Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, March 9, 2022
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge.

    7:30 am
    Advisory Council Roundtable Breakfast – (VIP / Invite only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    7:30 am - 8:20 am

    This roundtable discussion is for our Advisory Council members only.

    7:30 am
    ISSA New England Chapter Meeting and Presentation
    • session level icon
    Open to all attendees | Breakfast provided
    speaker photo
    Sr. Principal, Security Risk Management, Verizon
    Registration Level:
    • session level iconOpen Sessions
    7:30 am - 8:20 am

    Discussion moderated by David Dumas, chapter vice president.

    7:30 am
    Association Chapter Meetings
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:30 am - 8:20 am

    Participating professional associations and details to be announced.

    7:30 am
    [PLUS Course] Developing a Comprehensive Ransomware Plan - Part 1
    • session level icon
    speaker photo
    CISO, Worcester Polytechnic Institute
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 8:30 am

    The impact of the Colonial Pipeline hack on millions of homes and businesses is a sobering reminder of the way ransomware can paralyze essential infrastructure. Sadly, this strategy seems to be paying off for some hacking groups, as they see their success in payouts and financial value increasing—with multi-million dollar payouts now the new normal. Many of these at-risk industries have made the decision that ransom payment is the best of a bad set of options available to them.

    Malicious actors continue to adjust their ransomware tactics over time, to include pressuring victims for payment by threatening to release stolen data if they refuse to pay, and publicly naming and shaming victims as secondary forms of extortion. Malicious actors engage in lateral movement to target critical data and propagate ransomware across entire networks. These actors also increasingly use tactics, such as deleting system backups, that make restoration and recovery more difficult or infeasible for impacted organizations.

    This comprehensive training course will cover:

    Part 1: Prepare for a Ransomware Attack

    • Review of recent Ransomware Attacks, Active Ransomware Groups, Impact of a Ransomware Attack
    • How Ransomware Attacks Work: Attack stages – Before the Attack, During the Attack, After the Attack
    • Ransomware Best Practices & Recommendations: Based on CISA/MS-ISAC Ransomware Guide, Sept 2020
    • Ransomware Risk Management: Based on Preliminary Draft NISTIR 8374 Cybersecurity Framework Profile
    • Center for Internet Security (CIS Security) Ransomware Primer: Security Primer – Ransomware (cisecurity.org)
    • Ransomware Awareness: CISA Ransomware Guidance and Resources –  Ransomware | CISA
    • Cybersecurity Insurance: Beazley Breach Response (BBR)

    Part 2: Recent Ransomware Attacks and the MITRE ATT&CK Framework

    • MITRE ATT&CK Framework: Darkside Ransomware (See Reference)
    • MITRE ATT&CK Framework: Avaddon Ransomware (See Reference)
    • MITRE ATT&CK Framework: Conti Ransomware (See Reference)
    • MITRE ATT&CK Framework: Sodinokibi Ransomware (See Reference)
    • Mapping the MITRE ATT&CK Framework to the NIST Cybersecurity Framework

    Part 3: Protect Against a Ransomware Attack

    • Ransomware Best Practices & Recommendations: Based on CISA/MS-ISAC Ransomware Guide, Sept 2020
    • Ransomware Risk Management: Based on Preliminary Draft NISTIR 8374 Cybersecurity Framework Profile
    • Center for Internet Security (CIS Security) Ransomware Primer: Security Primer – Ransomware (cisecurity.org)
    • Additional references that focus on Preventing a Ransomware Attack

    Part 4: Detection and Analysis of a Ransomware Attack

    • Ransomware Best Practices & Recommendations: Based on CISA/MS-ISAC Ransomware Guide, Sept 2020
    • Ransomware Risk Management: Based on Preliminary Draft NISTIR 8374 Cybersecurity Framework Profile
    • Center for Internet Security (CIS Security) Ransomware Primer: Security Primer – Ransomware (cisecurity.org)
    • Additional references that focus on Detecting and Analyzing a Ransomware Attack

    Part 5: Containment and Eradication of a Ransomware Attack

    • Ransomware Best Practices & Recommendations: Based on CISA/MS-ISAC Ransomware Guide, Sept 2020
    • Ransomware Risk Management: Based on Preliminary Draft NISTIR 8374 Cybersecurity Framework Profile
    • Center for Internet Security (CIS Security) Ransomware Primer: Security Primer – Ransomware (cisecurity.org)
    • Additional references that focus on Containment and Eradication of a Ransomware Attack

    Part 6: Recovery and Post-Incident Activity

    • Ransomware Best Practices & Recommendations: Based on CISA/MS-ISAC Ransomware Guide, Sept 2020
    • Ransomware Risk Management: Based on Preliminary Draft NISTIR 8374 Cybersecurity Framework Profile
    • Center for Internet Security (CIS Security) Ransomware Primer: Security Primer – Ransomware (cisecurity.org)
    • Additional references that focus on Recovery and Post Incident Activity – Ransomware Response Checklist

    Part 7: Review / Summary / Next Steps

    • Review of Best Practices
    • Summary of activities before the attack – Prepare and Protect
    • Summary of activities during the attack – Detect and Analyze
    • Summary of activities after the attack – Contain and Eradicate
    • Review of follow-up activities – Recover and Post Incident
    • Next Steps / Action Plan
    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 3:00 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Virtual booths feature demos, resources downloads, and staff ready to answer your questions. Look for participating Dash For Prizes and CyberHunt sponsors to be entered to win prizes.

    8:30 am
    OPENING KEYNOTE
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    9:15 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:15 am - 9:45 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    9:45 am
    Benefiting from CISA's Expanding Role in Cybersecurity
    • session level icon
    speaker photo
    Cybersecurity Advisor, U.S. Cybersecurity & Infrastructure Security Agency (CISA)
    Registration Level:
    • session level iconConference Pass
    9:45 am - 10:30 am

    Key Takeaway:
    Walk away from this session with a better understanding of how you can partner with and benefit from CISA and its resources.

    For years, cybersecurity leaders have been asking for more help from the federal government, and it is finally happening. Now more than ever, the federal government has free resources to help you fight against sophisticated cyber actors and nation-states with the ability to disrupt, destroy, or threaten the delivery of essential services. With the risk and potential consequences of cyber events, strengthening the security and resilience of cyberspace has become an important homeland security mission, and CISA can help.

    9:45 am
    PCI 4.0: What Is Coming?
    • session level icon
    speaker photo
    Director, Audit and Compliance, CipherTechs, Inc.
    Registration Level:
    • session level iconConference Pass
    9:45 am - 10:30 am

    PCI 4.0 is coming out at the end of first quarter 2022. There are many changes that are involved with wording, testing, and the forms for submission. This session will talk about some of the changes that may affect you for the SAQs and the ROCs, such as what additional documentation and activities you will need prior to having PCI 4.0 implemented by the end of 2024 going into 2025.

    9:45 am
    Privacy and Cyber Law Landscape for 2022
    • session level icon
    Registration Level:
    • session level iconConference Pass
    9:45 am - 10:30 am

    Join this session to explore the latest evolutions in cybersecurity and privacy law. This includes the emerging trends and initiatives that are most likely to impact organizations in 2022. Plus, we’ll talk about a strategic approach to cut through the confusion and identify where to focus right now.

    10:40 am
    An Enlightened Path to AppSec Nirvana from Code to Cloud
    • session level icon
    speaker photo
    Head of Application Security, GoodLeap LLC
    Registration Level:
    • session level iconConference Pass
    10:40 am - 11:25 am

    Key Takeaway:
    You’ll leave with an executable roadmap to improving the security of your applications.

    This session will be high-level and cover the various elements of a comprehensive application security program and how the pieces fit together. We’ll also review the various secure development models to equip you with a choice of standards you can adopt. Finally, we’ll cover sequencing and speed so you can follow a path to achieving your own AppSec nirvana.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    10:40 am
    Cyber Incidents, Forensics, and Insurance: Are All Three up to Snuff?
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:40 am - 11:25 am

    2020 was the year of ransomware and the pandemic, and many organizations realized their IR wasn’t up to snuff, and others did not listen to external professionals helping and were re-compromised. Have you really tested your Incident Response processes? How about having a detailed post-mortem after an event? Have you looked at your cyber insurance policy to see who you are supposed to be using for assistance? This session will review going through an actual incident and what was good and what was missing in the recovery, alerting (oops, the customers are involved), and finding the root cause, and whether cyber insurance was worth it.

    10:40 am
    Ransomware Incident Command and Lessons Learned for Managers
    • session level icon
    Registration Level:
    • session level iconConference Pass
    10:40 am - 11:25 am

    This presentation presents a practical approach to incident command for managers at all levels, irrelevant of cyber expertise. Managers of all types are asked to take charge in critical situations and can benefit from leveraging proven crisis management processes during ransomware response.

    11:30 am
    [Lunch Keynote] ThreatLocker: Blocking Unknown Application Vulnerabilities
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:30 pm
    Location / Room: Keynote Theater
    11:30 am
    Advisory Council Lunch Roundtable - (VIP / Invite Only)
    • session level icon
    Hiring in Troubled Times
    Registration Level:
    • session level iconVIP / Exclusive
    11:30 am - 12:30 pm
    12:30 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:30 pm - 1:00 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    1:00 pm
    [Panel] Tales from the Cloud: Doing More with Less
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:50 pm

    The cloud saved many businesses when the pandemic hit. Some were already there and found new ways to thrive. For others, it was their first jump. It’s been almost two years now. Our panel will share what we’ve learned in this journey to the cloud—from doing more with less, to the ever-present insider threat risk, to supporting our DevOps teams like never before.

    1:00 pm
    [Panel] The Current Threat Landscape
    • session level icon
    speaker photo
    VP of Product, Balbix
    speaker photo
    Senior Solution Architect, Cymulate
    speaker photo
    Solutions Engineer, Tessian
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:50 pm

    If we’ve learned one thing from the pandemic it’s that cybercriminals do not take breaks. They are constantly retooling and trying new approaches. They collaborate—often better than we do. It is time for us to join forces, identify the most likely of risks to our organizations, and strengthen our networks. We’ve got to get our developers on board, as well, as it’s got to be secure before it goes to market. And what about all the careless clicking from employees?

    It’s a huge task, but we don’t have to do it alone. Join our panel of experts as they unpack the current threat landscape and offer ideas on how to start making effective changes within your organization.

    1:00 pm
    Breakout Session Three
    • session level icon
    Registration Level:
    • session level iconConference Pass
    1:00 pm - 1:50 pm
    2:00 pm
    A Whole Lotta BS (Behavioral Science) About Cybersecurity
    • session level icon
    speaker photo
    Executive Director, National Cybersecurity Alliance
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:45 pm

    Key Takeaway:
    The audience will gain a better understanding of the general public’s habits, beliefs, and feelings about cybersecurity to better inform security training and awareness programs.

    People often don’t do things they know they should, even when they can benefit. What’s the reason behind this? New research from the National Cybersecurity Alliance reveals the public’s attitudes and beliefs about security, and potential drivers and barriers towards secure habits. This research provides insight into how we can develop more effective awareness and behavior change initiatives.

    In this session, National Cybersecurity Alliance Executive Director Lisa Plaggemier will explore the findings from the organization’s annual survey and what can be learned when creating awareness programs.

    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    2:00 pm
    Penetration Testing The Cybersecurity Maturity Model (CMM)
    • session level icon
    Registration Level:
    • session level iconConference Pass
    2:00 pm - 2:45 pm

    Many organizations have heard or used the Cybersecurity Maturity Model (CMM) to help improve their organization’s overall security posture.  In many cases the results provide a broad view that meet a predetermined requirement i.e. audit, assessment or gap analysis  This presentation considers the valuable output produced from that process and provides, through live demonstrations, a comprehensive look at what would happen if those vulnerabilities identified previously, are compromised at an operational security level.

    * Learning Objective #1:
    Operational Cybersecurty Exposure – A method by which to measure the maturity level of the organization’s operational security.

    * Learning Objective #2:
    Actions Matrix – Will provide an active template to identify actionable components of internal operations that map back to the technology security layers.

    * Learning Objective #3:
    High Level understanding of mapping Vulnerability assessment (NIST) vs Penetration testing output to CMM.

    Presentation Level: TECHNICAL (deeper dive including TTPs)

    2:00 pm
    Going Passwordless: Authentication Fact or Fiction?
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:45 pm

    Are your internal customers tired of passwords? Are you tired of easily breaking their passwords? Well, look no further. Passwordless authentication is upon us and can be achieved for multi-factor authentication (MFA), while making our internal customers happy. How is this possible? Come and listen with your colleagues as I share how we rolled it out, describe the lessons learned, and share who the players are.

    Passwords are one of the most loathed controls in the wild. If you can’t beat ’em, join ’em. Learn who the passwordless alphas are and the lessons learned to achieve a win-win strategy within your company.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    2:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:45 pm - 3:15 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    3:15 pm
    Are You Ready for the Convergence of IIoT, OT, and IT Security?
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:15 pm - 4:00 pm

    Business transformation and drive for smart factory initiatives has placed demands on business leaders to leverage relevant technologies to achieve the desire end goal of operational excellence. The technologies such as industrial internet of things (IIoT) are being layered on top of manufacturing floor machinery to provide that needed insight into business operations and productivity. These improvement and perceived operational excellence have come with cyber security risks which were not a common place in manufacturing space previously. It for this reason that there is now a convergence between operation technology (OT), Industrial internet of things (IIoT) and IT. This intersection is becoming very evident in manufactural, supply chain and traditional production organization or companies.

    Most of these manufacturing machineries were never directly connected to the ethernet networks and as such the risk was very minimal. In some cases, these organizations had organized security based on perimeter controls such as data center firewalls, site firewalls, floor firewalls that provide segmentation or microsegment between corporate IT and manufacturing operation technology (OT space). However, if the individual devices that are connected on the OT side become compromised and the threat has access to that communication link, a hacker can push malicious data, cause denial of service (DoS), or introduce malware or viruses to the entire network — even if there is a secure communication link. There are many ways to run into problems on the OT/IoT front if companies are not careful in their network design security implementation. These increase the risk and a re-thinking of how to architect security appropriately to meet the ever-evolving threat landscape with relevant implications to OT/IIoT and larger enterprise network.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    3:15 pm
    How to Build an Effective Security Awareness Program
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 4:00 pm

    How to build an effective security awareness program and help your team recognize phishing and BEC.

    3:15 pm
    [PLUS Course] Developing a Comprehensive Ransomware Plan - Part 2
    • session level icon
    speaker photo
    CISO, Worcester Polytechnic Institute
    Registration Level:
    • session level iconSecureWorld Plus
    3:15 pm - 4:30 pm
  • Thursday, March 10, 2022
    7:00 am
    Registration open
    Registration Level:
    7:00 am - 3:00 pm
    Location / Room: Registration Desk / Lobby

    Come to the Registration desk in the lobby to check-in and get your badge.

    7:30 am
    [PLUS Course] Developing a Comprehensive Ransomware Plan - Part 3
    • session level icon
    speaker photo
    CISO, Worcester Polytechnic Institute
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 8:30 am
    8:00 am
    Exhibitor Hall open
    Registration Level:
    8:00 am - 3:00 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Virtual booths feature demos, resources downloads, and staff ready to answer your questions. Look for participating Dash For Prizes and CyberHunt sponsors to be entered to win prizes.

    8:30 am
    OPENING KEYNOTE
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Keynote Theater
    9:15 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:15 am - 9:45 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    9:45 am
    Reframing the Conversation around Cybersecurity Fatigue
    • session level icon
    From Military Conflict to Therapy and Addiction
    speaker photo
    CISO, Steward Health Care
    Registration Level:
    • session level iconConference Pass
    9:45 am - 10:30 am
    9:45 am
    Breakout Session Two
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:30 am
    9:45 am
    Breakout Session Three
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:30 am
    10:40 am
    Driving Business Strategy and Growth Using Cybersecurity
    • session level icon
    speaker photo
    Director, Cybersecurity Due Diligence, RSM US
    Registration Level:
    • session level iconConference Pass
    10:40 am - 11:25 am
    Traditionally, cybersecurity is often viewed as a means to reducing risks to an organization, thwarting the attacks of threat actors and securing company assets and infrastructure. When we examine the strategic goals and objectives that organizations undertake to promote their growth and success, we can often identify the interlinkage between business objectives and the services cybersecurity provides. By shifting the focus on how cybersecurity could enable an organization to bring products to market faster, make it easier for customers to conduct business with the company, create an environment to attract and retain employees and become the vendor of choice to our customers, we can strengthen our relationship with executive leadership and board of directors, become a trusted partner to the business, serve as a trusted advisor to line of business owners and shift the paradigm of cybersecurity from risk reduction cost center to a business enablement service line.
    10:40 am
    Breakout Session Two
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:40 am - 11:25 am
    10:40 am
    Breakout Session Three
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:40 am - 11:25 am
    11:30 am
    [Lunch Keynote] Tenable: Cyber Risk Management
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:30 pm
    Location / Room: Keynote Theater

    Tenable®, Inc. is the Cyber Exposure company. Over 30,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 30 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

    11:30 am
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:30 am - 12:30 pm

    Advisory Council – VIP / INVITE ONLY

    12:30 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:30 pm - 1:00 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    1:00 pm
    [Panel] The Battle to Control the Endpoints
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:50 pm

    In a recent survey, the SecureWorld media team uncovered that a whopping 30% of IT professionals admitted they didn’t actually know if they had visibility on all the endpoints within their organizations! With close to a thousand endpoints (in the majority of those surveyed) that included: servers, office PCs, printers, employee-owned devices, smart watches, IoT—the list goes on and on. What does the cloud do to impact this count? What was missed? Join our experts as they help us gain better visibility into the battle to control ALL the endpoints.

    1:00 pm
    [Panel] Securing the Code: AppSec and DevOps 101
    • session level icon
    speaker photo
    Principal Security Strategist, Synopsys
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:50 pm

    Everyone says you’ve got to bake security into the development process, but it doesn’t always get done. Speed to market and “other considerations” can get in the way of good, clean secure code. Some developers share code or borrow from open-source platforms on the internet. Is that safe? How do you work with your DevOps teams to create a collaborative, proactive environment where they have the time and resources to build that security in from the beginning? How do you deal with burnout and fatigue? Our panel will address these concerns and more to help you get a handle on securing the code.

    1:00 pm
    Breakout Session Three
    • session level icon
    Registration Level:
    • session level iconConference Pass
    1:00 pm - 1:50 pm
    2:00 pm
    Incident Response: What We Miss Far Too Often
    • session level icon
    speaker photo
    Americas Lead for Secure Culture Activation, Ernst & Young LLP
    Registration Level:
    • session level iconConference Pass
    2:00 pm - 2:45 pm
    2:00 pm
    Breakout Session Two
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:45 pm
    2:00 pm
    Breakout Session Three
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:45 pm
    2:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:45 pm - 3:15 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    3:15 pm
    Breakout Session One
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:15 pm - 4:00 pm
    3:15 pm
    Breakout Session Two
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 4:00 pm
    3:15 pm
    [PLUS Course] Developing a Comprehensive Ransomware Plan - Part 4
    • session level icon
    speaker photo
    CISO, Worcester Polytechnic Institute
    Registration Level:
    • session level iconSecureWorld Plus
    3:15 pm - 4:30 pm
Exhibitors
  • ACP – Greater Boston
    Booth:

    ACP is a professional organization that provides a forum for the exchange of information and experiences for business continuity leaders. We serve the greater Boston area, including Rhode Island and southern New Hampshire. Meetings are held on the second Wednesday of every month (except July & August). We invite you to attend our next meeting.

  • Area 1 Security
    Booth:

    Area 1 Security is the only company that preemptively stops Business Email Compromise, malware, ransomware and targeted phishing attacks. By focusing on the earliest stages of an attack, Area 1 stops phish — the root cause of 95 percent of breaches — 24 days (on average) before they launch. Area 1 also offers the cybersecurity industry’s first and only performance-based pricing model, Pay-per-Phish.

    Area 1 is trusted by Fortune 500 enterprises across financial services, healthcare, critical infrastructure and other industries, to preempt targeted phishing attacks, improve their cybersecurity posture, and change outcomes.

    Area 1 is a Certified Microsoft Partner, and Google Cloud Technology Partner of the Year for Security.

  • ARMA Boston
    Booth:

    ARMA International is a not-for-profit organization representing the RIM profession. Its primary purpose is the advancement of the profession and the professional through advocacy, education and professional development.

    ARMA International members include records and information managers, MIS and ADP professionals, imaging specialists, archivists, hospital administrators, legal administrators, librarians, corporate counsel, compliance professionals, and educators. ARMA, its chapters, and its members are dedicated to helping individuals, organizations, and government agencies successfully meet the challenges of the increasingly complex records and information management field.

  • ASIS
    Booth:

    ASIS International is the world’s largest membership association for security professionals. With hundreds of chapters across the globe, ASIS is recognized as the premier source for learning, networking, standards, and research. ASIS ensures its members and the security community have access to the intelligence and resources necessary to protect their people, property, and information assets. www.asisonline.org

  • Balbix
    Booth:

    Balbix is the world’s leading platform for cybersecurity posture automation. Using Balbix, organizations can discover, prioritize and mitigate unseen risks and vulnerabilities at high velocity. With seamless data collection and petabyte-scale analysis capabilities, Balbix is deployed and operational within hours, and helps to decrease breach risk immediately. Balbix counts many global 1000 companies among its rapidly growing customer base and was named a “Cool Vendor” by Gartner in 2018.

  • Centripetal Networks
    Booth:

    Centripetal is a three-time Deloitte Fast 500 company, whose cyber security systems are deployed in many of the world’s most mission critical networks. Our mission is to make the most advanced intelligence-based defense available to everyone as a service. Through our research we are resolving each of the technological challenges to put trust back into internet connection.

  • Cloud Security Alliance (CSA)
    Booth:

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • ConnectWise
    Booth:

    ConnectWise is the world’s leading software company dedicated to the success of IT solution providers through unmatched software, services, community, and marketplace of integrations. ConnectWise’s innovative, integrated, and security-centric platform – Asio™ – provides unmatched flexibility that fuels profitable, long-term growth for partners. ConnectWise enables ITSPs to drive business efficiency with automation, IT documentation, and data management capabilities – and increase revenue using remote monitoring, cybersecurity, and backup and disaster recovery technologies. For more information, visit connectwise.com.

  • Cybercrime Support Network
    Booth: N/A

    Cybercrime Support Network (CSN) is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime. CSN’s mission is to improve the plight of Americans facing the ever growing impact of cybercrime by bringing together national partners to support cybercrime victims before, during, and after.

  • Cybereason
    Booth:

    Cybereason was founded in 2012 by a team of ex-military cybersecurity experts with the mission of detecting and responding to complex cyber-attacks in real time. Cybereason is the only Endpoint Detection and Response platform deployed in user space that detects both known and unknown attacks and connects isolated indicators of compromise to form a complete, contextual attack story. Cybereason’s behavioral analytics engine continuously hunts for adversaries and reveals the timeline, root cause, adversarial activity, related communication and affected endpoints and users of every attack. Cybereason provides security teams with actionable data, enabling fast decision making and proper response.

  • Cymulate
    Booth:

    Cymulate SaaS-based continuous security validation makes it simple to measure and improve your security posture across the full attack kill-chain. Every assessment is scored and includes actionable remediation guidance to mitigate risk and optimize security control effectiveness. Cymulate enables you to take data-driven decisions and manage your security resources efficiently.

  • ExtraHop
    Booth:

    ExtraHop is a force multiplier for IT teams struggling with increasing complexity. With the ExtraHop platform, organizations can regain control over the security and performance of their applications and infrastructure, and capitalize on their data analytics opportunity to improve business operations and results. Learn more at www.extrahop.com

  • HackEDU
    Booth:

    HackEDU provides secure coding training to companies ranging from startups to the Fortune 5. HackEDU’s mission is to provide best in class interactive cybersecurity training. Whether you are someone brand new to the field looking to break in or a developer looking to code more securely, we are passionate about teaching. Our aim is to lower barriers to learn security and give safe and legal environments for exploration. Only then will the industry flourish with more cybersecurity professionals and security champions.

    Our decades of cybersecurity experience helps us shape our platform and curriculum. We are always looking for cybersecurity experts that are passionate about teaching. If you are interested in joining our team please check out our careers page.

  • HTCIA
    Booth:

    Investigators on the Leading Edge of Technology

    The High Technology Crime Investigation Association (HTCIA) was formed to provide education and collaboration to our global members for the prevention and investigation of high tech crimes. As such, we are an organization that aspires to help all those in the high technology field by providing extensive information, education, collective partnerships, mutual member benefits, astute board leadership and professional management. Association Mission: Provide education and collaboration to our global members for the prevention and investigation of high tech crimes.

  • InfraGard Boston
    Booth:

    InfraGard is a United States government (FBI) and private sector alliance. InfraGard Boston was developed by the Boston FBI office in 1998 to promote protection of critical information systems. InfraGard provides formal and informal channels for the exchange of information about infrastructure threats and vulnerabilities. The purpose of the synergistic exchange is to allow members to better protect themselves and their corporate interests while enhancing the ability of the United States government to provide national security.

  • Institute of Internal Auditors (IIA)
    Booth:

    Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.

  • ISACA
    Booth:

    As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

  • (ISC)2
    Booth:

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • ISACA New England Chapter
    Booth:

    The New England Chapter of ISACA was founded in 1976. From the modest beginnings of its first meeting — which was held at Valle’s Steak House on Route 9 in Newton, Massachusetts.

    Since, the New England Chapter has grown to over 2000 members across four states (MA, NH, ME, VT).

    The primary objective of the New England Chapter of ISACA ® is to provide quality Information Systems audit and security-related education to support its members and their professional certifications.

  • KnowBe4
    Booth:

    We are a leader in the Gartner Magic Quadrant and the fastest-growing vendor in this space.

    KnowBe4 is the world’s largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering.

    The KnowBe4 platform is user-friendly and intuitive. It was built to scale for busy IT pros that have 16 other fires to put out. Our goal was to design the most powerful, yet easy-to-use platform available.

    Customers of all sizes can get the KnowBe4 platform deployed into production twice as fast as our competitors. Our Customer Success team gets you going in no time, without the need for consulting hours.

  • MCPA
    Booth:

    The Military Cyber Professionals Association is dedicated to developing the American military cyber profession and investing in our nation’s future through STEM education. We are working towards an American military cyber profession that is accomplishing what our nation needs, expects, and deserves. Our goal is to secure cyberspace for military, economic, and private individual pursuits.

  • Rapid7
    Booth:

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • Recorded Future
    Booth:

    Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.

  • Secure Diversity
    Booth:

    Seecure Diversity is an innovative non-profit organization with leaders that think out of the box who have created strategies & solutions in placing qualified women and underrepresented humans into cybersecurity roles. We foster gender diversity, equity, and inclusion in the cybersecurity industry through conferences, networking, mentoring, professional development, and community outreach. One of our primary goals is to raise awareness and increase the number of women and underrepresented humans in the cybersecurity workforce. Founded in 2015 by Deidre Diamond; our mission is the equal representation of women and men in the cybersecurity workforce by engaging and collaborating with organizations and businesses to improve the recruitment and retention of women; utilize marketing and social media platforms to raise awareness of women in cybersecurity careers; remove cybersecurity institutional barriers and innovate new strategies to leverage existing resources.

  • SIM Boston
    Booth:

    At the Boston Chapter of SIM, we provide leading information technology executives, consultants, and academics with a place to share ideas. Our collaborative community shares best practices, trends and lessons learned for you: the person that is responsible for shaping and influencing the future of IT and IT management.

    Our goal is to provide you with access to a robust community of the area’s top IT leaders so you can exchange ideas, share best practices, and stimulate your mind. As a senior-level IT profession providing both strategic and tactical direction to your division on a daily basis, you need someplace to turn for advice, answers, and guidance, too.

  • Sumo Logic
    Booth:

    Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world.

  • Synopsys
    Booth:

    Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

  • Tenable
    Booth:

    Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

  • Tessian
    Booth:

    An enterprise-grade SaaS solution that stops misdirected emails to unintended recipients. Protect your organization’s sensitive and proprietary data today. Industry Leading UX/UI.

  • TechTarget
    Booth: N/A

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • ThreatLocker
    Booth:

    ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com

  • Women in CyberSecurity (WiCyS)
    Booth:

    Women in CyberSecurity (WiCyS) is the premier nonprofit organization with international reach dedicated to bringing together women in cybersecurity. Founded by Dr. Ambareen Siraj from Tennessee Tech University through a National Science Foundation grant in 2013, WiCyS offers opportunities and resources for its members and collaboration benefits for its sponsors and partners. The organization’s founding partners are Cisco, Facebook and Palo Alto Networks. WiCyS’ strategic partners include Amazon Web Services, Bloomberg, Cisco, Equifax, Facebook, Google, HERE Technologies, IBM, Lockheed Martin, Nike, Optum, Palo Alto Networks, PayPal, SANS Institute, Target, and University of California San Diego. To learn more about WiCyS, visit https://www.wicys.org.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    David Dumas
    Sr. Principal, Security Risk Management, Verizon

    David Dumas, CISSP, CISM, ISSA Distinguished Fellow. David is a Senior Principal in Security Risk Management for Verizon's Wireline Security Operations group. He has 32 years in the security field, working at Digital Equipment and Verizon. He has been on the ISSA New England Chapter Board since 1998.

  • speaker photo
    Larry Wilson
    CISO, Worcester Polytechnic Institute

    Larry Wilson is a senior consultant and was formerly the Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Richard Berthao
    Cybersecurity Advisor, U.S. Cybersecurity & Infrastructure Security Agency (CISA)

    Richard Berthao is the CISA Cybersecurity Advisor (CSA) for Connecticut. He manages the major cyber engagements in Connecticut with additional support to Region 1, championing cyber resilience to public and private sector partners. His career began over 25 years ago as an IT specialist in the private sector. Additionally, he spent 19 years as CIO with the Massachusetts National Guard. An adjunct faculty member at Nichols College in Massachusetts, he teaches graduate courses on cybersecurity governance, policy, and fundamentals. He is also a Cyberspace Operations Officer in the U.S. Army Reserve.

  • speaker photo
    Sandy Bacik
    Director, Audit and Compliance, CipherTechs, Inc.

    Sandy Bacik, CISSP, ISSMP, CGEIT, CISA, CDPSE, PCI QSA, is CipherTechs’ Director Audit & Compliance, has over 20 years’ direct information security and operational experience in the areas of IT Audit and Compliance, BCP/DR, Incident Response, Physical security, Privacy, Regulatory Compliance and Audit, Policies/Procedures, Operations, and Management and is a former CISO. With an additional 15 years in Information Technology Operations. Ms. Bacik has been heavily involved with local, national, and international security industry events. Ms. Bacik is the author of Building an Effective Security Policy Architecture and a contributing author to the past years of Information Security Management Handbook.

  • speaker photo
    David Barker
    Head of Application Security, GoodLeap LLC

    David Barker is Head of Application Security for GoodLeap LLC, a Fintech company providing a point-of-sale platform for sustainable home solutions. GoodLeap marks David’s fourth creation of a Code-to-Cloud Application Security program. His pedigree includes companies like Dell EMC, Stanley Black & Decker, and PTC. David has both an MBA and an MS in IT and wields his combination of business and technical acumen with repeated success.

  • speaker photo
    Panel Discussion
  • speaker photo
    Chris Griffith
    VP of Product, Balbix

    Chris Griffith leads product management for Balbix. Chris brings over 15 years as a product, business development and strategy leader in security and technology. Prior to Balbix, Chris led tech alliances for Hewlett Packard Enterprise’s (HPE) security portfolio. Chris also ran product management for HPE’s Data Security business and drove strategic acquisitions in corporate development. Chris holds an MS from Stanford and a BS from Princeton, both in Mechanical Engineering, and an MBA from UCLA Anderson.

  • speaker photo
    Mike DeNapoli
    Senior Solution Architect, Cymulate

    Mike DeNapoli has spent over two decades working with companies from mom and pop shops to Fortune 100 organizations;advising on issues from Business Continuity Planning, to Cloud Transformation, to Real-World Cybersecurity. He is currently a Senior Solution Architect with Cymulate Breach and Attack Simulation;helping customers and partners know that their security controls are defending the organization, without speculation.

  • speaker photo
    Ashley Bull
    Solutions Engineer, Tessian

    Ashley is a Solutions Engineer at Tessian, providing customers with solutions to address their email security objectives. She is responsible for leading technical product demonstrations and evaluations, and is an expert in email security, endpoint security, insider threats, and behavior analytics and Human Layer Security. Prior to joining Tessian, Ashley worked at VMware Carbon Black.

  • speaker photo
    Panel Discussion
  • speaker photo
    Lisa Plaggemier
    Executive Director, National Cybersecurity Alliance

    Lisa Plaggemier is the Executive Director at the National Cybersecurity Alliance. Lisa is a trailblazer in security awareness and education and is a prominent security influencer with a proven track record of engaging and empowering businesses and their employees to protect themselves and their data. Lisa has held executive roles with the Ford Motor Company, CDK Global, InfoSec, and MediaPRO, and is a frequent speaker at major events including RSA, Gartner, and SANS. She is a University of Michigan graduate (Go Blue!), and while she wasn’t born in Austin, Texas, she got there as fast as she could.

  • speaker photo
    Larry Wilson
    CISO, Worcester Polytechnic Institute

    Larry Wilson is a senior consultant and was formerly the Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Larry Wilson
    CISO, Worcester Polytechnic Institute

    Larry Wilson is a senior consultant and was formerly the Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Esmond Kane
    CISO, Steward Health Care

    Prior to his role at Steward, Esmond was the Deputy CISO at Partners HealthCare, where he was responsible for the operational component of the "Lighthouse" program, a radical transformation in Partners approach to security and privacy risk management. Esmond spent 10 years helping to guide improvements in IT delivery and information security in Harvard University. Before working in Harvard, Esmond spent 10 years in several roles and industries including KPMG and BIDMC. In his spare time, Esmond likes to fret about spare time and annoy people who read bios.

  • speaker photo
    Toby Zimmerer
    Director, Cybersecurity Due Diligence, RSM US

    Toby Zimmerer is a Director of Cybersecurity Due Diligence in the Transaction Advisory Services Practice of RSM US, where he assists organizations with identifying and addressing the potential cybersecurity risks during mergers and acquisitions. He has over 22 years of professional experience developing information security strategies, designing information security programs, developing information security solutions and lead teams with deploying and operating information security programs. Toby has an MBA, a B.S. in Electrical Engineering, a CISSP certification, a CCSK from the Cloud Security Alliance and is a U.S. Navy veteran.

  • speaker photo
    Panel Discussion
  • speaker photo
    Tim Mackey
    Principal Security Strategist, Synopsys

    Tim Mackey is a principal security strategist within the Synopsys CyRC (Cybersecurity Research Center). He joined Synopsys as part of the Black Duck Software acquisition where he worked to bring integrated security scanning technology to Red Hat OpenShift and the Kubernetes container orchestration platforms. As a security strategist, Tim applies his skills in distributed systems engineering, mission critical engineering, performance monitoring, large-scale data center operations, and global data privacy regulations to customer problems. He takes the lessons learned from those activities and delivers talks globally at well-known events such as RSA, Black Hat, Open Source Summit, KubeCon, OSCON, DevSecCon, DevOpsCon, Red Hat Summit, and Interop. Tim is also an O'Reilly Media published author and has been covered in publications around the globe including USA Today, Fortune, NBC News, CNN, Forbes, Dark Reading, TEISS, InfoSecurity Magazine, and The Straits Times. Follow Tim at @TimInTech on Twitter and at mackeytim on LinkedIn.

  • speaker photo
    Panel Discussion
  • speaker photo
    Alexandra Panaretos
    Americas Lead for Secure Culture Activation, Ernst & Young LLP

    Alexandra is the Americas Cybersecurity Lead for Secure Culture Activation at Ernst & Young LLP. With a background in broadcasting and operational security, she specializes in secure communications and education, awareness program development, the psychology of social engineering, human-based risk mitigation, and behavior analytics. She has over 12 years of experience developing and implementing security awareness, communication, and education strategies in Fortune 50/100 companies and other global enterprises. In addition, she volunteers in her free time with local law enforcement agencies educating parents, community groups, and youth organizations on information security and social media safety.

  • speaker photo
    Larry Wilson
    CISO, Worcester Polytechnic Institute

    Larry Wilson is a senior consultant and was formerly the Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Invest in yourself

Join your InfoSec peers for high-quality, affordable training and collaboration. Sign up today!