides organizations with leading infrastructure, platform capabilities and industry solutions to help them solve their most critical business problems. Google Cloud Security helps customers protect their global operations with solutions such as zero trust security, application and data protection, fraud prevention, and threat detection and response.

  • Security Journey
    Booth: 245

    HackEDU’s spring 2022 acquisition of Security Journey brings together two powerful platforms to provide application security education for developers and the entire SDLC team. The two officially became one in August 2022 and are now Security Journey. Two platforms, one path to build a security-first development culture.

  • HUB Tech
    Booth:

    HUB Tech partners with its clients becoming part of their support team. We work beside you to ensure you have a strategy that allows you to transform your Information infrastructure to keep up with the needs of your organization and your users. We have developed proprietary tools and strategies that have enabled us to lower cost and increase the quality of service to our client base, especially to state agencies, municipalities and school districts, where cost is a deciding factor in everyday decision making.

    Our mission is simple – to take full ownership for all that we do, to protect those who trust in us, and to make lifelong clients from every customer contact.

  • Imperva
    Booth:

    Imperva is a leading provider of data and application security solutions that protect business-critical information in the cloud and on-premises. Cybercriminals constantly change their tactics. But what they are after, and how they ultimately make money, doesn’t change. They are after data. They make their money through extortion, via DDoS and ransomware, and through theft via data breaches. Today, data and applications are the fundamental assets of any enterprise. Data are the intellectual property and apps are what run the business. Imperva has a singular purpose: protect these critical assets from the ever-changing attacks of the cybercrime industry.

  • IOvations
    Booth:

    IOvations, founded in 2006, is a value added reseller focused on protecting the data, infrastructure and applications of our customers through a combination of services and products that extend to the end point, traditional network and cloud environment.  Some of the things that make us unique include multiple industry awards, a long history of working with clients who appreciate how easy we are to work with, and our strong engineering expertise providing value and thought leadership.

  • ISACA New England Chapter
    Booth: 122

    The New England Chapter of ISACA® was founded in 1976. From the modest beginnings of its first meeting—which was held at Valle’s Steak House on Route 9 in Newton, Massachusetts—the chapter has grown to over 2000 members across four states (MA, NH, ME, VT).

    The primary objective of the New England Chapter  is to provide quality Information Systems audit and security-related education to support its members and their professional certifications.

  • ISC2 Eastern Massachusetts
    Booth: 145

    Advancing Information Security One Community at a Time
    As anyone seriously involved in the information security profession can attest, peer networking is an invaluable resource. ISC2 Eastern Massachusetts Chapter provide members with the opportunity to build a local network of peers to share knowledge, exchange resources, collaborate on projects, and create new ways to earn CPE credits!

  • ISC2 Maine Chapter
    Booth: 145

    The ISC2 Maine Chapter is a professional association authorized by the ISC2 the World’s Leading Cybersecurity Professional Organization created by ISC2 members and information security professionals living and working in Maine.

    The ISC2 Maine Chapter is dedicated to providing education and regular meetings to help information security professionals in Maine. Our chapter benefits from a diverse membership that works in various organizations across important sectors such as healthcare, financial services, national defense, government, service providers, and many more.

  • ISSA New England
    Booth: 139

    The Information Systems Security Association (ISSA) is an international organization providing educational forums, publications, and peer interaction opportunities that enhance the knowledge, skills, and professional growth of its members’ information security professionals. The primary goal of ISSA is to promote management practices that will ensure availability, integrity, and confidentiality of organizational resources.

    Since its inception in 1982, ISSA’s membership has grown to include more than 100 chapters around the world with members who represent a diverse collection of organizations, including major U.S. and international corporations, leading consulting firms, world-class educational institutions, and government agencies. From EDP audit and corporate security to contingency planning and disaster recovery, ISSA members are committed to protecting their organizations’ assets and resources.

    Visit the National Headquarter’s website at www.issa.org.

  • KnowBe4
    Booth: 342

    We are a leader in the Gartner Magic Quadrant and the fastest-growing vendor in this space.

    KnowBe4 is the world’s largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering.

    The KnowBe4 platform is user-friendly and intuitive. It was built to scale for busy IT pros that have 16 other fires to put out. Our goal was to design the most powerful, yet easy-to-use platform available.

    Customers of all sizes can get the KnowBe4 platform deployed into production twice as fast as our competitors. Our Customer Success team gets you going in no time, without the need for consulting hours.

  • Lacework
    Booth: 135

    Lacework automates security across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), providing a comprehensive view of risks across cloud workloads and containers. Lacework’s unified cloud security platform provides unprecedented visibility, automates intrusion detection, delivers one-click investigation, and simplifies cloud compliance.

  • MetricStream
    Booth:

    MetricStream, the independent market leader in enterprise and cloud applications for Governance, Risk, Compliance (GRC) and Quality Management, makes GRC simple.

    MetricStream apps improve business performance by strengthening risk management, corporate governance, regulatory compliance, vendor governance, and quality management for hundreds of thousands of users in dozens of industries, including Financial Services, Healthcare, Life Sciences, Energy and Utilities, Food, Retail, CPG, Government, Hi-Tech and Manufacturing.

    MetricStream is headquartered in San Jose, California, with an operations and R&D center in Bangalore, India, and sales and operations support in 12 other cities globally.

  • Mimecast
    Booth: 360

    Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.

  • Morphisec
    Booth:

    Morphisec is the world leader in providing advanced security solutions for midsize to small enterprises around the globe. We simplify security and can automatically block modern attacks from the endpoint to the cloud. Unlike traditional security solutions relying on human intervention, our solutions deliver operationally simple, proactive prevention. We protect businesses around the globe with limited security resources and training from the most dangerous and sophisticated cyber attacks.

  • Netskope
    Booth:

    The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.

  • New England Cyber Fraud Task Force (NECFTF)
    Booth:

    The NECFTF is composed of officials from state and local law enforcement throughout Massachusetts, New Hampshire, Rhode Island, Vermont and Maine and is charged with preventing, detecting and mitigating complex cyber-crime threatening payment systems and critical infrastructure. The five task force officers represent the Concord Police Department, the Grafton County Sheriff’s Office, the Manchester Police Department and the Nashua Police Department.

  • Okta
    Booth: 343

    Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.

  • Open Systems
    Booth: 333

    The escalated threat level, the cyber talent shortage, and the sheer complexity of deploying and managing a multitude of security solutions, are the perfect storm for security and IT teams. We are deeply passionate about protecting organizations from that storm.

    We provide a set of AI-based, cloud-delivered security solutions that are simple to deploy and manage, and provide the highest level of protection. And Mission Control, our integrated NOC and SOC, is staffed by experts, not only in threat hunting and cyber hygiene, but also in the proper configuration and maintenance of the Microsoft security stack. So we can leverage what you already own.

    The combination is changing the lives of our customers, giving them security traditionally reserved for only the largest organizations. We give them “shelter from the storm”. That is our passion.

  • Orca Security
    Booth:

    We’re on a mission to make it fast, easy, and cost effective for organizations to address the critical security issues in their AWS, Azure, and GCP estates so that they can operate in the cloud with confidence.

  • Qualys, Inc.
    Booth: 106

    Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 120 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

  • Rapid7
    Booth: 222

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • Recorded Future
    Booth: 265

    Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.

  • ReliaQuest
    Booth: 130

    ReliaQuest, the force multiplier of security operations, increases visibility, reduces complexity, and manages risk with its cloud native security operations platform, GreyMatter. ReliaQuest’s GreyMatter is built on an open XDR architecture and delivered as a service anywhere in the world, anytime of the day, by bringing together telemetry from tools and applications across cloud, on-premises and hybrid cloud architectures. Hundreds of Fortune 1000 organizations trust ReliaQuest to operationalize security investments, ensuring teams focus on the right problems while closing visibility and capability gaps to proactively manage risk and accelerate initiatives for the business. ReliaQuest is a private company headquartered in Tampa, Fla., with multiple global locations. For more information, visit www.reliaquest.com.

  • Secureworks
    Booth:

    Dell Secureworks is a global provider of intelligence-driven information security solutions exclusively focused on protecting its clients from cyberattacks. Dell SecureWorks’ solutions enable organizations to fortify their cyber defenses to prevent security breaches, detect malicious activity in real time, prioritize and respond rapidly to security breaches and predict emerging threats.

  • Securonix
    Booth:

    Securonix is redefining threat detection and response for today’s hybrid cloud, data-driven enterprise. Securonix Next-Gen SIEM and XDR are powered by the most advanced analytics and built on a scalable, flexible cloud native architecture. Securonix leverages behavioral analytics technology that pioneered the UEBA category to reduce noise, prioritize high fidelity alerts, and enable fast and precise response to insider and cyber threats.

  • SentinelOne
    Booth:

    SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.

  • Skybox Security
    Booth: 346

    Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.

  • Synopsys
    Booth: 230

    Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

  • Sysdig
    Booth: 347

    The Sysdig Secure DevOps Platform provides security to confidently run containers, Kubernetes and cloud services. Only Sysdig has the deep visibility needed to see all threats, vulnerabilities and suspicious activity. With Sysdig you can secure the build pipeline, detect and respond to runtime threats, continuously validate compliance, and monitor and troubleshoot cloud infrastructure and services.

    Sysdig is a SaaS platform, built on an open source stack that includes Falco and sysdig OSS, the open standards for runtime threat detection and response. Hundreds of organizations rely on Sysdig to secure containers, Kubernetes and cloud services.

  • Team Cymru
    Booth: 232

    Team Cymru’s mission is to save and improve human lives.  We are unrivalled across three disciplines; digital business risk platforms, free to use community services and support services to over 143 Government CSIRT teams.

    Our business risk and threat intelligence platforms empower global organizations with unmatched Threat Reconnaissance and Attack Surface Management capabilities to meet the challenges of today’s cyber threats.

    Community Services equip those who run the internet to defend it from criminals who wish to disrupt and cause harm, and CSIRT enables Governments the tools to outmaneuver nation state threat actors.

    Since 2005, our reputation remains unchallenged.

  • Tessian
    Booth: 102

    Tessian’s mission is to secure the human layer. Using machine learning technology, Tessian automatically stops data breaches and security threats caused by human error – like data exfiltration, accidental data loss, business email compromise and phishing attacks – with minimal disruption to employees’ workflow. As a result, employees are empowered to do their best work, without security getting in their way. Founded in 2013, Tessian is backed by renowned investors like March Capital, Sequoia, Accel, and Balderton and has offices in San Francisco, Boston and London.

  • TechTarget
    Booth: n/a

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tevora
    Booth: 330

    Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats. For more information visit https://www.tevora.com.com/.

  • Thales
    Booth: 142

    As the global leader in cloud and data protection, we help the most trusted brands and largest organizations in the world protect their most sensitive data and software, secure the cloud and achieve compliance through our industry-leading data encryption, access management, and software licensing solutions.

  • ThreatLocker
    Booth: 225

    ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com

  • UpGuard
    Booth: 137

    UpGuard is the best platform for securing your organization’s sensitive data. Our security ratings engine monitors millions of companies and billions of data points every day.

  • Varonis Systems, Inc.
    Booth: 260

    Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • Vectra
    Booth:

    Vectra® is the leader in hybrid cloud threat detection and response. Vectra’s patented Attack Signal Intelligence detects and prioritizes threats across public cloud, SaaS, identity, and networks in a single platform. Vectra’s Attack Signal Intelligence goes beyond simple anomaly detection to analyze and understand attacker behavior. The resulting high-fidelity signal and deep context enables security operations teams to prioritize, investigate and respond to cyber-attacks in progress sooner and faster. Organizations worldwide rely on the Vectra platform and MDR services to stay ahead of modern cyber-attacks. Visit www.vectra.ai.

  • WEI
    Booth: 315

    Why WEI?  We go further.

    At WEI, we’re passionate about solving your technology problems and helping you drive your desired business outcomes. We believe in challenging the status quo and thinking differently.  There are a lot of companies that can take today’s technology and create a great IT solution for you. But we do more. We go further. And we have the customer, vendor and industry awards to prove it.  WEI is a premier technology partner, who always puts our customers first while providing the most innovative solutions for over 29 years.

  • Whalley Computer Associates
    Booth: 335

    Whalley Computer Associates, Inc. (WCA) employs some of the region’s best engineers and is equipped to accommodate all computer and communication needs for businesses of all sizes in every industry. As an aggressive entrepreneurial business, we’re capable of responding to your needs with a level of flexibility and speed that other organizations can only dream of.

    While we’ve grown tremendously since 1979, we remain a friendly, flexible, family-owned business that prioritizes the needs of our customers. As we’ve evolved, we’ve expanded our reach to service customers throughout the nation. To provide each customer with superior service, we now employ over 140 computer professionals and 10,000 affiliated technicians and engineers. In response to making these advancements, VarBusiness magazine ranked WCA as being a high-level engineering firm in the largest 1% of all Solution Providers in North America.

  • WhiteSource
    Booth: 325

    WhiteSource is the pioneer of open source security and license compliance management. Founded in 2011, its vision is to empower businesses to develop better software by harnessing the power of open source. WhiteSource is used by more than 800 customers worldwide, from all verticals and sizes, including 23% of Fortune 100 companies, as well as industry leaders such as Microsoft, IBM, Comcast, and many more. For more information, please visit www.WhiteSourceSoftware.com.

  • Wiz
    Booth: 329

    We’re on a mission to help organizations effectively reduce risks in their Cloud environments. Purpose-built for the unique complexities of multi-environment, multi-workload, and multi-project cloud estates, Wiz automatically correlates the critical risk factors to deliver actionable insights  that don’t waste time.

    Wiz connects in minutes using a 100% API-based approach that scans both platform configurations and inside every workload. Our full security stack context surfaces the toxic combinations that show the attackers’ view to a breach. Security and DevOps teams use Wiz workflows to proactively remove risks and prevent them from becoming breaches. For more information, visit www.wiz.io.

  • WiCyS New England Affiliate
    Booth:
Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    David Dumas
    Sr. Principal, Security Risk Management, Verizon

    David Dumas, CISSP, CISM, ISSA Distinguished Fellow, is a Senior Principal in Security Risk Management for Verizon's Wireline Security Operations group. He has 32 years in the security field, working at Digital Equipment and Verizon. He has been on the ISSA New England Chapter Board since 1998.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

  • speaker photo
    Stephen Dougherty
    Financial Fraud Investigator, Global Investigative Operations Center, U.S. Secret Service

    Stephen Dougherty has over a decade of investigative experience. His career as a Financial Fraud Investigator in support of the federal government has played a pivotal role in criminal investigations, surrounding cyber-enabled financial crime, money laundering, human trafficking, identity theft, healthcare fraud, embezzlement, tax/government program fraud, dark web crimes, among others. Stephen’s main area of expertise is combatting money laundering in all its forms. Aside from this, Stephen has been proactive in identifying new and future trends in the world of financial crime. Such trends include the cyber security nexus of financial crimes and its ever-growing relationship in major financial crimes such as Business Email Compromise and the rise of the dark web and the use of virtual currency as a vehicle for facilitation of financial crimes. Stephen has been a leader and a mentor to other investigators teaching them how to uncover fraud internally and externally. Stephen is currently an investigator contracted to the U.S. Secret Service’s Global Investigative Operations Center (GIOC) in Washington D.C.

  • speaker photo
    Casey McGee
    Assistant to the Special Agent in Charge, New York Field Office, U.S. Secret Service

    Casey McGee is an Assistant to the Special Agent in Charge in the New York Field Office of the U.S. Secret Service. He leads efforts to increase public and private partnership in the investigation of complex transnational criminal investigations involving the use of digital assets. In an executive developmental role, ATSAIC McGee served as the Advisor to the Vice President of Global Intelligence at Coinbase where he identified opportunities for joint USSS/Coinbase initiatives and partnered with various leaders across both organizations to implement cross functional programs. He holds a Juris Doctor from Vermont Law School and a Bachelor of Science from the University of Notre Dame.

  • speaker photo
    Jeffrey Morissette
    Technical Staff Assistant (Special Agent), Boston Field Office, United States Secret Service

    Prior Federal Employment
    United States Border Patrol (USBP) – Casa Granda Station, AZ
    Employed as an agent of the U.S. Border Patrol, July 1997 – January 2000
    Training: US Border Patrol Academy (6 months), Charlestown, SC

    Current Federal Employment
    United States Secret Service (USSS) – Boston Field Office
    Employed as an agent of the U.S. Secret Service since January 2000

    Duties of USSS Special Agent include:
    o Protection of the President of the United States, the Vice President, Former Presidents and their families, and others authorized by statute.
    o To detect and arrest any person violating Federal laws relating to financial obligations and securities of the United States and foreign governments.
    o In the performance of these duties, to arrest any person committing any offense against the United States.

    Duty Assignments:
    U.S. Secret Service – Boston Field Office (1/2020-present)
    • Technical Staff Assistant
    - Manage the Tier 1 New England Digital Forensics Lab
    - Manage Network Intrusion Responses to include Ransomware Attacks on systems
    U.S. Secret Service – Providence Resident Office (12/2016-1/2020)
    U.S. Secret Service – Boston Field Office (12/2012-12/2016)
    U.S. Secret Service – Presidential Protective Division (3/2009-12/2012)
    U.S. Secret Service – Special Operations Division – Counter Assault Team (1/2006-3/2009)
    U.S. Secret Service – Washington Field Office (5/2002-1/2006)
    U.S. Secret Service – Phoenix Field Office (1/2000-5/2002)

  • speaker photo
    Brian Haugli, Moderator
    Managing Partner, SideChannel
  • speaker photo
    Richard Berthao
    Director, Cybersecurity Architecture, Draper Labs; Colonel, U.S. Army Reserve; President, New England Chapter, MCPA

    Richard Berthao is the Director of Cybersecurity Architecture for Draper Laboratory. He previously served more than 20 years in the federal government. This service began with over 19 years as an IT Director in the Massachusetts National Guard, Department of Defense (DoD). He continued as a Cybersecurity Advisor for Connecticut & Massachusetts, within the Cybersecurity & Infrastructure Security Agency (CISA) of the Department of Homeland Security (DHS). Additionally, he is an adjunct faculty member at Nichols College in Massachusetts, teaching graduate courses on cybersecurity governance, policy, and fundamentals. He also continues his more than 34 years of military service in the US Army Reserve as a Cyberspace Operations Officer. Along with his work experience, he serves in a volunteer role as the New England Chapter President of the Military Cyber Professional Association.

  • speaker photo
    Sandy Bacik
    Director, Audit and Compliance, CipherTechs, Inc.

    Sandy Bacik, CISSP, ISSMP, CGEIT, CISA, CDPSE, PCI QSA, is CipherTechs’ Director Audit & Compliance, has over 20 years’ direct information security and operational experience in the areas of IT Audit and Compliance, BCP/DR, Incident Response, Physical security, Privacy, Regulatory Compliance and Audit, Policies/Procedures, Operations, and Management and is a former CISO. With an additional 15 years in Information Technology Operations. Ms. Bacik has been heavily involved with local, national, and international security industry events. Ms. Bacik is the author of Building an Effective Security Policy Architecture and a contributing author to the past years of Information Security Management Handbook.

  • speaker photo
    Sam Curry
    VP & CISO, Zscaler

    Sam Curry has over 25 years of IT security industry experience. Curry served as CTO and CSO at Arbor Networks, where he was responsible for the development and implementation of Arbor’s technology, security, and innovation roadmap. Previously, he spent more than seven years at RSA (the Security Division of EMC) in a variety of senior management positions, including CSO and Chief Technology in addition to SVP of Product Management and Product Marketing, including RSA Labs. Curry has also held senior roles at Microstrategy, CA, and McAfee.

  • speaker photo
    Roger Grimes
    Data-Driven Defense Evangelist, KnowBe4

    Roger Grimes is a 30-year computer security consultant, instructor, holder of dozens of computer certifications and an award-winning author of 10 books and over 1,000 magazine articles on computer security. He has worked at some of the world’s largest computer security companies, including Foundstone, McAfee and Microsoft. Grimes holds a bachelor’s degree from Old Dominion University. He has been the weekly security columnist for InfoWorld and CSO magazines since 2005.

  • speaker photo
    Bill Bowman
    CISO & Data Privacy Officer, Emburse

    Bill Bowman has been the first CISO at five different organizations over the last 20 years. He has been in Educational Technology, Financial Technology, and B2B Growth companies. He was the founding President for the (ISC)2 Eastern Massachusetts organization 10 years ago. Bill lives in Framingham with his wife and five children.

    As CISO, Mr. Bowman is responsible for managing the global responsibilities associated with Information Security, Physical Security, Privacy, Disaster Recovery, Business Continuity, Incident Response, and Insurance. Mr. Bowman has successfully implemented PCI-DSS, SOC 1, SOC 2, ISO 27001, ISO 27701, ISO 27017, and ISO 27018. Specialties: Executive Core Qualifications: Leading Change, Leading People, Results Driven (Metrics), Risk based decision making, Business/Industry Acumen, Building Coalitions. Management development, Talent development Technical Qualifications: Information Security, IT & business risk, IT governance & compliance (SOX 404), Regulatory compliance (GDPR), DR/BC, Mobility, Networking, Cloud security, Cloud privacy, Application vulnerability management, and other technical and non-technical related items.

  • speaker photo
    David Barker
    Director of Application Security, GoodLeap LLC

    David Barker is Director of Application Security for GoodLeap LLC, a Fintech company providing a point-of-sale platform for sustainable home solutions. GoodLeap marks David’s fourth creation of a Code-to-Cloud Application Security program. His pedigree includes companies like Dell EMC, Stanley Black & Decker, and PTC. David has both an MBA and an MS in IT and wields his combination of business and technical acumen with repeated success.

  • speaker photo
    Kwan Lin
    Principal Data Scientist, Rapid7

    Kwan is the Principal Data Scientist on the Rapid7 Labs Research and Advocacy team. He routinely monitors and analyzes large-scale honeypot and Internet-scan data using statistical and machine learning methods. Recently, Kwan helped Rapid7 launch Project Doppler, a platform tool that enables customers to assess their public internet exposure. Kwan is a former Certified Public Accountant and holds degrees in International Security and Economics from the Fletcher School of Law and Diplomacy and Brown University.

  • speaker photo
    George J. Smith
    Sr. Security Consultant, Gigamon

    George has 35 years of industry experience planning, designing, installing, and analyzing LAN, WAN infrastructures, peripherals, and tools for wired and wireless infrastructures. An enthusiast for technology and customers alike, he keeps his skills sharp by looking around corners to see what technology and business challenges are coming down the road. Additionally, Smith has contributed to hardware and software R&D for high-technology companies, including General Electric, 3Com (acquired by HP), and Wang Labs.

    From an early stage, he was fortunate enough to be actively involved in the birth of IP/Ethernet-based networking, evolving WAN technologies, distributed communications, and hardware applications when groundbreaking efforts in computer communications were taking place. Smith was honored to be part of a team that ushered in the age of digital sports broadcasting and utility development.

    Smith is part of Covington's "Who's Who of Networking Professionals," Professional of the Year, and a VIP Member in good standing. Driven to stay ahead of change, Smith continually reinvents himself to keep pace with technology's fast-paced evolution. He has a passion for developing his ability to understand and explain complicated techniques and bringing out the business implications. He thrives on creating the ideal business solutions for his customers and enjoys the human side of networking by fostering long-term relationships. His vision and passion for technology and the solutions it provides enhance his abilities in the workforce.

    In his free time, George enjoys spending time with his family, flying aircraft, being in stage musicals and plays, and giving back to the community through volunteer efforts.

  • speaker photo
    Danny Jenkins
    CEO & Co-Founder, ThreatLocker

    Danny Jenkins is the CEO and Co-Founder of ThreatLocker, a cybersecurity firm providing Zero Trust endpoint security. Danny is a leading expert in cybersecurity with over two decades of experience in building and securing corporate networks, including many roles on red teams and blue teams. He is dedicated to educating industry professionals about the latest cyber threats and frequently speaks on the topics of ransomware and Zero Trust. Before ThreatLocker, Danny co-founded MXSweep, a global provider of email and internet security SaaS applications that sold exclusively through the channel. Danny was also the CEO at Sirrustec, specializing in whitelabeled channel delivered email security.

  • speaker photo
    George J. Smith
    Sr. Security Consultant, Gigamon

    George has 35 years of industry experience planning, designing, installing, and analyzing LAN, WAN infrastructures, peripherals, and tools for wired and wireless infrastructures. An enthusiast for technology and customers alike, he keeps his skills sharp by looking around corners to see what technology and business challenges are coming down the road. Additionally, Smith has contributed to hardware and software R&D for high-technology companies, including General Electric, 3Com (acquired by HP), and Wang Labs.

    From an early stage, he was fortunate enough to be actively involved in the birth of IP/Ethernet-based networking, evolving WAN technologies, distributed communications, and hardware applications when groundbreaking efforts in computer communications were taking place. Smith was honored to be part of a team that ushered in the age of digital sports broadcasting and utility development.

    Smith is part of Covington's "Who's Who of Networking Professionals," Professional of the Year, and a VIP Member in good standing. Driven to stay ahead of change, Smith continually reinvents himself to keep pace with technology's fast-paced evolution. He has a passion for developing his ability to understand and explain complicated techniques and bringing out the business implications. He thrives on creating the ideal business solutions for his customers and enjoys the human side of networking by fostering long-term relationships. His vision and passion for technology and the solutions it provides enhance his abilities in the workforce.

    In his free time, George enjoys spending time with his family, flying aircraft, being in stage musicals and plays, and giving back to the community through volunteer efforts.

  • speaker photo
    Bob Adams
    Security Strategist, Mimecast

    Bob Adams is a Cyber Security Strategist at Mimecast. Originally joining Mimecast nearly 7 years ago as a Sales Engineer, Bob was recruited to Product Management after developing various unique ways of investigating cyber-attacks and highlighting Mimecast’s services. Bob now continues to use his time to help educate companies on protecting themselves against advances cyber threats.

  • speaker photo
    Keith Daly
    Senior Principal Engineer, ForgeRock

    Keith Daly is currently a Senior Principal Sales Engineer for ForgeRock.

    Over the past 20 years, Keith has been on all sides of the Identity Management space in numerous industries, with roles ranging from systems architect within leading corporations, to developer and team lead at systems integrators, to technical sales and engineering roles at solution vendors.

    While having worked in the cyber security field for most of his career, Keith is passionate about enabling normal, non-IT-specialized people to safely and simply manage their online resources and identities. Since front-end simplicity is often accomplished through back-end system complexity, his enduring professional goal is to help customers deliver innovative and effective solutions for their identity challenges.

  • speaker photo
    Joseph Crehan
    Sr. Systems Engineer, Abnormal Security
  • speaker photo
    Stephen Clark
    Director of Cloud Security Sales, Fortinet

    Stephen Clark has over 25 years experience in the information security space having spent time at Check Point, Cisco, and Palo Alto Networks. Stephen also spent time working in the security consulting field working primarily with the Fortune 1000.

    He is presently the Director of Cloud Security Sales for Fortinet. Today he helps manage and set the direction for cloud security within the Fortinet Sales team. The product portfolio includes Next Generation Firewalls, Web Applications Firewalls, CASB and Containers.

  • speaker photo
    Thomas Hart
    CISO, Cyber Guide LLC

    Thomas F Hart - Tom has been in the IT field since 1978(EDP), starting as a programmer trainee (Assembler and COBOL). First computer worked on was an IBM360 system (PCs were a long way off). He has been a Programmer, Systems Analyst, Operating Systems Programmer, Network Systems Programmer, DR / BCS Specialist, IT Auditor, GRC, Sr. Security Analyst, Contractor/Consultant, Security Conference Panelist- Moderator-Organizer-Speaker. Tom has been involved in the InfoSec community via ISC2, ISACA, SANS, HOPE, BSides, Secure World and others. He has worked in the Banking, Defense, Utilities, Gov. and Health Care industries in his career. Most recently he has founded Cyber Guide LLC consulting firm.

  • speaker photo
    Chris Griffith
    VP of Product, Balbix

    Chris Griffith leads product management for Balbix. Chris brings over 15 years as a product, business development and strategy leader in security and technology. Prior to Balbix, Chris led tech alliances for Hewlett Packard Enterprise’s (HPE) security portfolio. Chris also ran product management for HPE’s Data Security business and drove strategic acquisitions in corporate development. Chris holds an MS from Stanford and a BS from Princeton, both in Mechanical Engineering, and an MBA from UCLA Anderson.

  • speaker photo
    Mike DeNapoli
    Sr. Solution Architect, Cymulate

    Mike DeNapoli has spent over two decades working with companies from mom and pop shops to Fortune 100 organizations;advising on issues from Business Continuity Planning, to Cloud Transformation, to Real-World Cybersecurity. He is currently a Senior Solution Architect with Cymulate Breach and Attack Simulation;helping customers and partners know that their security controls are defending the organization, without speculation.

  • speaker photo
    Ashley Bull
    Solutions Engineer, Tessian

    Ashley is a Solutions Engineer at Tessian, providing customers with solutions to address their email security objectives. She is responsible for leading technical product demonstrations and evaluations, and is an expert in email security, endpoint security, insider threats, and behavior analytics and Human Layer Security. Prior to joining Tessian, Ashley worked at VMware Carbon Black.

  • speaker photo
    Jamie Zajac
    Vice President, Product, Recorded Future

    Jamie Zajac has over 10 years of experience in security and data protection roles and is currently the Vice President of Product Management for Recorded Future, an advanced security intelligence company. Jamie holds a B.S. in Meteorology and Computer Science from Embry-Riddle Aeronautical University and a MBA from UMass.

  • speaker photo
    Katherine Chipdey
    Director, Solutions Engineering and Alliances, Automox

    Katherine Chipdey has spent her career in Cybersecurity, consulting on how to simplify our understanding of the threat landscape and building programs for thousands of customers around EDR, SOAR, and MDR. At Automox, she helped build out the Solutions Engineer Team, where she focused on automating IT operations, reducing risk, and bridging that gap between security and IT for prospects and customers alike. Katherine now manages the technical channel relationships, enabling other IT and Security experts on how to use Automox in order to help their customers meet business needs and critical security goals like never before. Katherine has most enjoyed the opportunity to use her background and experiences in the the field to meet security/ IT teams, and enable them to be as successful as possible with their initiatives - where a relationship can be made, she will try, as those meaningful interactions and the growth, learning, and connection they bring are invaluable to her. Outside of work, she could spend forever talking about her travels, archery, and pups.

  • speaker photo
    Moderator: Peter Kurek
    Cybersecurity Threat Hunter and Incident Responder, Eversource Energy
  • speaker photo
    Brian Black
    Director of Sales Engineering, Deep Instinct

    Brian is a Philadelphia based Distinguished Sales Engineer with 20+ years of experience in Cybersecurity and Intelligence. Brian leads Deep Instinct’s security engineering team, overseeing North and South American territories. He is a thought leader and technology evangelist with a wealth of knowledge on AI, Deep Learning, and Machine Learning. In his off time he can often be found on the lecture circuit giving talks around online security and state sponsored threat actors, when he’s not fishing or competing in online CTF hacking competitions.

  • speaker photo
    Lisa Plaggemier
    Executive Director, National Cybersecurity Alliance

    Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.

  • speaker photo
    Alexandra Panaretos
    Americas Lead for Human Cyber Risk and Education, EY

    With a background in broadcasting and operational security, Alex specializes in secure communications and education, awareness program development, the psychology of social engineering, human-based risk mitigation, and behavior analytics. She has over 12 years of experience developing and implementing security awareness, communication, and education strategies in Fortune 50/100 companies and other global enterprises. Alex is OPSEC Manager II Certified by the U.S. Army and the Joint Information Operations Warfare Center (JIOWC). She volunteers with local law enforcement agencies educating parents, community groups, and youth organizations on information security and social media safety in her free time.

  • speaker photo
    Ryan McGill
    Senior Solution Stragegist, ConnectWise
  • speaker photo
    Esmond Kane
    CISO, Steward Health Care

    Esmond Kane brings more than two decades of expertise as a distinguished leader in information security, safeguarding vital sectors. With a rich leadership background at prestigious institutions like Harvard University, Mass General Brigham, and Steward Health Care, he also serves on the advisory boards of multiple companies, providing valuable insights on cyber matters. Kane excels as a trusted consultant to top executives and founders, ensuring secure IT operations, regulatory compliance, and resilient design. His stellar track record is a testament to his recognized authority in the field.

  • speaker photo
    Selva Vinothe Mahimaidas
    CISO, Houghton Mifflin Harcourt

    Selva Vinothe Mahimaidas is an Information Security Leader with more than 20 years of experience in all phases of information security. Selva currently serves as Chief Information Security Officer (CISO) at Houghton Mifflin Harcourt, an American publisher of textbooks, instructional technology materials, assessments, reference works, and fiction and non-fiction reaching both young readers and adults in over 150 countries worldwide.

  • speaker photo
    Eric Gauthier
    VP, Infrastructure & Security, Emsi Burning Glass

    Eric Gauthier, CISSP, is a technology leader with 20 years’ experience working at the intersection of Information Security, IT, and DevOps. Eric is both a technical architecture and security leader having held positions in various settings including the corporate, academic, and service provider spaces building security programs, leading security and privacy compliance programs, and securing cloud-native and cloud-focused organizations especially those with SaaS and eCommerce product portfolios. Eric is currently the VP for Infrastructure and Security at Emsi Burning Glass, the leader in labor market insights. He is also a principal consultant for Side Channel Security and a member of the Cloud Security Alliance’s DevSecOps working group. His current focus is driving the adoption of DevSecOps - the integration of security into traditional IT, Development and Operations teams - for SaaS, eCommerce, and other technology focused organizations.

  • speaker photo
    Andrew Smeaton
    CISO, Afiniti

    Andrew holds over 22 years of experience in the banking, financial services, and healthcare industries. He is experienced in all facets of IT/IS Security & Risk Management including acquisitions and disaffiliations, and has a track record of developing and implementing security strategies from inception through execution. In addition to his corporate experience, Andrew has also served on the executive boards for international conferences and advised government agencies on information security subjects. Andrew’s regulatory compliance experience includes FSA, PRA, FDIC, ISO 27K, COBIT, HIPAA, PCI-DSS, GLBA, Mass 201 CMR 17.00, SOX 404.SAMA, and NYDFS.

  • speaker photo
    James Cusson
    Secretariat Security Liason, Massachusetts Executive Office of Health and Human Services
  • speaker photo
    Happy Hour
  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

  • speaker photo
    Moderator: Susan St. Clair
    Director, WhiteSource
  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

  • speaker photo
    Greg McCarthy
    CISO, City of Boston

    Greg McCarthy is the first Chief Information Security Officer for the City of Boston and career public servant. Since joining the City of Boston’s Cybersecurity Team in 2010, Greg has managed the implementation of numerous information security solutions, developed the City's first cybersecurity awareness program for employees and successfully enforced the use of multi-factor authentication for all employees. In his role, Greg continues to lead efforts to strengthen the cybersecurity capabilities across the City and further the team’s mission through modernizing technology, partnerships, and regular training. Greg is a cybersecurity leader and change agent who is focused on strengthening cybersecurity for the City of Boston and all municipal governments through partnership and collaboration.

  • speaker photo
    Kevin Burns
    CISO, Draper
  • speaker photo
    Monsurat Ottun
    Cybersecurity Advisor (CSA), Integrated Operations Division | Region 1, CISA
  • speaker photo
    Scott Margolis
    CISO, Massachusetts Bay Transportation Authority (MBTA)

    Senior Information Technology/Security Executive with over 25 years of experience at premier institutions successfully building services and client relationships, developing methodologies, and integrating cross-functional skills. Specializes in information security and risk management, compliance, knowledge management, strategy, business continuity, and operational efficiency. Reputation for leading new initiatives focused on transforming operations, establishing partner/industry relationships, increasing revenue, and reducing cost and risk exposure. Proactive leader with intense focus on customers and beneficial outcomes.

  • speaker photo
    Esmond Kane
    CISO, Steward Health Care

    Esmond Kane brings more than two decades of expertise as a distinguished leader in information security, safeguarding vital sectors. With a rich leadership background at prestigious institutions like Harvard University, Mass General Brigham, and Steward Health Care, he also serves on the advisory boards of multiple companies, providing valuable insights on cyber matters. Kane excels as a trusted consultant to top executives and founders, ensuring secure IT operations, regulatory compliance, and resilient design. His stellar track record is a testament to his recognized authority in the field.

  • speaker photo
    Stephen Frethem
    Senior Director of Sales Enablement, Varonis

    Stephen has worked in the IT Industry since 2000 and in the security industry for the previous eight. Based out of the Twin Cities, Stephen has spent time at some of the largest organizations including Target, US Bank, Honeywell, and United Health Group. In his current role at Varonis, Stephen works with organizations around the US helping organizations protect their data from insider threats and cyberattacks.

  • speaker photo
    David Monnier
    Chief Evangelist, Team Cymru

    David has been with Team Cymru since 2007. Prior, he served in the U.S. Marine Corps as a Non-Commissioned Officer. He then worked at Indiana University where he helped to build some of the most powerful computational systems of their day. He transitioned to cybersecurity and helped launch the Research and Education Networking ISAC. At Team Cymru, he has been an engineering leader, a Community Services team member, and a security analyst. David led efforts to secure the firm's intelligence infrastructure and established processes the firm relies on today. Currently, David assists CSIRT teams worldwide and fosters data sharing partnerships.

  • speaker photo
    Rich Schofield
    Principal Security Architect, Sysdig

    Rich Schofield is a Principal Security Architect at Sysdig. Based in Boston. Rich has over 25 years experience in DevOps and Security at companies large and small, including HPE, Opsware and BBN. Over the past 4 years at Sysdig he has focused on security and visibility for Cloud and Kubernetes environments.

  • speaker photo
    Jon Fredrickson
    VP, CISO, Surgery Partners, Inc.

    Jon Fredrickson is Vice President & Chief Information Security Officer for Surgery Partners. Prior to Surgery Partners, Jon has held various leadership & CISO positions across healthcare in both the provider and payor markets. Jon has developed a pragmatic approach to implementing cyber security solutions and assisting his organizations in properly measuring and managing cyber risk. He graduated from the University of Rhode Island with a B. A. in Economics. Jon is a member of the Association for Executives in Healthcare Information Security, the Healthcare Sector Coordinating Council (HSCC) and is a Certified Information Security Manager.

  • speaker photo
    Toby Zimmerer
    Sr. Demand and Delivery Director, Data Protection

    Toby Zimmerer is a Senior Demand and Delivery Director in Optiv’s Data Governance, Privacy, and Protection practice, where he assists organizations with building programs and implementing solutions focused on protecting high value information and assets. He has more than 24 years of professional experience developing information security strategies, designing information security programs, developing information security solutions and leading teams with deploying and operating information security programs. Toby has an MBA, a BS in electrical engineering, a CISSP certification, a CCSK from the Cloud Security Alliance, and is a US Navy veteran.

  • speaker photo
    Peter Chestna
    CISO of North America, Checkmarx

    Pete Chestna serves as the CISO of North America at Checkmarx, where he provides customers and prospects with practical advice for building successful application security programs. Bringing more than 15 years of direct AppSec practitioner experience, Pete has held roles ranging from developer and development leader to his most recent position as the Global Head of AppSec for the Bank of Montreal.

    Over the years, Pete has led organizational transformations from Waterfall to Agile to DevOps and from monolith to microservice architectures. He is certified as both a scrum master and product owner. Stemming from his experience as both an avid practitioner and consultant, Pete has spoken internationally at numerous prominent security and developer conferences including DevOpsDays, All Day DevOps, OWASP AppSec, and DevSecCon.

    Pete has been granted three patents. He enjoys whiskey tourism, astronomy model rocketry, and listening to Rush in his spare time.

  • speaker photo
    Trevor Welsh
    Global Security Strategist, Google Cloud Security

    Trevor is a Global Security Strategist with Google Cloud Security. Trevor leverages extensive experience in public sector, financials, retail / logistics, manufacturing, healthcare, and high tech to solve complex security analytics challenges. A former leader with Anomali, and companies like Splunk, ArcSight, and Fortinet, Trevor brings insight, coaching, and a knack for building bridges. Trevor’s security passions include the SOC-Cloud gap, the efficacy of threat intelligence, Hybrid cloud security automation, data visualization, the blending of ITOps and IT Security, petascale analytics, and threat detection.

  • speaker photo
    Professor Kevin R. Powers, J.D.
    Founder and Director, Master of Science in Cybersecurity Policy & Governance Program, Boston College

    Kevin is the founder and director of the Master of Science in Cybersecurity Policy and Governance Program at Boston College, and an Assistant Professor of the Practice at Boston College Law School and in Boston College’s Carroll School of Management’s Business Law and Society Department. Along with his teaching at Boston College, Kevin is a Cybersecurity Research Affiliate at the MIT Sloan School of Management, and he has taught courses at the U.S. Naval Academy, where he was also the Deputy General Counsel to the Superintendent.

    With over 20 years of combined cybersecurity, data privacy, business, law enforcement, military, national security, higher education, and teaching experience, he has worked as an analyst and an attorney for the U.S. Department of Justice, U.S. Navy, U.S. Department of Defense, law firms in Boston and Washington, D.C., and as the general counsel for an international software company based in Seattle, Washington. Kevin also is an expert witness and consultant with the Analysis Group and serves as a Director for the Board of Reading Cooperative Bank, a Trustee for the Board of Boston College High School, an Advisory Board Member for HYCU, Inc. and CyberSaint Security, and as a Member of the Boston College Law School Business Advisory Council. From 2016-2017, he was the Panel Lead for the Collegiate Working Group for the U.S. Department of Homeland Security's National Initiative for Cybersecurity Education (NICE). Kevin regularly provides expert commentary regarding cybersecurity and national security concerns for varying local, national, and international media outlets.

  • speaker photo
    Simon Taylor
    CEO & Founder, HYCU, Inc.

    Simon Taylor is the CEO of HYCU where he creates and executes on the vision and strategy for one of the world's leading multi-cloud backup and recovery SaaS businesses. Prior to HYCU, Simon held senior executive positions at Comtrade Software including President and CEO as well as Chief Strategy Officer of The Comtrade Group where he evaluated technology development, partner relationships and strategic investments for the $400M+ Comtrade Group. Simon sits on the board of directors of College Bound Dorchester and is an active member of YPO (Young Presidents Organization) in Boston. A Boston Business Journal 40 Under 40 Award winner, Simon holds an MBA from Instituto de Empresa (Madrid) and an BSc Operations Technology from Northeastern University.

  • speaker photo
    Jarret Wright
    Director of Cybersecurity, Massachusetts Port Authority

    Prior to his role as Director of Cybersecurity at MassPort, Jarret has served as Deputy Director of Corporate Security for over 2 years where he focused on maintaining a
    safe and secure environment at all Massport facilities while working with departments, law enforcement partners, and stakeholders to strengthen our capabilities to prevent and respond to different threats and emergencies. Before joining MassPort, Jarret was a Senior terrorism official at the National Counterterrorism Center (NCTC), DHS Protective Security Advisor for New England, and a U.S. Navy Intelligence Officer. He is a graduate of Boston College and holds a Masters in Cybersecurity Policy & Governance from Boston College.

  • speaker photo
    Dr. Caroline McGroary, PhD, FCA
    Fulbright Scholar, Boston College Cybersecurity Graduate Programs

    Dr. Caroline McGroary is a Chartered Accountant and an Assistant Professor of Accounting at Dublin City University (DCU), Ireland. She has a Ph.D. in Professional Accounting Education and was recently awarded a Fulbright Scholarship by the Fulbright Commission of Ireland. Caroline will spend the coming year at Boston College as a Fulbright Scholar working alongside leading experts on the MS in Cybersecurity Policy & Governance Program. Her research will be focused on the role of the accountant in the area of cybersecurity, as well as the extent to which organizations and individuals understand the cyber risks to which they are exposed and whether they are adequately protected against them.

  • speaker photo
    Terry Olaes, Moderator
    Director, North America Systems Engineering, Skybox Security

    Terry Olaes is director of North America systems engineering at Skybox Security. With more than 20 years of experience in IT, his expertise includes IT/OT convergence, audit and compliance, data breaches, and incident management. Working on the ground floor at a manufacturing plant, serving as a systems engineer, and managing large security teams have provided Terry with a unique perspective on fortifying IT/OT security posture. Terry specializes in helping organizations devise the right cybersecurity strategies to help manage vulnerabilities and mitigate risks across IT, OT, and hybrid cloud environments. Previously, he has served in security management roles at Neiman Marcus and IBM. Terry has a BA in Business Administration and Management from the University of Phoenix.

  • speaker photo
    Danny Jenkins
    CEO & Co-Founder, ThreatLocker

    Danny Jenkins is the CEO and Co-Founder of ThreatLocker, a cybersecurity firm providing Zero Trust endpoint security. Danny is a leading expert in cybersecurity with over two decades of experience in building and securing corporate networks, including many roles on red teams and blue teams. He is dedicated to educating industry professionals about the latest cyber threats and frequently speaks on the topics of ransomware and Zero Trust. Before ThreatLocker, Danny co-founded MXSweep, a global provider of email and internet security SaaS applications that sold exclusively through the channel. Danny was also the CEO at Sirrustec, specializing in whitelabeled channel delivered email security.

  • speaker photo
    Lokesh Aggarwal
    CEO & President, Apexa IQ

    Lokesh Aggarwal has over 20+ years of hands-on experience in developing technology plans, prioritizing IT initiatives and coordinating the evaluation, deployment, and management of current and future technologies. He has a track record of guiding large scale transformations and projects through the development of IT capability roadmaps, deployment of disruptive technology and a partnership with cross-functional business leaders. He has a master's degree as Executive MBA and is BS in Computer Science and Technology. Currently he acts as multiple technology company's board of advisors and is a regular speaker on multiple global conferences.

  • speaker photo
    Michael Meltz
    Senior Sales Engineer, Open Systems

    Mike Meltz has worked in the IT Security and infrastructure space for over 25 years and he specializes in the design and implementation of enterprise-level Cybersecurity technologies and business process improvements. His goal is to remain focused on creating a secure and quality-driven user experience while helping the organization grow and thrive. In his current role, Mike continues to help our clients manage and secure their organizations by designing SASE and MDR systems that meet the complex challenges of today's enterprise organizations.

    Before joining Open Systems as a Senior Sales Engineer, Mike held various technology and strategy leadership roles at companies throughout the United States managing enterprise Infrastructure and Security teams as well as multiple roles as the designated CISO.

  • speaker photo
    Stan Fromhold
    Senior Security Solutions Architect, Securonix
  • speaker photo
    Roy Wattanasin
    Healthcare Information Security Officer, Healthcare Organization

    Roy Wattanasin is a healthcare information security professional. He is an avid speaker providing thought leadership at many conferences and webinars. Roy enjoys incident response and building security programs. He is involved with many computer security groups including the Boston Application Security Conference (BASC), OWASP Boston and other local associations. Roy is a member of multiple advisory groups, including SecureWorld Boston. He was previously an adjunct instructor at Brandeis University as part of the Health and Medical Informatics program. He is the co-founder of the decade-old program.

  • speaker photo
    Tim Mackey
    Principal Security Strategist, Synopsys

    Tim Mackey is a principal security strategist within the Synopsys CyRC (Cybersecurity Research Center). He joined Synopsys as part of the Black Duck Software acquisition where he worked to bring integrated security scanning technology to Red Hat OpenShift and the Kubernetes container orchestration platforms. As a security strategist, Tim applies his skills in distributed systems engineering, mission critical engineering, performance monitoring, large-scale data center operations, and global data privacy regulations to customer problems. He takes the lessons learned from those activities and delivers talks globally at well-known events such as RSA, Black Hat, Open Source Summit, KubeCon, OSCON, DevSecCon, DevOpsCon, Red Hat Summit, and Interop. Tim is also an O'Reilly Media published author and has been covered in publications around the globe including USA Today, Fortune, NBC News, CNN, Forbes, Dark Reading, TEISS, InfoSecurity Magazine, and The Straits Times. Follow Tim at @TimInTech on Twitter and at mackeytim on LinkedIn.

  • speaker photo
    Jared Ablon
    President & Co-Founder, HackEDU

    Jared Ablon is the President and co-founder of HackEDU. His experience includes serving as a CISO, leading cybersecurity teams at the Department of Defense, and founding two companies. Jared has a CISSP, MBA and an MS in Applied and Computational Mathematics focusing on computer/cyber security, and was named CISO of the Year by the Los Angeles Business Journal.

  • speaker photo
    Nick Rago
    Principal Security Engineer, Salt Security

    Nick is a startup veteran and Internet technology entrepreneur with over 25 years of application development, testing, and cyber security experience. He is recognized as an industry expert in API development, API management, and API security. At Salt, Nick is helping guide and positively influence how organizations protect themselves from today’s emerging API security threats. Prior to joining Salt, Nick was an early contributor to the success of Kong, the world’s most widely used API Management platform. During his years of service at Kong, before leaving as one of its most tenured members of staff, Nick architected and implemented some of the largest and most mission critical API Management and digital transformation projects (Monolith to Microservice) in North America. Prior to Kong, Nick worked early on in various roles for security companies such as MobileIron (Mobile Device, Data, and Application Security - IPO 2014) and Vontu (Data Loss Prevention - acquired by Symantec) and previously founded his own Internet software development company. Nick holds degrees in Mathematics and Computer Science. When not knee deep in API's, code, microservices, containers, and other tech, you can find him up to his knees in snow, skiing throughout Maine, New Hampshire, and Vermont. Nick and his family reside in the Boston / New England area.

  • speaker photo
    Peter Chestna
    CISO of North America, Checkmarx

    Pete Chestna serves as the CISO of North America at Checkmarx, where he provides customers and prospects with practical advice for building successful application security programs. Bringing more than 15 years of direct AppSec practitioner experience, Pete has held roles ranging from developer and development leader to his most recent position as the Global Head of AppSec for the Bank of Montreal.

    Over the years, Pete has led organizational transformations from Waterfall to Agile to DevOps and from monolith to microservice architectures. He is certified as both a scrum master and product owner. Stemming from his experience as both an avid practitioner and consultant, Pete has spoken internationally at numerous prominent security and developer conferences including DevOpsDays, All Day DevOps, OWASP AppSec, and DevSecCon.

    Pete has been granted three patents. He enjoys whiskey tourism, astronomy model rocketry, and listening to Rush in his spare time.

  • speaker photo
    Justin Quinn
    Enterprise Solutions Engineer, Wiz
  • speaker photo
    Sean Baggett
    VP & CISO, Blue Cross Blue Shield of Massachusetts

    Sean Baggett is the Vice President and Chief Information Security Officer at Blue Cross Blue Shield of Massachusetts. Sean has been an IT and Security leader in the healthcare industry for over 20 years. He has a BS from the Massachusetts Maritime Academy and is a former U.S Navy Surface Warfare Officer. He currently holds CISSP and CISM certifications.

  • speaker photo
    Moderator: Mark Aiello
    Board Member, (ISC)2 Eastern Massachusetts; President, CyberSN

    Having more than 30 years of IT and cybersecurity consulting/staffing experience, Mark joined Signature Consultants, one of the largest IT Staffing Firms in the U.S., to lead, build and cultivate the cybersecurity talent and workforce throughout the organization’s 26 locations, serving 100s of clients throughout North America. Former President of Cyber 360, a leader in cybersecurity staffing, he harnesses his expertise in the cybersecurity/information security labor market to deploy and support a vast network of cybersecurity professionals. His passion and purpose are keeping companies safe by providing cybersecurity consultants and employees.

  • speaker photo
    Jonathan Trull
    SVP, Customer Solutions Architecture and Engineering, Qualys

    Jonathan Trull is a longtime security practitioner and CISO with over 18 years of experience in the cybersecurity industry and is currently the Senior Vice President of Customer Solutions Architecture and Engineering at Qualys. His career has spanned operational CISO and infosec roles with the State of Colorado, Qualys, Optiv, and Microsoft. While at Microsoft, Jonathan led the Microsoft Detection and Response Team (DART) whose mission was to respond to cyber security incidents around the globe ranging from cyber espionage initiated by nation-state actors to ransomware attacks and included the investigation of and response to the NOBELIUM threat actor campaign which leveraged the SolarWinds supply chain. Jonathan also serves as an advisor to several security startups and venture capital firms and supports the broader security community through his work with the Cloud Security Alliance, Center for Internet Security, and IANS. He is also an adjunct faculty member at Carnegie Mellon University where he mentors and coaches those attending the CISO Executive Education Program. Jonathan is a frequent speaker at industry conferences such as BlackHat, RSA, and SANS and holds several industry certifications including the CISSP, OSCP, CCSP, and GCFA. Jonathan is a veteran of the U.S. Navy finishing his career as a Lieutenant Commander supporting the Information Warfare Domain.

  • speaker photo
    Luke Babarinde
    Principal Architect, Sales Engineering, Imperva

    Luke Babarinde is a Principal Solutions Architect at Imperva with over 15 years of experience in cybersecurity. He is passionate about building effective solutions to assist organizations seeking to holistically address data challenges of which security is critical.

  • speaker photo
    Mark Ostrowski
    Head of Engineering, East US, Check Point Software Technologies

    Mark Ostrowski is the Head of Engineering for the East region of US at Check Point Software Technologies. Mark has over 25 years’ experience in IT security and has helped design and support some of the largest security environments in the country. As an evangelist and member of the Office of the CTO at Check Point Software, Mark provides thought leadership for the IT security industry, outlining the current threat landscape and helping organizations understand how they can proactively mitigate and manage risk in our world of digital transformation. Mark actively contributes to national and local media discussing cybersecurity and its effects in business and at home on media outlets such as the Today Show on NBC, Good Morning America on ABC, and the Wall Street Journal.

  • speaker photo
    Ray Canzanese
    Director of Netskope Threat Labs, Netskope

    Ray is the Director of Netskope Threat Labs, which specializes in cloud-focused threat research. His background is in software anti-tamper, malware detection and classification, cloud security, sequential detection, and machine learning.

  • speaker photo
    Stephen Fitzgerald
    Sr. Sales Engineer, Orca Security

    From writing detection rules and automations for SOC teams to assisting with compliance initiatives, cloud security has always been the focus of Stephen's career. Currently Stephen serves as a Senior Solutions Engineer at Orca helping customers architect and operationalize the Orca platform, as well as providing risk assessment reviews and guidance on security operations overall. Outside of his professional pursuits, he enjoys cars, computer hardware, and anything where he get's to play defense.

  • speaker photo
    Moderator: Gus Chiarello
    Director, Security Architecture, AccessIT Group

    Gus Chiarello is the Director of Security Architecture and part of the technology consulting leadership team at AccessIT Group (AITG). Gus has over 10 years of experience in risk management and 16 years in IT professional services leading the development of AppSec MDR, MSP, and MSSP service practices. Through leveraging his background in both technology infrastructure and risk management, Gus provides exceptional CISO-level consultative guidance. Following an IT Service Management (ITSM) strategy, Gus provides a unique understanding of the relationship between the IT organization and the business units they support.

  • speaker photo
    Deidre Diamond
    Founder and CEO, CyberSN and Secure Diversity

    Deidre Diamond is the founder and CEO of CyberSN, the largest cybersecurity talent acquisition technology and services firm in the U.S., transforming job searching and hiring for the cybersecurity industry. Standardizing all cybersecurity job functions into a common taxonomy of 45 roles, the CyberSN platform allows professionals to make anonymous, public profiles that match with employer-posted job descriptions using the same taxonomy. This innovation is disruptive and solves a serious national security issue. Deidre’s leadership style combines 25 years of experience working in technology and staffing, her love of the cybersecurity community, and a genuine enthusiasm for people. She has led large-scale sales and operations and built high-performance teams at Rapid7 and Motion Recruitment prior to founding her own organizations. She believes a company-culture established on ‘anything is possible’ attitudes and open communication frameworks, along with positive energy, career advancement, and kindness, enables her teams to have fun at work and reach beyond peak performance. She also encourages the use of EQ (Emotional Intelligence) skills: self-awareness, self-regulation, motivation, social skills, and empathy. Deidre has also founded SecureDiversity.org, a non-profit organization working to raise awareness for, and increase the hiring of, women and underrepresented humans in the cybersecurity workforce. She has also spoken at some of the biggest tech summits, conferences, and podcasts in the world including ISC2 Congress, RSA, ISSA International, and Hacker Halted.

  • speaker photo
    Trenton Ivey
    Counter Threat Unit Researcher, Secureworks

    Trenton has had the privilege of working with teams of skilled hackers to legally compromise some of the largest organizations in the world. Trenton has also worked on several high-profile incident-response engagements to help provide the adversarial mindset as organizations respond and recover. While his focus is currently offensive research and development, he spends much of his time fostering collaboration between Red and Blue teams.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes