googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, March 22, 2023
    7:30 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:30 am - 4:30 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    [PLUS Course] Developing a Ransomware Program Using the MITRE ATT&CK Framework: Part 1
    • session level icon
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am
    Location / Room: 104

    Ransomware is a type of malicious software, or malware, that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return. Ransomware attacks can cause costly disruptions to operations and the loss of critical information and data. You can unknowingly download Ransomware onto a computer by opening an email attachment, clicking an ad, following a link, or even visiting a website that’s embedded with malware.

    Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the frequency of attacks remains consistent. Since early 2018, the incidence of broad, indiscriminate Ransomware campaigns has declined, but losses from Ransomware attacks have increased significantly, according to complaints received by FBI case information. Although state and local governments have been particularly visible targets for Ransomware attacks, threat actors have also targeted health care organizations, industrial companies, and the transportation sector.

    This course helps organizations design, build, update, maintain a comprehensive Ransomware Program.

    Course Outline:

    Part 1: Ransomware Overview – The Current Threat Landscape

    • What is ransomware and how does it work?
    • How ransomware attacks have changed—from 2016 to today
    • Today’s ransomware attacks: big game hunting
    • Ransomware attacks against critical infrastructure
    • Ransomware and cyber insurance

    Part 2: Ransomware Attacks and the MITRE ATT&CK Framework  

    • Discuss ransomware attack stages (initial access, lateral movement, privilege escalation…)
    • Review the MITRE ATT&CK Framework (tactics, techniques, procedures)
    • Map ransomware attack stages to the MITRE Attack Framework

    Part 3:  Ransomware Controls Frameworks, Guides, and Best Practices   

    • NIST IR 8374: Cybersecurity Framework Profile for Ransomware Risk Management
    • CISA MS-ISAC Ransomware Guide
    • NIST SP 1800-25: Identifying and Protecting Assets Against Ransomware & Other Destructive Events
    • NIST SP 1800-26: Detecting and Responding to Ransomware & Other Destructive Events
    • NIST SP 1800-11: Recovering from Ransomware & Other Destructive Events

    Part 4:  Building a Ransomware Program Based on the NIST Risk Management   

    • Step 1: Prepare – Essential activities to prepare the organization for a ransomware attack
    • Step 2: Categorize– Architect, design, organize critical systems, information, and security tools
    • Step 3: Select – Choose the ransomware controls (i.e., CISA_MS-ISAC Ransomware Guide)
    • Step 4: Implement – Using security tools / sensors to apply ransomware controls to critical assets
    • Step 5: Assess – Determine if controls are in place, operating as intended, producing desired results
    • Step 6: Authorize – Communicate ransomware program / assessment with executive management
    • Step 7: Monitor – Continuously monitor
    7:30 am
    [PLUS Course] Operationalizing Privacy Laws into Your Organization: Part 1
    • session level icon
    An Overview of US and Global Privacy Laws
    speaker photo
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am
    Location / Room: 105

    This SecureWorld PLUS course will focus on key privacy laws and concepts, and how to implement privacy into your organization. The main components that the course will cover include:

    1. Overview of US and Global Privacy Laws
    2. Building an Effective and Practical Privacy and Security compliance program
    3. Creating a process to respond to data subject rights
    4. Addressing key privacy concepts: data minimization, privacy by design, data protection impact assessments, responding to privacy breaches.

    Increasingly, each country, and even each state, is providing unique legal solutions to data privacy and information security. For businesses that cross borders, both national and domestic, this creates distinct challenges to building effective solutions that address legal requirements while also allowing a business to innovate and evolve. These changing privacy, security and technology requirements are impacting the growth and innovation within companies, requiring strategic decisions regarding risk, legal liability, and strategic planning.

    Often, understanding the requirements of the law, and translating those requirements into technological solutions can be challenging. However, companies that are operationalizing privacy and information security within their organizations are able to address these evolving legal requirements while balancing growth and new opportunities. This workshop will provide in-depth understanding of those legal requirements, and provide a framework to help the industry incorporate privacy and security within their operations so that the law can work hand-in-hand with the business, and not become a barrier for the businesses growth and evolution.

    The course will include both lecture and hands-on exercises. The goal is for attendees to take away tools and strategies to bring this conversation to their teams and departments.

    Session 1 of the course will start with an overview of general privacy and security legal and policy principles, and then will focus on the key laws and regulatory decisions that are pushing the privacy and security legal landscape, including the European Union’s General Data Protection Regulation (“GDPR”), the Federal Trade Commission (“FTC”) rules and regulations, the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), and the various U.S. state privacy laws. Using these laws, we will discuss case studies, and how to communicate, plan, and strategize on products and solutions that
    incorporate privacy and security requirements.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 4:30 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    Advisory Council Roundtable Breakfast – (VIP / Invite only)
    • session level icon
    speaker photo
    Sr. Vice President, Information Security, Semrush
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:50 am
    Location / Room: 101

    This roundtable discussion is for our Advisory Council members only.

    8:00 am
    Not Another Boring Cybersecurity Tabletop Exercise
    • session level icon
    Military Cyber Professionals Association
    speaker photo
    Director, Cybersecurity Architecture, Draper Labs; Colonel, U.S. Army Reserve; President, New England Chapter, MCPA
    speaker photo
    CIO, Draper Labs; Colonel, U.S. Army National Guard; VP, New England Chapter, MCPA
    speaker photo
    Cybersecurity Advisor to Rhode Island, DHS CISA; Colonel (Retired), Rhode Island Army National Guard
    speaker photo
    CISO and Senior Director, Boom Supersonic
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:50 am
    Location / Room: Keynote Theater

    Your cybersecurity plans, policies, and procedures are only as good as your ability to utilize them in response to a cyber event. Join us for a brief but insightful tabletop exercise discussion. In this session, we will discuss how to move beyond what you think a tabletop can be. Facilitated and sponsored by the New England Chapter of the Military Cyber Professional Association. 

    8:00 am
    Cybermation Quiz: How Does Your Information Security Knowledge Stack Up?
    • session level icon
    speaker photo
    CISO, Cyber Guide LLC
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:50 am
    Location / Room: 107

    Session description coming soon.

    8:00 am
    ISSA New England Chapter Meeting
    • session level icon
    For members and potential new members
    speaker photo
    Sr. Principal, Security Risk Management, Verizon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:50 am
    Location / Room: 111

    Session description coming soon.

    9:00 am
    [Opening Keynote] Lessons Learned from a Day in Ukraine
    • session level icon
    speaker photo
    CISO, Afiniti
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    Location / Room: Keynote Theater
    Cybersecurity expert and good Samaritan Andrew Smeaton shares his personal and professional story that started from sitting on a beach in Cancun with a cocktail drink in hand to driving into Ukraine to save a colleague and his family from an active war zone. One year later, he will reflect on his lessons learned in crisis management, preparation, and how his career led to a once in a lifetime humanitarian mission.
    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:15 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    10:15 am
    In SOC We Trust?
    • session level icon
    speaker photo
    CISO, Sonesta Hotels
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am
    Location / Room: 110

    Session description to come.

    10:15 am
    AppSec Nirvana
    • session level icon
    speaker photo
    Director of Application Security, GoodLeap LLC
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am
    Location / Room: 107

    Session description coming soon.

    10:15 am
    Deriving Insight from Threat Actor Infrastructure
    • session level icon
    speaker photo
    Sr. Security Engineer, Team Cymru
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am
    Location / Room: 108

    From proactively hunting for unknown attacker infrastructure, to placing the exploitation of vulnerabilities on a timeline often obscured by large spikes in activity, this talk will explore ways in which we can enrich our understanding of the threat landscape beyond that which is shared in threat feeds and reports.

    10:15 am
    Get Ready 'Cause Here It Comes: Preparing for the Looming PCI 4.0 Compliance Deadline
    • session level icon
    speaker photo
    Director of Governance & Compliance, Risk Advisory Services, AccessIT Group
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am
    Location / Room: 109

    With the release of PCI 4.0, the clock has started ticking for companies and service providers that must be PCI compliant to transition to the new framework. With the compliance deadline less than two years off, now is the time to “get ready” and close the gaps for standards you’re not currently meeting.

    Join this session to learn about:

    • The key changes in the recent PCI 4.0 update and what your organization needs to do to prepare
    • How to leverage compliance to help your organization become more secure.
    11:10 am
    Leveraging Your Organization’s ERM Program to Improve Your Cyber Program
    • session level icon
    speaker photo
    Information Security Officer, Blue Cross & Blue Shield of Rhode Island
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am
    Location / Room: 110

    Cybersecurity is a top risk for most, if not all organizations. This session will discuss how active participation in your organization’s Enterprise Risk Management program can lead to a data-driven approach to track and demonstrate improvement of your cyber program with the added benefit of opening it up to new audiences within your organization. We will discuss the process that we follow to create and then update our risk metrics on an annual basis and how over time this has led to data that demonstrates program maturity and adaptation to the changing risk landscape. Finally, we will touch on the greater ERM program and how alignment with it can be a win-win for both teams as each program matures.

    11:10 am
    Cybersecurity: Education and Career Pathways
    • session level icon
    speaker photo
    Founder and Director, Master of Science in Cybersecurity Policy & Governance Program, Boston College
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am
    Location / Room: 108

    Session description coming soon.

    11:10 am
    [Panel] There's a Bad Moon on the Rise – Are You Ready?
    • session level icon
    Identifying the Current Threat Landscape
    speaker photo
    Senior Solutions Engineer, Zimperium
    speaker photo
    Sr. Solution Architect, Cymulate
    speaker photo
    Principal Global Security Strategist, Okta
    speaker photo
    Managing Director, Digital Investigations & Discovery, J.S. Held
    speaker photo
    VP, Product Strategy, Netwrix
    speaker photo
    Healthcare Information Security Officer, Healthcare Organization
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am
    Location / Room: 103

    Like the main character in the 1981 horror movie, An American Werewolf in London, cybercriminals continue to morph into something evil, lurking in the night (and day) to cause harm to people, organizations, and governments. Cue the Creedence Clearwater Revival song, Bad Moon Rising.

    The cybersecurity community is smart and more than capable of thwarting bad actors, fangs and all. They have tools, technologies, partnerships across private and public entities, and solution vendors to help them along the way. Don’t forget about the consultants working hard to stay ahead of those wanting to do harm, as well.

    Hear our panelists’ views on the current threat landscape, solutions they have to offer, and ideas they have for turning a bad moon into a harvest moon.

    11:10 am
    What Does It Mean to Have a Modern Security Strategy for Securing Data in the Cloud?
    • session level icon
    speaker photo
    VP, Product Management, Lookout
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am
    Location / Room: 109

    Session description coming soon.

    12:00 pm
    [Lunch Keynote] That Moment When You Realize There Is Nowhere Left to Hide
    • session level icon
    speaker photo
    CISO and Senior Director, Boom Supersonic
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm
    Location / Room: Keynote Theater
    We’ve connected everything, everywhere, all the time, so how DO we more efficiently interact with a digital realm that continually measures our pulse in the real world? Let’s talk about some attack vectors that I’ve spent the last few years researching and helping others work on. And then let’s talk about what we CAN do about things. You’ll never look at your lights the same way again.
    12:00 pm
    Advisory Council Roundtable Lunch (VIP / Invite Only)
    • session level icon
    Sponsored by Skybox Security
    speaker photo
    Director, North America Systems Engineering, Skybox Security
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 12:45 pm
    Location / Room: 101

    Discussion Topic — Finding Cyber Risk Blind Spots: When ‘Good Enough’ Isn’t

    In today’s complex interweaving of environments, understanding the risks that affect critical business flows is growing more difficult than ever. Today’s cyber leaders face threats within and without, benign and malignant, and still need to move at the speed of business. In this talk, we will explore the challenges in identifying and quantifying cyber risk, the impact of an incomplete risk assessment, and possible mitigation approaches.

    Sponsored by:

    12:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:45 pm - 1:15 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    1:15 pm
    Principle-Based Leadership: Consistently Developing and Retaining High-Performing Talent
    • session level icon
    speaker photo
    VP, Global Security & Privacy, SharkNinja
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:15 pm
    Location / Room: 110
    Defining and communicating leadership principles enables leaders to achieve results in a dynamic cybersecurity world. Setting expectations for how a team operates creates a baseline for operating performance, defines team values, and holds team members accountable for results. In this session, we will discuss how leaders can define their team principles, deliver results, and retain top performing talent.
    1:15 pm
    [Panel] Hitting the Right Note with Your Network Security
    • session level icon
    Developing an Incident Response Plan
    speaker photo
    Sr. Product Manager – Email Threat Protection, OpenText Cybersecurity
    speaker photo
    Lead Cybersecurity Consultant, Risk Advisory Services, AccessIT Group
    speaker photo
    Head of Engineering, East US, Check Point Software Technologies
    speaker photo
    Channel Sales Engineer, LogRhythm
    speaker photo
    CISO, Advent International
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 102

    A new attack vector (or two or eight) is identified daily, and who knows what is coming down the pike from those with nefarious intentions. How do cybersecurity professionals keep up and strike the right note in their symphony of defenses? Cybersecurity teams must have solid Incident Response (IR) plans in place to mitigate these attacks.

    Our panel of experts reveals the instruments—tools, technologies, and systems—they have to offer so that cybersecurity band members are all playing the same tune on behalf of their organizations. They’ll identify current threats and solutions for each so public and private entities have an IR plan that balances defense and offense, creating a beautiful song.

    1:15 pm
    The Purpose of Endpoint Security: Stopping Cyber Threats or Making You Feel Good?
    • session level icon
    speaker photo
    Cyber Hero, ThreatLocker
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 109

    The plethora of security vendors operating in today’s marketplace can be overwhelming. With so many options, it’s easy to be distracted with the latest, greatest, shiny tool. Join Chad Maskill for a deep dive into the purpose of cybersecurity and how you can use that to your operational advantage today.

    1:15 pm
    Zero Trust, with Zero Exceptions
    • session level icon
    speaker photo
    Systems Engineer, Palo Alto Networks
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 108

    Our perception of work has now evolved from a place we go to an activity we can do anywhere. This shift in perception has also given us a glimpse of the future of work, with agencies of all sizes adopting a cloud-first approach for greater flexibility, scalability and resiliency to support their hybrid workforces. However, legacy approaches and existing ZTNA 1.0 solutions aren’t aligned to these new business needs and fail to adequately secure today’s work-from-anywhere users and direct-to-app architectures.

    Discussion topics will include:

    • How our environment has changed and why ZTNA 1.0 falls short in securing today’s hybrid workforces
    • Core tenants of ZTNA 2.0 and how they solve today’s security challenges
    • Key use cases to help you get started on your ZTNA 2.0 journey
    2:15 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 2:30 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    2:30 pm
    Measuring Your Risk Management
    • session level icon
    speaker photo
    CISO, Monotype
    Registration Level:
    • session level iconConference Pass
    2:30 pm - 3:15 pm
    Location / Room: 107

    Regardless of how well you assess risk, it is import to know if the controls you put into place are working as designed. This talk will discuss how to measure the controls used to mitigate risk in a way that informs not only on if the controls are being effective in managing business risk, but also to ensure that they’re not having a negative impact. The creation of visual representations for the effective reporting of metrics will also be discussed. The example metrics used in my presentation are all currently in use in my organization.

    2:30 pm
    Maximizing Cloud Security Posture Management for Enhanced Protection
    • session level icon
    speaker photo
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
    Registration Level:
    • session level iconConference Pass
    2:30 pm - 3:15 pm
    Location / Room: 110

    Cloud-based environments have become a staple in modern organizations, offering increased flexibility and scalability for business operations. However, as more sensitive data and critical processes are moved to the cloud, ensuring the security and integrity of these assets becomes increasingly important. In this presentation, we will discuss the key considerations and best practices for implementing a comprehensive cloud security posture management strategy. Through a combination of technical controls, governance frameworks, and ongoing monitoring, organizations can maximize their protection against potential threats and vulnerabilities in the cloud. Attendees will leave with a deeper understanding of the tools and techniques available for managing and securing their cloud environments, as well as practical tips for implementing a successful cloud security posture management program.

    2:30 pm
    How to Build an Insider Threat Program
    • session level icon
    speaker photo
    Director, Product Marketing, Exabeam
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 3:15 pm
    Location / Room: 108

    Sometimes just having a SOC isn’t enough to address insider threat issues. Security operations teams are managing massive amounts of data across billions of events from on premises to the cloud. Looking for specific needles like insider threats in this complex haystack has special requirements that encompass both searching historic data and seeing evolving credential behavior changes as they happen.

    Whether from downsizing or expanding the business, employees, vendors, contractors, and more are moving in and out of your environment. And often, it is during turbulent times that insider threats go unobserved as everything  changes so quickly. Insider threat initiatives require a new, more focused approach.

    This presentation will explore:

    • The common scenarios that indicate you need an insider threat team, how to build a mission statement, and tools
    • Four attributes of a successful insider threat program
    • How behavioral analytics baseline “normal” behavior of users and devices—showing risk faster
    • An automated investigation experience that replaces manual routines and effectively guides new insider threat teams
    2:30 pm
    Is More Security Really Better Security? When Is Enough Really Enough?
    • session level icon
    speaker photo
    Cybersecurity Architect, Instructor, and Evangelist, Atlantic Data Security
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 3:15 pm
    Location / Room: 109

    While there may be a cybersecurity talent shortage, there is no shortage of [good] cybersecurity products and solutions. It seems, however, as though for every addition to the threat landscape there are multiple new defenses.  While less isn’t always more, it is vital to make sure we’re not adding unnecessary complexity to an already overwhelming stack.

    Join us as we explore ideas to help ensure your organization is making the right choices to truly improve security—not just add to the list of logos.  We’ll discuss how to get actionable intelligence (some of it free) that helps you properly direct resources in the best direction, increase your security posture, and not overwhelm you and your teams.

    3:15 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 3:45 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    3:15 pm
    Happy Hour
    • session level icon
    Sponsored by Atlantic Data Security
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 5:30 pm
    Location / Room: Exhibitor Hall

    Join your peers for complimentary hors d’oeuvres, beverages, and conversation following the first day of SecureWorld. This is a great opportunity to network with other security professionals from the area, and to discuss the hot topics from the day.

    Generously sponsored by:

    3:45 pm
    How to Win the InfoSec Budget Game
    • session level icon
    speaker photo
    CISO & Data Privacy Officer, Emburse
    Registration Level:
    • session level iconConference Pass
    3:45 pm - 4:30 pm
    Location / Room: 107
    If you are approved for the spend, does this mean we will not get breached? How do you get the board’s ear, executive team’s blessing, and the funding for your program? Join Bill Bowman who will walk you though an approach that might just deliver you best budget yet.
    3:45 pm
    [Fireside Chat] Boston Cybercrime: The Latest Scams Impacting Your Bottom Line
    • session level icon
    speaker photo
    Network Intrusion Forensic Analyst, U.S. Secret Service & New England Cyber Fraud Task Force
    speaker photo
    Cyber Special Agent, Boston Field Office, United States Secret Service
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 4:30 pm
    Location / Room: 108
    3:45 pm
    Covering Your Cyber Assets
    • session level icon
    speaker photo
    Consultant, Cyber Risk Solutions Team, WTW
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 4:30 pm
    Location / Room: 110
    The cyber insurance market has gone through dramatic change over the past few years, with rapidly increasing rates and restricting coverages. Join a former CISO and cyber insurance underwriter to discuss the current market environment, where it may be going, and what you can do to improve your own coverages and pricing.
    3:45 pm
    [PLUS Course] Developing a Ransomware Program Using the MITRE ATT&CK Framework: Part 2
    • session level icon
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm
    Location / Room: 104

    Part 2: Ransomware Attacks and the MITRE ATT&CK Framework  

    • Discuss ransomware attack stages (initial access, lateral movement, privilege escalation…)
    • Review the MITRE ATT&CK Framework (tactics, techniques, procedures)
    • Map ransomware attack stages to the MITRE Attack Framework
    3:45 pm
    [PLUS Course] Operationalizing Privacy Laws into Your Organization: Part 2
    • session level icon
    Building an Effective and Practical Data Privacy and Information Security Program
    speaker photo
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm
    Location / Room: 105

    Session 2 will focus on the key components of an effective and practical data privacy and information security compliance program. This session will include an overview of key compliance documentation, including policies, procedures, and supporting documentation. We will discuss how to build a program that addresses the regulatory and legal requirements, while also balancing your business’ unique infrastructure and organization.

  • Thursday, March 23, 2023
    7:30 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:30 am - 4:30 pm
    Location / Room: Registration Desk / Lobby

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    [PLUS Course] Developing a Ransomware Program Using the MITRE ATT&CK Framework: Part 3
    • session level icon
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am
    Location / Room: 104

    Part 3:  Ransomware Controls Frameworks, Guides, and Best Practices   

    • NIST IR 8374: Cybersecurity Framework Profile for Ransomware Risk Management
    • CISA MS-ISAC Ransomware Guide
    • NIST SP 1800-25: Identifying and Protecting Assets Against Ransomware & Other Destructive Events
    • NIST SP 1800-26: Detecting and Responding to Ransomware & Other Destructive Events
    • NIST SP 1800-11: Recovering from Ransomware & Other Destructive Events
    7:30 am
    [PLUS Course] Operationalizing Privacy Laws into Your Organization: Part 3
    • session level icon
    Operationalizing Your Data Privacy and Information Security Program
    speaker photo
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am
    Location / Room: 105

    In Session 3 and 4, we will focus on operationalizing your Data Privacy and Information Security Program, making it actionable for the teams that will implement the requirements into the organization’s day-to-day operations. With hands-on exercises and discussion, these sessions will provide step-by-step approaches to implementing key areas of your Data Privacy and Information Security Program, including data subject rights, privacy breaches, data protection agreements, cross-border data transfers, data mapping, and data protection impact assessments.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 4:30 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    Advisory Council Roundtable Breakfast – (VIP / Invite only)
    • session level icon
    speaker photo
    CISO, Sonesta Hotels
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:50 am
    Location / Room: 101

    This roundtable discussion is for our Advisory Council members only.

    8:00 am
    CISO Fundamentals, for the Vendor
    • session level icon
    speaker photo
    Sr. Vice President, Information Security, Semrush
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:50 am
    Location / Room: 107

    Session description coming soon.

    8:00 am
    InfraGard Chapter Meeting [Open to all attendees]
    • session level icon
    2022 Threat Actor & Attack Trends and the Outlook for 2023
    speaker photo
    Managing Director, Cyber Risk Consulting, K Logix
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:50 am
    Location / Room: 103

    This session will dive into intelligence from Recorded Future’s threat research team on the top attack and attacker trends from 2022 including their use of dark web marketplaces and extortion sites, impact of software supply chain attacks, and the convergence of cyber and geopolitical events.

    8:00 am
    WiCys Chapter Meeting
    • session level icon
    Open to all attendees
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:50 am
    Location / Room: 102

    Session description coming soon.

    9:00 am
    [Opening Keynote] Threats to National Security in Cyberspace
    • session level icon
    speaker photo
    JIOC Commander, United States Cyber Command
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    Location / Room: Keynote Theater
    As 2022 was a record-breaking year with the volume of cyberattacks, data breaches, and phishing scams on the rise, there was also an increase in state-sponsored hacktivism cases. In her keynote, Col. Candice Frost covers known hacking groups, their methods, motivations, and relationship to greater geopolitical developments. Col. Frost covers state-affiliated threats, while also touching other adjacent realms of the cyberthreat ecosystem, such as ransomware, DDoS attacks, and stolen information. In addition, she covers critical infrastructure, election security, and the security of local and state governments.
    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:15 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    10:15 am
    Bored with Boards... but Wait!
    • session level icon
    speaker photo
    CISO, Steward Health Care
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am
    Location / Room: 107

    After repeated wake-up calls, Boards of Directors are under pressure to add cybersecurity skills to their responsibilities and be more accountable for cyber-risk. The SEC have even proposed new rules expected to force public companies to add skilled cybersecurity members to their boards, a tactic that worked 20 years ago for financial expertise. But can it work again?

    Board membership is not an arena typically open to CISOs, we’ve spent decades struggling to translate and communicate the risks behind digital transformation to the board – what does it mean if a CISO is also one of the Board members?

    • What you should know around board oversight – not all boards are created equal!
    • What organizations may look for in board members with a security background
    • What you can do to prepare now
    10:15 am
    Recalibrating Resiliency to Address Disruption at Scale
    • session level icon
    speaker photo
    Chief of Cybersecurity, CISA Region 1 (New England)
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am
    Location / Room: 110

    Risk, either positive or negative, is inherent to all business operations. As our operating environments interact, they evolve and become more complex, interdependent, and fragile. Threats proliferate, risk becomes ambiguous, and disruptions ripple outwards. This is the essence of the conditions we are experiencing today, and dynamic risk compounds due to the confluence of dependencies.

    CISA was formed to understand, assess, and reduce risk to cyber and physical infrastructure, yet we increasingly see that organizations are unprepared to manage dynamic risk at scale. If dynamic risk, threats, and disruptions are now the norm, what approaches are needed to recalibrate readiness and resiliency?

    10:15 am
    Managing Your Exposure
    • session level icon
    speaker photo
    Security Evangelist, Randori, an IBM Company
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am
    Location / Room: 109

    The Integration of Threat Intelligence, Attack Surface and Vulnerability Management into Threat Management Programs Threat management programs aiming to establish visibility, detection, investigation and response are becoming more complex as infrastructure and workforces expand and adapt. This not only makes threat management more challenging, but can also dramatically increase our exposure to attack. So how can we do a better job of proactively understanding and reducing the risks and exposures associated with this disparate environment, while simultaneously significantly reducing the stress on our threat management systems and teams?

    Join us to hear what we have learned from thousands of engagements in this developing field, which we are referring to as Exposure Management. This approach has the goal of helping organizations reduce risk and inefficiencies and get the most out of the tools, processes and people that they have. All while enabling the business to evolve and thrive.

    11:10 am
    Transforming Information Security for Businesses of All Sizes
    • session level icon
    speaker photo
    CTO, Center for Internet Security
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am
    Location / Room: 110

    In order to combat cyber threats for organizations of all sizes and the supply chain, how information security is delivered and managed requires transformation. The burden of securing systems and networks has long been placed on the end organization, resulting in a distributed management requirement that does not scale. Requirements placed on the end organization exacerbate the burden, whereas “shift left,” setting requirements on the vendor, can alleviate it. Industry has a unique opportunity to aid a positive transformation to better scale security for solutions, with an aim towards improving the overall security posture and reducing the security professional deficit. Innovation to deploy security following scalable architectural patterns for security management is paramount.

    11:10 am
    [Panel] Lucy in the Cloud with Diamonds
    • session level icon
    Securing Your Cloud Environment
    speaker photo
    Director, Office of Cybersecurity Strategy, Sysdig
    speaker photo
    Sr. Sales Engineer, Thales
    speaker photo
    Principal Solutions Engineer, Lacework
    speaker photo
    VP, CISO, Blue Cross & Blue Shield of Rhode Island
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am
    Location / Room: 103

    Can you “imagine” if The Beatles, when first starting out, had to deal with having their catalog of music hacked, stolen, and held for ransom simply because it was in an unsecure cloud setting? While it is possible for that to happen with their hit-laden collection of songs today, it’s merely a tiny example of how businesses operate at a minimum in a hybrid cloud environment—many in a cloud-only platform.

    With that comes security issues and another major area which cybersecurity professionals must work diligently to protect.

    Our panel of experts share the good, the bad, and the ugly of operating in a cloud environment, what it takes to make the move to hybrid or multi-cloud successful, how to protect data from insider and outsider threats, and what it takes to provide the support DevOps teams need.

    11:10 am
    Threat Intelligence: An Essential Part of Your Zero Trust Strategy
    • session level icon
    speaker photo
    Cybersecurity Specialist, Infoblox
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am
    Location / Room: 109

    Sophisticated cyber threats are more prevalent now than ever, and with the increased use of cloud-based web applications from multiple devices, the threats are even more pervasive. Enterprises must ensure that sensitive data is protected, and threats are mitigated accordingly. Our speaker will share insights on how Zero Trust can help to mitigate these threats and will:

    • Explore the benefits of Zero Trust, as well as the challenges to keep in mind
    • Discuss the key components of a successful Zero Trust architecture
    • Assess the benefits of DNS in establishing an effective Zero Trust system
    12:00 pm
    [Lunch Keynote] Cybersecurity Really Is a Team Sport
    • session level icon
    speaker photo
    Co-Chair, Data Privacy & Cybersecurity Practice, Spencer Fane LLP
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm
    Location / Room: Keynote Theater

    Why strategic leadership and an understanding of roles, personalities, and psychology is important for building and managing effective cybersecurity teams.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    speaker photo
    Director of Application Security, GoodLeap LLC
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 12:45 pm
    Location / Room: 101

    Moderated discussion for SecureWorld Advisory Council members. By invite only.

    12:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:45 pm - 1:15 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    1:15 pm
    Managing Supply Chain Risks
    • session level icon
    speaker photo
    CISO, Massachusetts Bay Transportation Authority (MBTA)
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:15 pm
    Location / Room: 110

    Session description coming soon.

    1:15 pm
    [Panel] I Can See Clearly Now, the Threats Are Gone
    • session level icon
    Threat Intelligence: The State of InfoSec Today
    speaker photo
    Director, Solutions Engineering and Alliances, Automox
    speaker photo
    Chief Operating Officer, Envision
    speaker photo
    Director of Security Solutions, HCH Enterprises
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 102

    Zero Trust is considered by many to be a marketing buzzword, but what it really alludes to is having good, basic cybersecurity hygiene. It’s what any cybersecurity professional worth their salt has been doing, and does, daily. Ransomware, phishing, and BEC grab the headlines, but your run-of-the-mill cyberattacks can’t be ignored because of the shiny new thing garnering all the attention.

    The CISO is like a musical conductor that must pay attention to all the resources at his or her disposal—be it people, tools, technologies, systems, and more. How is the organization handling security awareness training? What about staffing shortages affecting the organization, or even the vendors with which CISOs and their teams work?

    Join our expert panel as they provide insights and takeaways on the state of the information security profession today, including tips for seeing clearly and staying ahead of threats.

    1:15 pm
    How to Build an Effective Open Source Security Program
    • session level icon
    speaker photo
    Director of Product, Mend
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 108

    Session description coming soon.

    2:15 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 2:30 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    2:30 pm
    Build Better Controls Around Third-Party Risk
    • session level icon
    speaker photo
    CISO, Keck Medicine of USC
    Registration Level:
    • session level iconConference Pass
    2:30 pm - 3:15 pm
    Location / Room: 110

    Third-party risk refers to the potential risks that arise from the use of third-party vendors, suppliers, partners, or service providers who have access to an organization’s sensitive information, systems, or processes. What are the challenges and compounding risk around third parties? What are organizations doing today and how they can leverage automation to improve their program?

    2:30 pm
    Endpoint Security from the Ground Up
    • session level icon
    speaker photo
    Healthcare Information Security Officer, Healthcare Organization
    Registration Level:
    • session level iconConference Pass
    2:30 pm - 3:15 pm
    Location / Room: 108

    Session description coming soon.

    2:30 pm
    Debunking Common Myths About XDR
    • session level icon
    speaker photo
    Chief Cybersecurity Evangelist & Head of Technical Marketing, SentinelOne
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 3:15 pm
    Location / Room: 109

    There has been a tremendous buzz across the cybersecurity community about the emerging technology known as XDR (eXtended Detection & Response). Unfortunately for the practitioner, there has yet to be a single definition widely accepted by both analysts and vendors perporting to be knowledgeable on the subject. What is XDR and why should I consider the technology in my enterprise security stack? What should I expect from vendors who claim to have built the perfect mousetrap? What is reality, and what is just hype? This session will walk through some generally accepted value statements associated with XDR, while attempting to debunk a few common myths that continue to muddy the water for security teams.

    3:15 pm
    Networking Break and Dash for Prizes
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 3:45 pm
    Location / Room: Exhibitor Hall

    Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

    Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

    3:45 pm
    [Executive Panel] Making the Cybersecurity Music
    • session level icon
    speaker photo
    CISO, City of Boston
    speaker photo
    Director, Information Security & IT Governance, Digital Federal Credit Union
    speaker photo
    CISO, Steward Health Care
    speaker photo
    Sr. Principal, Security Risk Management, Verizon
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 4:30 pm
    Location / Room: 103

    Music, like technology, is pervasive. Virtually every facet of life has a musical accompaniment and an IT dimension. Copyright and piracy are one example where music and cybersecurity converge. How do you reconcile that discord into a harmonious cybersecurity conversation? For example, what do you do in your role as a cybersecurity leader conducting the orchestra of laws and regulations, education, policies, practices, and education?

    This discussion starts off with what song each panelist feels represents cybersecurity today and why. Other topic areas: how do you build a team, hire the right people, develop them, build bench strength, and keep them happy? Come with any questions that you would like to ask the panel.

    3:45 pm
    ISC(2) Eastern Massachusetts Chapter Meeting
    • session level icon
    Open to all attendees
    speaker photo
    Sr. Executive Service, Office of Private Sector (Retired), FBI
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 4:30 pm
    Location / Room: 108

    More details to come.

    3:45 pm
    CISO Breakfast Club / Happy Hour
    • session level icon
    speaker photo
    Founder and CEO, CyberSN and Secure Diversity
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 5:00 pm
    Location / Room: 111
    3:45 pm
    [PLUS Course] Developing a Ransomware Program Using the MITRE ATT&CK Framework: Part 4
    • session level icon
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm
    Location / Room: 104

    Part 4:  Building a Ransomware Program Based on the NIST Risk Management   

    • Step 1: Prepare – Essential activities to prepare the organization for a ransomware attack
    • Step 2: Categorize– Architect, design, organize critical systems, information, and security tools
    • Step 3: Select – Choose the ransomware controls (i.e., CISA_MS-ISAC Ransomware Guide)
    • Step 4: Implement – Using security tools / sensors to apply ransomware controls to critical assets
    • Step 5: Assess – Determine if controls are in place, operating as intended, producing desired results
    • Step 6: Authorize – Communicate ransomware program / assessment with executive management
    • Step 7: Monitor – Continuously monitor
    3:45 pm
    [PLUS Course] Operationalizing Privacy Laws into Your Organization: Part 4
    • session level icon
    Operationalizing Your Data Privacy and Information Security Program
    speaker photo
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm
    Location / Room: 105

    In Session 3 and 4, we will focus on operationalizing your Data Privacy and Information Security Program, making it actionable for the teams that will implement the requirements into the organization’s day-to-day operations. With hands-on exercises and discussion, these sessions will provide step-by-step approaches to implementing key areas of your Data Privacy and Information Security Program, including data subject rights, privacy breaches, data protection agreements, cross-border data transfers, data mapping, and data protection impact assessments.

Exhibitors
  • Absolute Software Inc.
    Booth: 299

    Absolute provides endpoint visibility and control to help self-healing endpoint security and always-connected IT asset management to protect devices, data, applications and users — on and off the corporate network.

    Bridging the gap between security and IT operations, only Absolute gives enterprises visibility they can act on to protect every endpoint, remediate vulnerabilities, and ensure compliance in the face of insider and external threats. Absolute’s patented Persistence technology is already embedded in the firmware of PC and mobile devices and trusted by over 12,000 customers worldwide.

    Headquartered in Vancouver, Canada, our regional headquarters are located in Austin, Texas, San Jose, California, Ho Chi Minh City, Vietnam and Reading, England.

  • AccessIT Group
    Booth: 400

    AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.

    AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.

  • Adaptive Shield
    Booth: 170

    Adaptive Shield, leader in SaaS Security, enables security teams to secure their entire SaaS stack through threat prevention, detection and response. With Adaptive Shield, organizations continuously manage and control all SaaS and 3rd-party connected apps, as well as govern all SaaS users and risks associated with their devices. Founded by Maor Bin and Jony Shlomoff, Adaptive Shield works with many Fortune 500 enterprises and has been named Gartner® Cool Vendor™ 2022. For more information, visit us at www.adaptive-shield.com or follow us on LinkedIn.

  • APCON
    Booth: 375

    APCON, an industry leader in network visibility and security solutions, provides an unparalleled level of confidence to enterprise and midsize businesses seeking network insights for enhanced investigation, threat detection and response. Our customers include Fortune 1000 companies to midsize organizations as well as government and defense agencies. Organizations in over 40 countries depend on APCON solutions.

  • ASIS
    Booth: 280

    ASIS International is the world’s largest membership association for security professionals. With hundreds of chapters across the globe, ASIS is recognized as the premier source for learning, networking, standards, and research. ASIS ensures its members and the security community have access to the intelligence and resources necessary to protect their people, property, and information assets. www.asisonline.org

  • Atlantic Data Security
    Booth: 420

    Since 1993, Atlantic has been representing industry leading security products to help get customers to an acceptable level of IT security risk. Atlantic works extensively with both large enterprises and SMB markets, understanding their business goals before any solution is recommended. Atlantic’s strict focus ensures that customers receive the highest level of both service and support.

  • Automox
    Booth: 400

    Automox tackles one of today’s biggest cybersecurity challenges: misconfigured and out-of-date systems that can easily be exploited. Legacy tools simply cannot remediate known vulnerabilities as efficiently as modern IT demands. Automox is rewriting those rules with a cloud-native endpoint hardening platform that delivers unprecedented speed, simplicity, and automation—whether it is on-prem, in the cloud, or on the move.

  • BitSight
    Booth: 420

    BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog, or follow @BitSight on X.

  • BlackBerry Corporation
    Booth: 400

    BlackBerry Cybersecurity is a leader in endpoint security, endpoint management, encryption, and embedded systems, protecting enterprises and governments around the world. Our end-to-end approach is deeply rooted in Cylance® AI and machine learning, providing continuous preventative protection, detection, and instant response. We extend protection for your organization against current and future cyberthreats by combining network and endpoint telemetry and by delivering innovative solutions in the areas of cybersecurity, safety, and data privacy.

  • Check Point Software Technologies
    Booth: 400

    Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • Cloudflare
    Booth: 395

    Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company. It empowers organizations to make their employees, applications, and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.

    Powered by one of the world’s largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations—from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.

    Learn more about Cloudflare’s connectivity cloud at cloudflare.com/connectivity-cloud. Learn more about the latest internet trends and insights at radar.cloudflare.com.

  • ColorTokens
    Booth: 420

    ColorTokens simplifies, accelerates and automates your security operations with our award- winning Xtended ZeroTrust PlatformTM. With us, your business is resilient to cyber threats, each critical asset completely secure, assured against any misadventure from anywhere. Our ColorTokens unique Zero Trust approach gives you the comfort and confidence of fully protected cloud workloads, dynamic applications, endpoints and users.

  • CREST
    Booth: 240

    CREST is an international not-for-profit accreditation and certification body that represents and supports the technical information security market. CREST provides internationally recognised accreditations for organisations and professional level certifications for individuals providing penetration testing, cyber incident response, threat intelligence, and Security Operations Centre (SOC) services.

  • Critical Start
    Booth: 445

    Critical Start Managed Cyber Risk Reduction solutions deliver continuous security cyber risk monitoring and mitigation enabling strong protection against threats. Combined with a team of expert risk mitigators, our platform provides maturity assessments, posture and event analytics, response capabilities, comprehensive threat intelligence, and security workload management capabilities. We help you achieve the highest level of cyber risk reduction for every dollar invested, leading to increased confidence in reaching your desired level of security posture.

  • CrowdStrike
    Booth: 265

    CrowdStrike sets the standard for cybersecurity in the cloud era. The CrowdStrike Falcon® platform protects and enables the people, processes, and technologies that drive modern enterprise, delivering superior protection, better performance, reduced complexity, and immediate time-to-value. CrowdStrike secures the most critical areas of enterprise risk—endpoints and cloud workloads, identity, and data—to keep organizations ahead of today’s adversaries and stop breaches.

  • Cymulate
    Booth: 465

    Cymulate SaaS-based continuous security validation makes it simple to measure and improve your security posture across the full attack kill-chain. Every assessment is scored and includes actionable remediation guidance to mitigate risk and optimize security control effectiveness. Cymulate enables you to take data-driven decisions and manage your security resources efficiently.

  • Data Theorem
    Booth: 475

    Data Theorem is a leading provider of modern application security. Its core mission is to analyze and secure any modern application anytime, anywhere. The Data Theorem Analyzer Engine continuously scans APIs and mobile applications in search of security flaws and data privacy gaps. Data Theorem products help organizations build safer applications that maximize data security and brand protection. Data Theorem is headquartered in Palo Alto, Calif., with offices in New York, Paris, France, and Bangalore, India.

  • DeleteMe
    Booth: 190

    DeleteMe reduces business risk from threats such as social engineering, doxxing, and online harassment by continuously removing executive and employee personal data from online sources. With 35+ million individual pieces of personal data removed since 2010, DeleteMe is the trusted privacy partner to some of the world’s most recognizable brands. Personal data is dangerous. Delete it.

  • Endace
    Booth: 220

    Customers choose Endace products for one primary reason: they deliver, where competitor products fail. Whether it is capture accuracy, fidelity of time stamps, write-to-disk performance or speed of traffic retrieval, Endace is famous for delivering the very best performing products. Telcos, broadcasters, governments, defence departments, investment banks and many other large enterprises trust our products to help them manage their critical data networks.

  • Envision Technology Advisors
    Booth: 350

    Envision Technology Advisors is a business and technology consultancy specializing in Digital Transformation, Cybersecurity, Business Continuity, Infrastructure Consulting, Web Design and Development, and much more. With offices in Rhode Island and the Boston area, Envision serves clients throughout New England and beyond.

  • eSentire, Inc
    Booth: 230

    eSentire is the largest pure-play Managed Detection and Response (MDR) service provider, keeping organizations safe from constantly evolving cyber-attacks that technology alone cannot prevent. Its 24×7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business-disrupting events. Protecting more than $6 trillion in corporate assets, eSentire absorbs the complexity of cybersecurity, delivering enterprise-grade protection and the ability to comply with growing regulatory requirements. For more information, visit www.eSentire.com and follow @eSentire on Twitter.

  • Exabeam
    Booth: 520

    Exabeam is a global cybersecurity leader that adds intelligence to every IT and security stack. The leader in Next-gen SIEM and XDR, Exabeam is reinventing the way security teams use analytics and automation to solve Threat Detection, Investigation, and Response (TDIR), from common security threats to the most critical that are difficult to identify. Exabeam offers a comprehensive cloud-delivered solution that leverages machine learning and automation using a prescriptive, outcomes-based approach to TDIR. We design and build products to help security teams detect external threats, compromised users and malicious adversaries, minimize false positives and best protect their organizations.

  • Expel
    Booth: 400

    Expel provides transparent managed security, on-prem and in the cloud. It’s the antidote for companies trapped in failed relationships with their managed security service provider (MSSP) and those looking to avoid the frustration of working with one in the first place. To learn more, go to https://www.expel.io.

  • Fastly
    Booth: 420

    Expectations for websites and apps are at an all-time high. If they aren’t fast, secure, and highly personalized, users take their business elsewhere. But today’s most innovative companies are thriving by meeting this challenge head on: they’re choosing Fastly and an investment in their developers.

    With Fastly’s powerful edge cloud platform, developers get the tools they need to build the most groundbreaking apps — all optimized for speed, security, and scale — so businesses can effectively transform to compete in today’s markets. Together, we’re building the future of the web.

  • Forcepoint
    Booth: 420

    Forcepoint is transforming cybersecurity by focusing on what matters most: people’s behavior as they interact with critical data and systems. Forcepoint behavior-based solutions adapt to risk in real time and are delivered via a converged security platform, protecting the human point for thousands of enterprise and government customers. Our solutions include Cloud Security, Network Security, Data & Insider Threat Security.

  • ForeScout Technologies, Inc.
    Booth: 400

    ForeScout Technologies, Inc. has pioneered an agentless approach to network security to address the explosive growth of the Internet of Things (IoT), cloud computing and operational technologies (OT). We offer a highly scalable, heterogeneous platform that provides Global 2000 enterprises and government agencies with agentless visibility and control of today’s vast array of physical and virtual devices the instant they connect to the network. Our technology continuously assesses, remediates and monitors devices and works with disparate security tools to help accelerate incident response, break down silos, automate workflows and optimize existing investments. As of June 30, 2018, more than 2,900 customers in over 80 countries improve their network security and compliance posture with ForeScout solutions.

  • ForgeRock / Ping Identity
    Booth: 385

    ForgeRock is a global leader in digital identity that delivers modern and comprehensive identity and access management solutions for consumers, employees, and things to simply and safely access the connected world. Using ForgeRock, more than 1,300 global customer organizations orchestrate, manage, and secure the complete lifecycle of identities from dynamic access controls, governance, APIs, and storing authoritative data—consumable in any cloud or hybrid environment. The company is headquartered in San Francisco, California, with offices around the world.

    For more information and free downloads, visit www.forgerock.com or follow ForgeRock on social media.

  • Gigamon
    Booth: 320

    Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com. 

  • Halcyon, Inc
    Booth: 110

    Halcyon is a cybersecurity company building products that stop ransomware from impacting enterprise customers. Halcyon’s core platform offers layered ransomware protection that combines pre-execution detection, behavioral modeling, deception techniques and, if all else fails, resiliency, recovery and isolation of impacted nodes. To learn more and get a demo, contact us today.

  • HUB Tech
    Booth: 160

    HUB Tech partners with its clients becoming part of their support team. We work beside you to ensure you have a strategy that allows you to transform your Information infrastructure to keep up with the needs of your organization and your users. We have developed proprietary tools and strategies that have enabled us to lower cost and increase the quality of service to our client base, especially to state agencies, municipalities and school districts, where cost is a deciding factor in everyday decision making.

    Our mission is simple – to take full ownership for all that we do, to protect those who trust in us, and to make lifelong clients from every customer contact.

  • Infoblox
    Booth: 580

    Infoblox delivers modern, cloud-first networking and security experiences that are simple, automated, scalable and reliable. The company is the market leader with over 12,000 customers worldwide, including over 70 percent of the Fortune 500. The company’s portfolio of SaaS, data center, and hybrid offerings for DHCP, DNS, IPAM and security solutions enable organizations to leverage the advantages of on-premises and cloud-first architectures. The combination of NIOS, BloxOne DDI, BloxOne Threat Defense and threat intelligence services provide a robust foundation for connecting and securing the modern enterprise.

  • InfraGard Boston
    Booth: 180

    InfraGard is a United States government (FBI) and private sector alliance. InfraGard Boston was developed by the Boston FBI office in 1998 to promote protection of critical information systems. InfraGard provides formal and informal channels for the exchange of information about infrastructure threats and vulnerabilities. The purpose of the synergistic exchange is to allow members to better protect themselves and their corporate interests while enhancing the ability of the United States government to provide national security.

  • IOvations
    Booth: 295

    IOvations, founded in 2006, is a value added reseller focused on protecting the data, infrastructure and applications of our customers through a combination of services and products that extend to the end point, traditional network and cloud environment.  Some of the things that make us unique include multiple industry awards, a long history of working with clients who appreciate how easy we are to work with, and our strong engineering expertise providing value and thought leadership.

  • IronVest, Inc
    Booth: 100

    IronVest is a 360º employee protection platform that protects companies from any kind of account takeover that leads to systems and data compromise. The IronVest solutions include InboxGuard, a multi-layer anti-phishing solution that combines digital security awareness training and real-time inbox alerts. IronVest AccessGuard leverages biometric account access protection to ensure only authorized users can access any digital account or enterprise system. The zero-integration, browser-based solution provides a holistic account access protection solution for companies of all sizes.

  • ISACA New England Chapter
    Booth: 210

    The New England Chapter of ISACA® was founded in 1976. From the modest beginnings of its first meeting—which was held at Valle’s Steak House on Route 9 in Newton, Massachusetts—the chapter has grown to over 2000 members across four states (MA, NH, ME, VT).

    The primary objective of the New England Chapter  is to provide quality Information Systems audit and security-related education to support its members and their professional certifications.

  • ISC2 Eastern Massachusetts
    Booth: 470

    Advancing Information Security One Community at a Time
    As anyone seriously involved in the information security profession can attest, peer networking is an invaluable resource. ISC2 Eastern Massachusetts Chapter provide members with the opportunity to build a local network of peers to share knowledge, exchange resources, collaborate on projects, and create new ways to earn CPE credits!

  • ISC2 Maine Chapter
    Booth: 470

    The ISC2 Maine Chapter is a professional association authorized by the ISC2 the World’s Leading Cybersecurity Professional Organization created by ISC2 members and information security professionals living and working in Maine.

    The ISC2 Maine Chapter is dedicated to providing education and regular meetings to help information security professionals in Maine. Our chapter benefits from a diverse membership that works in various organizations across important sectors such as healthcare, financial services, national defense, government, service providers, and many more.

  • ISSA New England
    Booth: 140

    The Information Systems Security Association (ISSA) is an international organization providing educational forums, publications, and peer interaction opportunities that enhance the knowledge, skills, and professional growth of its members’ information security professionals. The primary goal of ISSA is to promote management practices that will ensure availability, integrity, and confidentiality of organizational resources.

    Since its inception in 1982, ISSA’s membership has grown to include more than 100 chapters around the world with members who represent a diverse collection of organizations, including major U.S. and international corporations, leading consulting firms, world-class educational institutions, and government agencies. From EDP audit and corporate security to contingency planning and disaster recovery, ISSA members are committed to protecting their organizations’ assets and resources.

    Visit the National Headquarter’s website at www.issa.org.

  • J.S. Held
    Booth: 460

    J.S. Held is a global consulting firm providing technical, scientific, and financial expertise across all assets and value at risk. Our professionals serve as trusted advisors to organizations facing high-stakes events demanding urgent attention, staunch integrity, clear-cut analysis, and an understanding of both tangible and intangible assets.

    The firm provides a comprehensive suite of services, products, and data that enable clients to navigate complex, contentious, and often catastrophic situations.

  • K Logix
    Booth: 120

    K logix is the leading information security company. We provide security consulting, technology solutions, and integration services to enterprise companies. Our experienced team and our established process help enterprise customers make confident security decisions that impact their business goals.

  • Keysight
    Booth: 370

    Keysight’s portfolio of network security solutions simulate threats, eliminate blind spots, taking control of a rapidly-changing attack surface. Be a hero, not a headline, by proving your network is secure simulating attacks, exposing gaps early, and course correct with step-by-step fixes; protecting users and applications with increased the efficiency, performance, and reliability of your security systems;  patrolling every packet eliminating vulnerable blind spots and decrypt threats hiding in SSL traffic; and practice your cyber skills enhancing your security and attack response skills against real-world threats.

  • Kintent
    Booth: 380

    Kintent’s Trust Cloud makes it effortless to respond to security questionnaires, confidently share your security and compliance program with customers, and complete compliance certifications by automating your program with APIs, using AI to reduce manual work, and testing your controls and policies to achieve continuous compliance and earn trust

  • Lacework
    Booth: 305

    Lacework automates security across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), providing a comprehensive view of risks across cloud workloads and containers. Lacework’s unified cloud security platform provides unprecedented visibility, automates intrusion detection, delivers one-click investigation, and simplifies cloud compliance.

  • LogRhythm
    Booth: 255

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • Lookout
    Booth: 310

    Lookout is a cybersecurity company that makes it possible for individuals and enterprises to be both mobile and secure. With 100 million mobile sensors fueling a dataset of virtually all the mobile code in the world, the Lookout Security Cloud can identify connections that would otherwise go unseen—predicting and stopping mobile attacks before they do harm.

  • Mend
    Booth: 205

    Mend, formerly known as WhiteSource, is the application security provider of choice for six out of 10 of the world’s most demanding software developers. With Mend, organizations can resolve the application security challenges that pain developers and security teams alike, so they can deliver secure software, faster. Mend secures all aspects of software, providing automated remediation from problem to solution versus only detection and suggested fixes. With more than 1,000 customers, Mend helps enterprises like Microsoft, IBM, and Comcast to improve their application security outcomes. For more information, visit www.mend.io.

  • Netwrix
    Booth: 225

    Netwrix makes data security easy. Since 2006, Netwrix solutions have been simplifying the lives of security professionals by enabling them to identify and protect sensitive data to reduce the risk of a breach, and to detect, respond to and recover from attacks, limiting their impact.
    More than 13,000 organizations worldwide rely on Netwrix solutions to strengthen their security and compliance posture across all three primary attack vectors: data, identity and infrastructure.

  • New England Chapter, Military Cyber Professionals Association (MCPA)
    Booth: 115

    The New England Chapter leads MCPA efforts across the states of that region. We have periodic events planned that provide truly world-class networking and learning for anyone in the broader military cyber community of interest since we have a number of military cyber units and other important organizations in our footprint. We invite you to join us while you’re in town! Find details on the member-only intranet. The Chapter President is Colonel Richard Berthao.

  • New England Cyber Fraud Task Force (NECFTF)
    Booth: 260

    The NECFTF is composed of officials from state and local law enforcement throughout Massachusetts, New Hampshire, Rhode Island, Vermont and Maine and is charged with preventing, detecting and mitigating complex cyber-crime threatening payment systems and critical infrastructure. The five task force officers represent the Concord Police Department, the Grafton County Sheriff’s Office, the Manchester Police Department and the Nashua Police Department.

  • Okta
    Booth: 550

    Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.

  • OpenText Cybersecurity
    Booth: 300

    OpenText Cybersecurity provides comprehensive security solutions for companies and partners of all sizes. From prevention to detection and response, to recovery, investigation and compliance, our unified end-to-end platform helps customers build cyber resilience via a holistic security portfolio. Powered by actionable insights from our real-time contextual threat intelligence, OpenText Cybersecurity customers benefit from high efficacy products, a compliant experience, and simplified security to help manage business risk.

  • Oort
    Booth: 590

    Oort is an early-stage Boston-area startup focused on the intersection of Edge Computing and Cybersecurity. They are pioneering a new model for efficiently delivering security-as-a-service for remote workers, IoT devices, and branch offices using hundreds of globally-distributed data centers at the Edge of the Internet.

  • Palo Alto Networks
    Booth: 540

    Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before.

  • Pentera
    Booth: 420

    Pentera is the category leader for Automated Security Validation, allowing every organization to test with ease the integrity of all cybersecurity layers, unfolding true, current security exposures at any moment, at any scale.

    Thousands of security professionals and service providers around the world use Pentera to guide remediation and close security gaps before they are exploited.

  • Randori, an IBM Company
    Booth: 510

    Randori is your trusted adversary. Recognized as a leader in offensive security, Randori combines attack surface management (ASM) and continuous automated red teaming (CART) in a single unified platform to provide a continuous, proactive, and authentic offensive security experience. Relied upon by Meijer, Greenhill Inc, FirstBank, NOV, Lionbridge and many more, Randori helps companies stay one step ahead of attackers by continuously discovering what’s exposed and validating risks as they arise. Discover your true attack surface today at www.Randori.com.

  • Rapid7
    Booth: 330

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • Rubrik
    Booth: 360

    Rubrik, the Zero Trust Data Security Company, delivers data security and operational resilience for enterprises. Rubrik’s big idea is to provide data security and data protection on a single platform, including Zero Trust Data Protection, ransomware investigation, incident containment, sensitive data discovery and orchestrated application recovery. This means data is ready at all times so you can recover the data you need and avoid paying a ransom. Because when you secure your data, you secure your applications, and you secure your business.

  • SecurEnds, Inc
    Booth: 390

    SecurEnds provides companies with a tool to automate user access reviews (UAR) across cloud and on-prem applications to meet SOX, ISO27001, PCI, HIPAA, HITRUST, FFEIC, GDPR, and CCPA audit requirements. Utilizing fuzzy logic to pull data from systems of record (SOR), complimentary identity governance and administration (IGA) solutions, and SaaS-based, custom, and legacy downstream applications, SecurEnds provides a complete, end-to-end process for UAR, then automates it out of the box.

  • SentinelOne
    Booth: 530

    SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.

  • SideChannel
    Booth: 199

    In cybersecurity and privacy, experience matters.

    At SideChannel, we match companies with an expert virtual CISO (vCISO) & privacy officer (vCPO), so your organization can assess cyber risk, privacy needs and ensure cybersecurity compliance — all without jeopardizing your financial assets. Is your organization ready to take control of its security and privacy?

    From providing your organization with an initial Risk Assessment to helping ensure cybersecurity compliance, our services are designed to give exactly what your organization needs, when it’s needed, without any added hassle.

    Working with SideChannel means to work with actual CISOs and CPOs, with private and public sector experience, solving critical problems for Fortune 500 companies and beyond. We’re not a group of consultants working from a cookie-cutter playbook. We’re not a team of junior analysts.

    We’re SideChannel – seasoned experts with decades of experience, and we’re ready to transform the way your organization thinks about cybersecurity & privacy.

  • Skybox Security
    Booth: 425

    Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.

  • Sonatype
    Booth: 200

    Every day, developers rely on millions of third party and open source building blocks – known as components – to build the software that runs our world. Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don’t have to make the tradeoff between going fast and being secure. More than 120,000 organizations use Sonatype’s Nexus solutions to support agile, Continuous Delivery, and DevOps practices globally

  • Sysdig
    Booth: 500

    The Sysdig Secure DevOps Platform provides security to confidently run containers, Kubernetes and cloud services. Only Sysdig has the deep visibility needed to see all threats, vulnerabilities and suspicious activity. With Sysdig you can secure the build pipeline, detect and respond to runtime threats, continuously validate compliance, and monitor and troubleshoot cloud infrastructure and services.

    Sysdig is a SaaS platform, built on an open source stack that includes Falco and sysdig OSS, the open standards for runtime threat detection and response. Hundreds of organizations rely on Sysdig to secure containers, Kubernetes and cloud services.

  • Tanium
    Booth: 130

    Tanium defends every team, endpoint and workflow against the largest attack surface in history by delivering the industry’s first convergence of IT management and security operations with a single platform under a new category, Converged Endpoint Management (XEM).

    The integrated offering links IT operations, security and risk teams from a single pane of glass to provide a shared source of truth, a unified set of controls, and a common taxonomy that brings together siloed teams for a shared purpose—to protect critical information and infrastructure.

    For more information, visit: https://www.tanium.com.

  • Team Cymru
    Booth: 560

    Team Cymru’s mission is to save and improve human lives.  We are unrivalled across three disciplines; digital business risk platforms, free to use community services and support services to over 143 Government CSIRT teams.

    Our business risk and threat intelligence platforms empower global organizations with unmatched Threat Reconnaissance and Attack Surface Management capabilities to meet the challenges of today’s cyber threats.

    Community Services equip those who run the internet to defend it from criminals who wish to disrupt and cause harm, and CSIRT enables Governments the tools to outmaneuver nation state threat actors.

    Since 2005, our reputation remains unchallenged.

  • Tec-Refresh, Inc.
    Booth: 340

    Tec-Refresh is a full-service IT solutions provider and consulting firm. Delivering solutions across every platform, we partner with the best vendors in the industry using cutting-edge technology and methods to architect, implement and secure your IT infrastructure.

    Tec-Solutions-as-a-Service (TSaaS) include:

    – Consulting & Project Management
    – Cyber Security Solutions
    – Data Center Solutions
    – Storage & Infrastructure Solutions

  • TechTarget
    Booth: n/a

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Thales
    Booth: 400

    As the global leader in cloud and data protection, we help the most trusted brands and largest organizations in the world protect their most sensitive data and software, secure the cloud and achieve compliance through our industry-leading data encryption, access management, and software licensing solutions.

  • ThreatLocker
    Booth: 570

    ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com

  • UpGuard
    Booth: 150

    UpGuard is the best platform for securing your organization’s sensitive data. Our security ratings engine monitors millions of companies and billions of data points every day.

  • Varonis Systems, Inc.
    Booth: 399

    Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • Veriti
    Booth: 420

    Veriti is a fast-growing security infrastructure innovator that helps organizations maximize their security posture while ensuring business uptime.

    Integrated with the entire security stack, Veriti provides a consolidated management layer that continually and proactively monitors exposure to threats and provides actionable remediation paths for security gaps and high-risk vulnerabilities across the organization’s infrastructure and attack surface.

  • VMRay
    Booth: 235

    At VMRay, our purpose is to liberate the world from undetectable digital threats.
    Led by reputable cyber security pioneers, we develop best-in-class technologies to help organizations distinguish genuine threats from the noise and obtain additional context and insights into those threats.
    Based on the world’s most advanced malware and phishing analysis platform, we enable enterprises, government organizations, and MSSPs to automate security operations, accelerate analysis and response, and build reliable threat intelligence. In times of uncertainty and complexity, we create room for clarity and productivity to help security teams thrive.

  • Waterfall Security
    Booth: 420

    Waterfall Security’s technology represents an evolutionary alternative to firewalls. Our innovative, patented Unidirectional Security Gateway solutions enable safe and reliable IT/OT integration, data sharing, cloud services, and all required connectivity for industrial control systems and critical infrastructures. Waterfall Security’s products dramatically reduce the cost and complexity of regulatory compliance with NERC CIP, NRC, NIST, CFATS, ANSSI and others.

    Waterfall products enable external parties, HQ, engineering, contractors and vendors, cloud services, and others to have access to operational information, while keeping the industrial control systems safe and secure. Our purpose-built hardware based security is enhanced by off-the-shelf software with a multitude of interfaces to widest range of industrial systems, protocols, databases and IT solutions in the market.

    Waterfall has a growing list of customers worldwide, including national infrastructures throughout North America, Europe, Asia and the Middle-East in power plants, nuclear plants, on/off-shore platforms, refineries, manufacturing plants, utility companies plus many more. Our strategic partners are multinational conglomerates and integrators in manufacturing, automation and other parallel industries.

  • WiCyS New England Affiliate
    Booth: 450
  • Zimperium
    Booth: 435

    Zimperium, the global leader in mobile device and application security, offers the only real-time, on-device, machine learning-based protection against Android, iOS, and Chromebooks threats.

    Powered by our patented z9 engine, Zimperium provides protection against device, network, phishing, and malicious app attacks. Our best-in-class solutions include zIPS, which protects mobile devices against risks and attacks without requiring a connection to the cloud and our Mobile Application Protection Suite (MAPS), the only comprehensive solution that protects mobile apps from risks during development, in the app marketplaces, and on end-user devices.

    Zimperium was the first MTD provider to be granted an Authority to Operate (ATO) status from the Federal Risk and Authorization Management Program (FedRAMP). Headquartered in Dallas, TX, Zimperium is backed by Liberty Strategic Capital and SoftBank.

  • ZeroFox
    Booth: 195

    Using diverse data sources and artificial intelligence-based analysis, the ZeroFox Platform identifies and remediates targeted phishing attacks, credential compromise, data exfiltration, brand hijacking, executive and location threats and more. The patented ZeroFox SaaS technology processes and protects millions of posts, messages and accounts daily across the social and digital landscape, spanning LinkedIn, Facebook, Slack, Twitter, Instagram, Pastebin, YouTube, mobile app stores, the deep & dark web, domains, email and more.

    Led by a team of information security and high-growth company veterans, ZeroFox has raised funding from NEA, Highland Capital, Intel Capital, Hercules Capital and others, and has collected top industry awards such as Red Herring Top 100 North America, the SINET16 Champion, Dark Reading’s Top Security Startups to Watch, Tech Council of Maryland’s Technology Company of the Year and the Security Tech Trailblazer of the Year.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Jordan Fischer, Instructor
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP

    Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Dmitriy Sokolovskiy, Moderator
    Sr. Vice President, Information Security, Semrush

    From 1999 to 2007, Dmitriy had first-hand experience with servers, networks and datacenters, and NOCs and SOCs as he worked and consulted for defense contractors, public and private financial and medical companies, and non-profits. Between 2007 and 2018, Dmitriy spent 11 years at CyberArk software, helping them go public as he was building and managing a cyber-security professional services team, personally participating in incident response and remediation for some of the largest breaches in US history, and then serving as a Cloud Security Architect for SaaS products utilizing CSA CCM and CIS CSC. Dmitriy holds Boardroom Qualified Technical Expert (QTE) certification from the Digital Directors Network (DDN) and serves on Advisory Boards for multiple information security start-ups, such as Oort, Exium, SaaSLicense (acquired by Apptio), and advises venture capital, and private equity firms. He is a SANS Mentor, a member of the GIAC Advisory Board and holds the GISF, GCED and CISSP certifications.

  • speaker photo
    Richard Berthao
    Director, Cybersecurity Architecture, Draper Labs; Colonel, U.S. Army Reserve; President, New England Chapter, MCPA

    Richard Berthao is the Director of Cybersecurity Architecture for Draper Laboratory. He previously served more than 20 years in the federal government. This service began with over 19 years as an IT Director in the Massachusetts National Guard, Department of Defense (DoD). He continued as a Cybersecurity Advisor for Connecticut & Massachusetts, within the Cybersecurity & Infrastructure Security Agency (CISA) of the Department of Homeland Security (DHS). Additionally, he is an adjunct faculty member at Nichols College in Massachusetts, teaching graduate courses on cybersecurity governance, policy, and fundamentals. He also continues his more than 34 years of military service in the US Army Reserve as a Cyberspace Operations Officer. Along with his work experience, he serves in a volunteer role as the New England Chapter President of the Military Cyber Professional Association.

  • speaker photo
    Woody Groton
    CIO, Draper Labs; Colonel, U.S. Army National Guard; VP, New England Chapter, MCPA
  • speaker photo
    Mike Tetreault
    Cybersecurity Advisor to Rhode Island, DHS CISA; Colonel (Retired), Rhode Island Army National Guard
  • speaker photo
    Chris Roberts
    CISO and Senior Director, Boom Supersonic

    Chris is the CISO for Boom Supersonic and works as an advisor for several entities and organizations around the globe. His most recent projects are focused within the aerospace, deception, identity, cryptography, Artificial Intelligence, and services sectors. Over the years, he's founded or worked with several folks specializing in OSINT/SIGINT/HUMINT research, intelligence gathering, cryptography, and deception technologies. These days he’s working on spreading the risk, maturity, collaboration, and communication word across the industry. (Likely while coding his EEG driven digital clone that’s monitoring his tea and biscuit consumption!)

    Since the late 90’s Chris has been deeply involved with security R&D, consulting, and advisory services in his quest to protect and defend businesses and individuals against various types of attack. Prior to that he jumped out of planes for a living, visiting all sorts of interesting countries and cultures while doing his best to avoid getting shot at too often. (Before that, he managed to get various computers confiscated by several European entities.)

    He’s considered one of the world’s foremost experts on counter threat intelligence and vulnerability research within the Information Security industry. He’s also gotten a name for himself in the transportation arena, basically anything with wings, wheels, tracks, tyres, fins, props or paddles has been the target for research for the last 15 years. (To interesting effect.)

    Chris has led or been involved in information security assessments and engagements for the better part of 25 years and has a wealth of experience with regulations such as GLBA, GDPR, HIPAA, HITECH, FISMA, and NERC/FERC. He has also worked with government, state, and federal authorities on standards such as CMS, ISO, CMMC, and NIST.

    Chris has been credentialed in many of the top IT and information security disciplines and as a CyberSecurity advocate and passionate industry voice, he is regularly featured in national newspapers, television news, industry publications and several documentaries. He can typically be found waving arms on a stage somewhere on this planet…or hacking into whatever’s taken his fancy… (Cows and camels being two of the more bizarre things, we’ll ignore things in space for now.)

    As one of the well-known hackers and researchers, Chris is routinely invited to speak at industry conferences. CNN, The Washington Post, WIRED, Business Insider, USA Today, Forbes, Newsweek, BBC News, Wall Street Journal, and numerous others have covered him in the media.

    And worst case, to jog the memory, Chris was the researcher who gained global attention in 2015 for demonstrating the linkage between various aviation systems, both on the ground and while in the air that allowed the exploitation of attacks against flight control system.

  • speaker photo
    Thomas Hart
    CISO, Cyber Guide LLC

    Thomas F Hart - Tom has been in the IT field since 1978(EDP), starting as a programmer trainee (Assembler and COBOL). First computer worked on was an IBM360 system (PCs were a long way off). He has been a Programmer, Systems Analyst, Operating Systems Programmer, Network Systems Programmer, DR / BCS Specialist, IT Auditor, GRC, Sr. Security Analyst, Contractor/Consultant, Security Conference Panelist- Moderator-Organizer-Speaker. Tom has been involved in the InfoSec community via ISC2, ISACA, SANS, HOPE, BSides, Secure World and others. He has worked in the Banking, Defense, Utilities, Gov. and Health Care industries in his career. Most recently he has founded Cyber Guide LLC consulting firm.

  • speaker photo
    David Dumas
    Sr. Principal, Security Risk Management, Verizon

    David Dumas, CISSP, CISM, ISSA Distinguished Fellow, is a Senior Principal in Security Risk Management for Verizon's Wireline Security Operations group. He has 32 years in the security field, working at Digital Equipment and Verizon. He has been on the ISSA New England Chapter Board since 1998.

  • speaker photo
    Andrew Smeaton
    CISO, Afiniti

    Andrew holds over 22 years of experience in the banking, financial services, and healthcare industries. He is experienced in all facets of IT/IS Security & Risk Management including acquisitions and disaffiliations, and has a track record of developing and implementing security strategies from inception through execution. In addition to his corporate experience, Andrew has also served on the executive boards for international conferences and advised government agencies on information security subjects. Andrew’s regulatory compliance experience includes FSA, PRA, FDIC, ISO 27K, COBIT, HIPAA, PCI-DSS, GLBA, Mass 201 CMR 17.00, SOX 404.SAMA, and NYDFS.

  • speaker photo
    Michael L. Woodson
    CISO, Sonesta Hotels

    Michael Woodson is Sonesta’s Director of Information Security and Privacy and was formally the Chief Information Security Officer (CISO) for the Massachusetts Bay Transit Authority, the public agency responsible for operating most of the transportation services in Greater Boston, Massachusetts. He was responsible for the MBTA’s total information security needs and the development and delivery of their comprehensive information security strategy to optimize the security posture of the organization.

    Mr. Woodson is an IT information security professional with over 25 years of experience and has a deep understanding of operational and information technology processes, the implementation of cost -
    effective controls and security safeguards to monitor and mitigate risks.

    He was previously a Principal at Infosys Limited in the Enterprise Application, Cloud, Infrastructure, and Security Services practice, a Senior Vice President, at Taino Consulting Groups Cyber Security Advisory Practice, Information System Security and VP/Cyber Risk Director for State Street Corporation, Director of Cyber and Network Security for Santander Bank, and Head of Forensic Information Security Services North America for Tata Consultancy Services and other positions in information and cybersecurity which includes 12 years of law enforcement experience obtained directly from the Boston Police Department as an IT specialist/Police Officer.

    Mr. Woodson has an extensive background in Network and Information Security, Data Privacy, Fraud Management, Technical Investigations, Regulatory Compliance and Policy Development, Litigation Preparedness, Enterprise Governance, Risk Management, Computer Forensics, Law Enforcement Technologies, and Application Security Threats and Countermeasures.

    He is an Adjunct Professor here at Cambridge College and Northeastern University and has served as a lecturer at Endicott College and as a visiting Adjunct Professor at Stimik Perbanas in Jakarta Indonesia.

    He is Certified in Information Security Management (CISM), Certified Chief Information Security Officer (C|CISO), and Certified Data Privacy Solution Engineer (CDPSE). He received his Bachelor of Science degree from the University of Massachusetts, and several master’s degrees from Boston University and Utica College of Syracuse University.

  • speaker photo
    David Barker
    Director of Application Security, GoodLeap LLC

    David Barker is Director of Application Security for GoodLeap LLC, a Fintech company providing a point-of-sale platform for sustainable home solutions. GoodLeap marks David’s fourth creation of a Code-to-Cloud Application Security program. His pedigree includes companies like Dell EMC, Stanley Black & Decker, and PTC. David has both an MBA and an MS in IT and wields his combination of business and technical acumen with repeated success.

  • speaker photo
    Scott Fisher
    Sr. Security Engineer, Team Cymru
  • speaker photo
    Chad Barr
    Director of Governance & Compliance, Risk Advisory Services, AccessIT Group

    Chad Barr is a seasoned leader in the field of information security, currently serving as the Director of Governance, Risk and Compliance (GRC) within the Risk Advisory Service practice at AccessIT Group (AITG). With a proven track record of success, Chad brings a wealth of experience to AccessIT Group.

    As a visionary leader in the realm of cybersecurity, Chad has honed his skills across multiple disciplines, including security engineering, project management, risk management, and compliance. His extensive background underscores his ability to guide organizations toward robust and resilient security postures.

  • speaker photo
    Frederick Webster, CISM
    Information Security Officer, Blue Cross & Blue Shield of Rhode Island

    Frederick Webster leads Blue Cross & Blue Shield of Rhode Island’s cybersecurity program as their Information Security Officer. He has over 15 years of experience in the IT and Information Security fields with a background in Security Operations, Business Continuity and Information Assurance. He has experience in Healthcare, Retail Pharmacy, Pharmacy Benefits Management, and MSSP industries. Frederick is a credentialed ISACA CISM with a BS. in Management of Information Systems and an MBA.

  • speaker photo
    Professor Kevin R. Powers, J.D.
    Founder and Director, Master of Science in Cybersecurity Policy & Governance Program, Boston College

    Kevin is the founder and director of the Master of Science in Cybersecurity Policy and Governance Program at Boston College, and an Assistant Professor of the Practice at Boston College Law School and in Boston College’s Carroll School of Management’s Business Law and Society Department. Along with his teaching at Boston College, Kevin is a Cybersecurity Research Affiliate at the MIT Sloan School of Management, and he has taught courses at the U.S. Naval Academy, where he was also the Deputy General Counsel to the Superintendent.

    With over 20 years of combined cybersecurity, data privacy, business, law enforcement, military, national security, higher education, and teaching experience, he has worked as an analyst and an attorney for the U.S. Department of Justice, U.S. Navy, U.S. Department of Defense, law firms in Boston and Washington, D.C., and as the general counsel for an international software company based in Seattle, Washington. Kevin also is an expert witness and consultant with the Analysis Group and serves as a Director for the Board of Reading Cooperative Bank, a Trustee for the Board of Boston College High School, an Advisory Board Member for HYCU, Inc. and CyberSaint Security, and as a Member of the Boston College Law School Business Advisory Council. From 2016-2017, he was the Panel Lead for the Collegiate Working Group for the U.S. Department of Homeland Security's National Initiative for Cybersecurity Education (NICE). Kevin regularly provides expert commentary regarding cybersecurity and national security concerns for varying local, national, and international media outlets.

  • speaker photo
    Tom Brown
    Senior Solutions Engineer, Zimperium

    Tom Brown has held individual and leadership roles in sales engineering, customer success, and IT consulting over the past 20 years. As mobile, hybrid, and public cloud computing have become dominant models, his technical focus has evolved from endpoint and email security toward mobile and cloud-based, software-defined architectures delivering workload resiliency and security. Most recently as a System Engineer with Zimperium, he focuses on protecting users and enterprises from attacks on devices, networks, applications, and phishing. Tom also completed the CompTIA A+/Network+ and MCSE program at the University of Pheonix before becoming a Microsoft Certified Professional.

  • speaker photo
    Mike DeNapoli
    Sr. Solution Architect, Cymulate

    Mike DeNapoli has spent over two decades working with companies from mom and pop shops to Fortune 100 organizations;advising on issues from Business Continuity Planning, to Cloud Transformation, to Real-World Cybersecurity. He is currently a Senior Solution Architect with Cymulate Breach and Attack Simulation;helping customers and partners know that their security controls are defending the organization, without speculation.

  • speaker photo
    Gurinder Bhatti
    Principal Global Security Strategist, Okta

    Gurinder Bhatti is a Principal Global Security Strategist for Okta's pre-sales field teams. In his current role, he works with both customers and prospects in helping them understand the value proposition of Identity as a security strategy. Prior to Okta, Gurinder was an AVP of Cyber Security engineering at Moody’s and implemented numerous security solutions, including O365, Okta, Splunk, and enterprise-wide device encryption. He has over two decades of experience in the cybersecurity practice having worked in FinTech and FinServ industries for organizations such as the New York Stock Exchange, Moody’s, and IHS Markit.

  • speaker photo
    Denis Calderone
    Managing Director, Digital Investigations & Discovery, J.S. Held

    Denis Calderone joined J.S. Held in October 2022 following J.S. Held's acquisition of TBG Security.

    Denis has worked in the information technology field for more than 20 years with the last 18 being completely dedicated to information security. He holds multiple security certifications and prides himself on viewing information security in a holistic light.

    Denis’ key technical expertise is in network and application penetration testing, but mostly plays a CISO/CSO on-demand role these days for numerous consulting customers. He does not believe that the security challenges businesses face today can simply be met by installing point solutions or checking off regulatory audit check sheets. Each client faces unique problems and threats. An understanding of the industry threat profile, corporate culture, and risk tolerance must always be considered when addressing corporate security needs.

    As partner, Denis led the technical consulting arm of TBG Security and performed the role of CSO. Prior to TBG Security, Denis worked for Exodus Communications as part of their Northeast Security Practice, and for Lycos as their information security engineer.

  • speaker photo
    Adam Rosen
    VP, Product Strategy, Netwrix

    Adam Rosen serves as Vice President of Product Strategy at Netwrix. An expert on managing and securing data, Adam has helped organizations of all sizes implement controls and policies to meet security, compliance, and efficiency objectives. In his current capacity, he manages Netwrix’s portfolio of data security and data privacy technologies depended on by enterprises around the world to protect their most critical information.

  • speaker photo
    Roy Wattanasin, Moderator
    Healthcare Information Security Officer, Healthcare Organization

    Roy Wattanasin is currently a healthcare information security professional. Additionally, Roy is an avid speaker who has spoken at many conferences and webinars. Roy also enjoys data forensics & incident response and building security in. He is heavily involved with many computer security groups including OWASP Boston, ISSA and the local communities. Roy is also a member of multiple advisory groups. He was an adjunct instructor at Brandeis University as part of the Health and Medical Informatics and is also the co-founder of that program. He is credited for bringing back the Security BSides Boston conference (setting the standards) and enjoys seeing it grow each year and being successful with its new team members.

  • speaker photo
    David Richardson
    VP, Product Management, Lookout

    David Richardson has been building software to help individuals and enterprises secure mobile devices for over a decade. David currently oversees product management at Lookout. He has 45 patents issued related to mobile security. He is a frequent speaker at security conferences on the topic of iOS and Android security.

  • speaker photo
    Chris Roberts
    CISO and Senior Director, Boom Supersonic

    Chris is the CISO for Boom Supersonic and works as an advisor for several entities and organizations around the globe. His most recent projects are focused within the aerospace, deception, identity, cryptography, Artificial Intelligence, and services sectors. Over the years, he's founded or worked with several folks specializing in OSINT/SIGINT/HUMINT research, intelligence gathering, cryptography, and deception technologies. These days he’s working on spreading the risk, maturity, collaboration, and communication word across the industry. (Likely while coding his EEG driven digital clone that’s monitoring his tea and biscuit consumption!)

    Since the late 90’s Chris has been deeply involved with security R&D, consulting, and advisory services in his quest to protect and defend businesses and individuals against various types of attack. Prior to that he jumped out of planes for a living, visiting all sorts of interesting countries and cultures while doing his best to avoid getting shot at too often. (Before that, he managed to get various computers confiscated by several European entities.)

    He’s considered one of the world’s foremost experts on counter threat intelligence and vulnerability research within the Information Security industry. He’s also gotten a name for himself in the transportation arena, basically anything with wings, wheels, tracks, tyres, fins, props or paddles has been the target for research for the last 15 years. (To interesting effect.)

    Chris has led or been involved in information security assessments and engagements for the better part of 25 years and has a wealth of experience with regulations such as GLBA, GDPR, HIPAA, HITECH, FISMA, and NERC/FERC. He has also worked with government, state, and federal authorities on standards such as CMS, ISO, CMMC, and NIST.

    Chris has been credentialed in many of the top IT and information security disciplines and as a CyberSecurity advocate and passionate industry voice, he is regularly featured in national newspapers, television news, industry publications and several documentaries. He can typically be found waving arms on a stage somewhere on this planet…or hacking into whatever’s taken his fancy… (Cows and camels being two of the more bizarre things, we’ll ignore things in space for now.)

    As one of the well-known hackers and researchers, Chris is routinely invited to speak at industry conferences. CNN, The Washington Post, WIRED, Business Insider, USA Today, Forbes, Newsweek, BBC News, Wall Street Journal, and numerous others have covered him in the media.

    And worst case, to jog the memory, Chris was the researcher who gained global attention in 2015 for demonstrating the linkage between various aviation systems, both on the ground and while in the air that allowed the exploitation of attacks against flight control system.

  • speaker photo
    Terry Olaes, Moderator
    Director, North America Systems Engineering, Skybox Security

    Terry Olaes is director of North America systems engineering at Skybox Security. With more than 20 years of experience in IT, his expertise includes IT/OT convergence, audit and compliance, data breaches, and incident management. Working on the ground floor at a manufacturing plant, serving as a systems engineer, and managing large security teams have provided Terry with a unique perspective on fortifying IT/OT security posture. Terry specializes in helping organizations devise the right cybersecurity strategies to help manage vulnerabilities and mitigate risks across IT, OT, and hybrid cloud environments. Previously, he has served in security management roles at Neiman Marcus and IBM. Terry has a BA in Business Administration and Management from the University of Phoenix.

  • speaker photo
    Brian McGowan, CISM
    VP, Global Security & Privacy, SharkNinja

    Brian currently leads the cybersecurity and privacy program as Vice President, Global Security & Privacy at SharkNinja, a relentless innovator and global leader in the housewares industry. Previously, he served as head of IT security & compliance at Hasbro, where for seven years he led the maturity of a global cybersecurity program designed to meet everchanging cyber risk of a company that evolved from a toy manufacturer to a global entertainment company serving the film, unscripted TV, and online gaming industries. Prior to Hasbro, he served as Director of IT Compliance for Upromise, the Boston-based pioneer of loyalty and 529 college savings programs, where he led development of the company's PCI and SOX compliance programs.

    Brian established himself as a leader in cybersecurity, privacy, and compliance program development. His career path differs from many IT professionals; he started his professional career in technology sales with Cabletron Systems in the mid-90s where he was first exposed to information technology and shifted to a career in IT operations in 2001. He was drawn to the structure of process and controls, which led to a role in IT security & compliance in 2005.

    Brian has a passion for developing teams with a focus on individual team member success and career growth. He attributes relationship and team-building skills developed early in his career as a sales professional as keys to his program development and leadership success.

    Education:
    BS, Management Science, Bridgewater State University
    Executive Leadership Professional Coach Program, AIIR Professional Consulting
    Executive Leadership Certificate, Business Engagement & the Information Security Professional, Tuck School of Business
    Executive Leadership Certificate, Harvard Leadership Management Program

  • speaker photo
    Roger Brassard
    Sr. Product Manager – Email Threat Protection, OpenText Cybersecurity

    Roger is a 22-year veteran product manager who specializes in capturing customer and partner concerns, staying abreast of industry trends including regulatory changes, and translating that information into cross-functional development teams to solve the cybersecurity business problems of today and tomorrow. At OpenText Security Solutions, he and his team are focused on quality and efficacy to continuously evolve our Advanced Email Threat Protection and Email Continuity Service solutions, equipping customers and partners with security solutions that are needed in today's continuously evolving threat landscape.

  • speaker photo
    Brett Price, CISSP, CISM
    Lead Cybersecurity Consultant, Risk Advisory Services, AccessIT Group

    Brett Price is a Senior Cybersecurity Consultant for the Risk Advisory Services practice at AccessIT Group (AITG). Brett is a knowledgeable cybersecurity consultant with over twenty years of experience and an extensive background in security consulting, network engineering/administration and cybersecurity best practices. Brett’s skills range from analyzing network packet behavior to securing enterprise critical infrastructure with expertise in assessing and consulting on risk management frameworks and standards such as NIST 800-53, NIST CSF, CIS and ISO/IEC 2700X. Brett has experience working with enterprise and mid-market customers across various industry sectors such as healthcare, banking, industrial, retail, pharmaceutical and insurance.

  • speaker photo
    Mark Ostrowski
    Head of Engineering, East US, Check Point Software Technologies

    Mark Ostrowski is the Head of Engineering for the East region of US at Check Point Software Technologies. Mark has over 25 years’ experience in IT security and has helped design and support some of the largest security environments in the country. As an evangelist and member of the Office of the CTO at Check Point Software, Mark provides thought leadership for the IT security industry, outlining the current threat landscape and helping organizations understand how they can proactively mitigate and manage risk in our world of digital transformation. Mark actively contributes to national and local media discussing cybersecurity and its effects in business and at home on media outlets such as the Today Show on NBC, Good Morning America on ABC, and the Wall Street Journal.

  • speaker photo
    Mike Villavicencio
    Channel Sales Engineer, LogRhythm
  • speaker photo
    Christine Nagy, Moderator
    CISO, Advent International
  • speaker photo
    Chad Maskill
    Cyber Hero, ThreatLocker

    Chad Maskill has two decades of experience in consultation and client management. In his current role, Chad reaches out to assist businesses in hardening their environment preventing ransomware and malicious attacks. Chad has devoted his career to implementing client driven solutions, working with everyone from Ford Motor Company, Tesla, Infinity Ward, as well as numerous municipalities throughout the U.S. and countless SMBs. Previously, he worked with local government in designing and sourcing emergency apparatus and can still parallel park a Ladder Truck.

  • speaker photo
    Mike Semaniuk
    Systems Engineer, Palo Alto Networks

    Michael Semaniuk is a Systems Engineer at Palo Alto Networks. He has been with Palo Alto Networks for 14 years where he was the first SE hired in New England. Michael enjoys solving customer problems and seeing their aha moment.

  • speaker photo
    Walter Williams
    CISO, Monotype

    Walter Williams has over 20 years of experience in Information Security. He is the author of "Creating an Information Security Program from Scratch" (2021, CRC Press) and "Security for Service Oriented Architecture" (2014, CRC Press). He was a member of the program committee for MetricCon 8 and Metricon 10. He holds the CISSP and SSCP certifications in good standing.

  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

  • speaker photo
    Jeannie Warner
    Director, Product Marketing, Exabeam

    Jeannie Warner, CISSP, Director of Product Marketing at Exabeam, is an information security professional with over twenty years in infrastructure operations/security. Jeannie started her career in the trenches working in various Unix helpdesk and network operations centers. She began in Security Operations for IBM MSS and quickly rose through the ranks to technical product and security program manager for a variety of software companies such as Symantec, Fortinet, and NTT (formerly WhiteHat) Security. She served as the Global SOC Manager for Dimension Data, building out their multi-SOC “follow the sun” approach to security. Jeannie was trained in computer forensics and practices. She also plays a lot of ice hockey.

  • speaker photo
    Eric Anderson
    Cybersecurity Architect, Instructor, and Evangelist, Atlantic Data Security

    Eric is a 35-year veteran of the technology industry, with the last 25 of that focused on cybersecurity. After having served in just about every technical capacity from coding to customer service, in both pre- and post-sales, he currently spends the majority of his time working with clients to solve their security challenges. Combining creative thinking and a sympathetic understanding of customer issues and motivations, he architects solutions to difficult problems while fostering deeper comprehension with those he works with and teaches.

  • speaker photo
    Happy Hour
  • speaker photo
    Bill Bowman
    CISO & Data Privacy Officer, Emburse

    Bill Bowman has been the first CISO at five different organizations over the last 20 years. He has been in Educational Technology, Financial Technology, and B2B Growth companies. He was the founding President for the (ISC)2 Eastern Massachusetts organization 10 years ago. Bill lives in Framingham with his wife and five children.

    As CISO, Mr. Bowman is responsible for managing the global responsibilities associated with Information Security, Physical Security, Privacy, Disaster Recovery, Business Continuity, Incident Response, and Insurance. Mr. Bowman has successfully implemented PCI-DSS, SOC 1, SOC 2, ISO 27001, ISO 27701, ISO 27017, and ISO 27018. Specialties: Executive Core Qualifications: Leading Change, Leading People, Results Driven (Metrics), Risk based decision making, Business/Industry Acumen, Building Coalitions. Management development, Talent development Technical Qualifications: Information Security, IT & business risk, IT governance & compliance (SOX 404), Regulatory compliance (GDPR), DR/BC, Mobility, Networking, Cloud security, Cloud privacy, Application vulnerability management, and other technical and non-technical related items.

  • speaker photo
    Mark P. Scichilone
    Network Intrusion Forensic Analyst, U.S. Secret Service & New England Cyber Fraud Task Force

    Mark Scichilone is currently a Network Intrusion Forensic Analyst (NIFA) for the United States Secret Service-Boston Field Office, serving the New England region. With over 14 years of experience in computer forensics, Mark previously worked for eight years at the U.S. Postal Inspection Service - Boston Division - Digital Evidence unit as a Senior Forensic Computer Analyst and briefly as a Laboratory Unit Manager. Before that, Mark spent five years as a Digital Forensic Analyst with the Massachusetts Attorney General's Office - Cyber Crime Division - Digital Forensic Unit. He has testified as an expert witness for computer forensic examinations on multiple occasions in both state and US Federal Courts and has received awards from the U.S. Attorney’s Office for the District of Massachusetts in recognition of his contributions to the Law Enforcement Public Service Awards Ceremony.

    Mark is a member and the membership chairperson for the Scientific Working Group for Digital Evidence (SWGDE) and is also a member of the International Association of Computer Investigative Specialists (IACIS). He holds certification as a Certified Forensic Computer Examiner (CFCE) as well as other digital forensic certifications.

  • speaker photo
    Garrett FitzGerald
    Cyber Special Agent, Boston Field Office, United States Secret Service

    Garrett FitzGerald is a Cyber Special Agent for the United States Secret Service Boston Field office serving the New England region, with over eight years of experience in investigating cyber and financial fraud.

  • speaker photo
    Sean Scranton
    Consultant, Cyber Risk Solutions Team, WTW

    Cyber Liability National Practice Leader (current). IT Security / IT Auditor at RLI for eight years. Network / security consulting / auditor for financial institutions, government for nine years. Network / firewall administrator in healthcare for seven years. Designations: CPCU, RPLU+, CISSP, CISM, CISA, CRISC, CSXF, MBA.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Jordan Fischer, Instructor
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP

    Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Jordan Fischer, Instructor
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP

    Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Michael L. Woodson
    CISO, Sonesta Hotels

    Michael Woodson is Sonesta’s Director of Information Security and Privacy and was formally the Chief Information Security Officer (CISO) for the Massachusetts Bay Transit Authority, the public agency responsible for operating most of the transportation services in Greater Boston, Massachusetts. He was responsible for the MBTA’s total information security needs and the development and delivery of their comprehensive information security strategy to optimize the security posture of the organization.

    Mr. Woodson is an IT information security professional with over 25 years of experience and has a deep understanding of operational and information technology processes, the implementation of cost -
    effective controls and security safeguards to monitor and mitigate risks.

    He was previously a Principal at Infosys Limited in the Enterprise Application, Cloud, Infrastructure, and Security Services practice, a Senior Vice President, at Taino Consulting Groups Cyber Security Advisory Practice, Information System Security and VP/Cyber Risk Director for State Street Corporation, Director of Cyber and Network Security for Santander Bank, and Head of Forensic Information Security Services North America for Tata Consultancy Services and other positions in information and cybersecurity which includes 12 years of law enforcement experience obtained directly from the Boston Police Department as an IT specialist/Police Officer.

    Mr. Woodson has an extensive background in Network and Information Security, Data Privacy, Fraud Management, Technical Investigations, Regulatory Compliance and Policy Development, Litigation Preparedness, Enterprise Governance, Risk Management, Computer Forensics, Law Enforcement Technologies, and Application Security Threats and Countermeasures.

    He is an Adjunct Professor here at Cambridge College and Northeastern University and has served as a lecturer at Endicott College and as a visiting Adjunct Professor at Stimik Perbanas in Jakarta Indonesia.

    He is Certified in Information Security Management (CISM), Certified Chief Information Security Officer (C|CISO), and Certified Data Privacy Solution Engineer (CDPSE). He received his Bachelor of Science degree from the University of Massachusetts, and several master’s degrees from Boston University and Utica College of Syracuse University.

  • speaker photo
    Dmitriy Sokolovskiy
    Sr. Vice President, Information Security, Semrush

    Dmitriy is currently a Senior Vice President, Information Security at SEMrush. From 1999 to 2007 Dmitriy had first-hand experience with servers, networks and datacenters, and NOCs and SOCs as he worked and consulted for defense contractors, public and private financial and medical companies, and non-profits. Between 2007 and 2018, Dmitriy spent 11 years at CyberArk software, helping them go public as he was building and managing a cyber-security professional services team, personally participating in incident response and remediation for some of the largest breaches in US history, and then serving as a Cloud Security Architect for SaaS products utilizing CSA CCM and CIS CSC. In 2018, and until summer of 2023, Dmitriy helped Avid Technology, a pioneer and a leader in the movie and music industry since 1987, to establish its information security and product security functions.

    Dmitriy holds Boardroom Qualified Technical Expert (QTE) certification from the Digital Directors Network (DDN) and serves on Advisory Boards for multiple information security start-ups, such as Oort (acquired by Cisco), The Cybernest, Exium, SaaSLicense (acquired by IBM), and advises venture capital, and private equity firms. He is a member of the GIAC Advisory Board, holds the GISF, GCED and CISSP certifications, and served as a SANS Mentor for all three.

  • speaker photo
    Ryan Spelman
    Managing Director, Cyber Risk Consulting, K Logix

    Ryan Spelman is K logix's Managing Director of Cyber Risk Consulting. He focuses on helping organizations of all sizes navigate complex cyber risks and guiding them on their cyber security journey. Ryan has over fifteen years of experience in homeland security and cyber security. Ryan joined the firm from Kroll, where he was a Senior Vice President on the North American Proactive Cyber Risk Team. Ryan helped that team expand business relationships, develop new practice areas, and ensure the alignment of services that met the needs of demanding global enterprises. Before joining the North American Proactive Cyber Risk team, Ryan was one of the key members at Kroll behind KrollClarity. This ground-breaking software solution helps organizations understand and manage their exposure to supply chain cyber risk through a fully transparent scoring system. Before Kroll, Ryan was a Senior Director at the Center for Internet Security (CIS) and led strategic business partnerships and private sector-focused consulting engagements. Prior to CIS, Ryan was the Director of the New York State Senate Committee on Veterans', Homeland Security and Military Affairs. In this role, Ryan established the Homeland Security Business Roundtable and represented the State Senate in establishing the New York State Division of Homeland Security and Emergency Services (DHSES). After voluntary positions in federal and local government, he began his professional security career working on the Weapons of Mass Destruction Task Force for the New York State Office of Homeland Security.

  • speaker photo
    Col. Candice E. Frost
    JIOC Commander, United States Cyber Command

    Candice E. Frost is the Joint Intelligence Operations Center Commander at the United States Cyber Command. As the commander, Colonel Frost leads over 200 employees from the Defense Intelligence Agency (DIA), National Security Agency, and Department of Defense, to provide and produce intelligence required to direct, operate, and secure Department of Defense networks, systems, and data; deter or defeat strategic threats to U.S. interests and infrastructure; and support achievement of Joint Force Commanders objectives.

    Before serving in her current role, Colonel Frost was the Director of Foreign Intelligence with the Headquarters of the Army Staff, G-2. She was responsible for daily briefings of the future strategic environment to the Secretary of the Army, Chief of Staff of the Army, Vice Chief of Staff of the Army, and the Army G2.

    Colonel Frost’s commitment to national security includes three decades of public service. Her career in intelligence and cyber, includes operational tours of duty in the Balkans, multiple deployments to Afghanistan, and currently, her work at Fort Meade. Candice was instrumental in the integration of women into combat arms and served close to half of her career in infantry divisions. Colonel Frost is an adjunct professor at Georgetown University teaching masters students in the Security Studies Program. She has spoken and instructed at colleges and universities to include Harvard, MIT, Columbia, Universities of Arizona, Florida, and Illinois. She also briefed the National Intelligence Council and spoke at conferences like RSA and the Billington Summit about technology and national security.

    A graduate of the United States Military Academy at West Point, Colonel Frost holds masters degrees from Central Michigan University and the United States Army School of Advance Military Studies. Her awards and decorations include the Bronze Star, Legion of Merit, and Combat Action Badge. She is also the recipient of the Billington Cybersecurity Workforce Development Award, Business Council for Peace Lifetime Mentorship Award, and the Lifetime Achievement Award in Muscatine, Iowa.

    She is a member of the Executive Advisory Council for AFCEA DC. COL Frost is the past recipient of numerous fellowships, including Seminar XXI at the Massachusetts Institute of Technology, the Army War College Fellowship with the Central Intelligence Agency, and the Foundation for Defense of Democracies Fellowship. Colonel Frost pivots in 2023 from the United States Army after more than twenty-five years of service.

  • speaker photo
    Esmond Kane
    CISO, Steward Health Care

    Esmond Kane brings more than two decades of expertise as a distinguished leader in information security, safeguarding vital sectors. With a rich leadership background at prestigious institutions like Harvard University, Mass General Brigham, and Steward Health Care, he also serves on the advisory boards of multiple companies, providing valuable insights on cyber matters. Kane excels as a trusted consultant to top executives and founders, ensuring secure IT operations, regulatory compliance, and resilient design. His stellar track record is a testament to his recognized authority in the field.

  • speaker photo
    Daniel J.W. King
    Chief of Cybersecurity, CISA Region 1 (New England)

    Daniel J. W. King is the Region 1 Chief of Cybersecurity for the Cybersecurity and Infrastructure Security Agency (CISA) within the U.S. Department of Homeland Security. Region 1 is headquartered in Boston and Mr. King oversees CISA cybersecurity services and support via Cybersecurity Advisors throughout New England. CISA works with partners to defend against today’s digital and physical threats to reduce risk and enable secure and resilient infrastructure into the future.

    Before his time with CISA, Mr. King was Global Lead for IBM Security Command. Mr. King served 30 years on active duty with the U.S. Army, retiring as a Colonel (O6). His service included Desert Shield/Storm, Joint Endeavor, Iraqi and Enduring Freedom and many other international contingency operations. He was assigned duties at NATO/SHAPE, U.S. CENTCOM, U.S. INDO-PACOM, and U.S. CYBERCOM.

    Mr. King holds a bachelor’s degree from the University of Denver and master’s degrees from the University of Southern California, U.S. Army War College, and the University of Maryland. Mr. King is a Certified Information Systems Security Professional (CISSP), Global Industrial Cyber Security Professional (GICSP) and holds additional industry certifications for penetration testing, incident response, and security leadership.

  • speaker photo
    Sanara Marsh
    Security Evangelist, Randori, an IBM Company

    Director of Product Marketing for Randori and Security Evangelist, Sanara Marsh focuses on trends in cybersecurity and looks to apply methods to operationalize security programs. Working with a range of organizations to improve their security programs, Sanara has experience in endpoint as well as the exposure management space.

  • speaker photo
    Kathleen Moriarty
    CTO, Center for Internet Security

    Kathleen Moriarty, Chief Technology Officer, Center for Internet Security, has over two decades of experience. Formerly as the Security Innovations Principal in Dell Technologies Office of the CTO, Kathleen worked on ecosystems, standards, and strategy. During her tenure in the Dell EMC Office of the CTO, Kathleen had the honor of being appointed and serving two terms as the Internet Engineering Task Force (IETF) Security Area Director and as a member of the Internet Engineering Steering Group from March 2014-2018. Named in CyberSecurity Ventures, Top 100 Women Fighting Cybercrime. She is a 2020 Tropaia Award Winner, Outstanding Faculty, Georgetown SCS.

    Kathleen achieved over 20 years of experience driving positive outcomes across Information Technology Leadership, IT Strategy and Vision, Information Security, Risk Management, Incident Handling, Project Management, Large Teams, Process Improvement, and Operations Management in multiple roles with MIT Lincoln Laboratory, Hudson Williams, FactSet Research Systems, and PSINet.

    Kathleen holds a Master of Science Degree in Computer Science from Rensselaer Polytechnic Institute, as well as, a Bachelor of Science Degree in Mathematics from Siena College. Published work: "Transforming Information Security: Optimizing Five Concurrent Trends to Reduce Resource Drain," July 2020.

  • speaker photo
    Anna Belak
    Director, Office of Cybersecurity Strategy, Sysdig

    Anna has 10 years of experience researching and advising organizations on cloud adoption with a focus on security best practices. As a Gartner Analyst, Anna spent six years helping more than 500 enterprises with vulnerability management, security monitoring, and DevSecOps initiatives. Anna's research and talks have been used to transform organizations' IT strategies and her research agenda helped to shape markets. Anna is the Director of Thought Leadership at Sysdig, using her deep understanding of the security industry to help IT professionals succeed in their cloud-native journey.

    Anna holds a PhD in Materials Engineering from the University of Michigan, where she developed computational methods to study solar cells and rechargeable batteries.

  • speaker photo
    Paul Marchione
    Sr. Sales Engineer, Thales

    Paul Marchione is part of Thales Cloud Protection and Licensing division. Paul is currently a Senior Sales Engineer with Thales focusing on products that protect customer’s data at rest and data in motion for both on premise and cloud based deployments. Having received a Computer Science Engineering degree from Northeastern University, Paul has held many positions within both R&D and technical sales primarily in the networking, telecom’s and enterprise sectors.

  • speaker photo
    Patrick Haley
    Principal Solutions Engineer, Lacework

    Pat is a Principal Solutions Engineer for Lacework and has been with the company for 3.5 years. He spent the previous ~10 years working for Boston based Cyber Security companies in similar roles and prior to that focused on implementation and consulting work for data automation workflows. Having been in security for the past 10 years and seeing the power of data and automation throughout his career, Pat is excited to be with Lacework and helping his customers solve the variety of complex problems that come with securing public cloud environments.

  • speaker photo
    Jon Fredrickson, Moderator
    VP, CISO, Blue Cross & Blue Shield of Rhode Island

    Jon Fredrickson is Vice President & Chief Information Security Officer for Surgery Partners. Prior to Surgery Partners, Jon has held various leadership & CISO positions across healthcare in both the provider and payor markets. Jon has developed a pragmatic approach to implementing cyber security solutions and assisting his organizations in properly measuring and managing cyber risk. He graduated from the University of Rhode Island with a B. A. in Economics. Jon is a member of the Association for Executives in Healthcare Information Security, the Healthcare Sector Coordinating Council (HSCC) and is a Certified Information Security Manager.

  • speaker photo
    John Fahey
    Cybersecurity Specialist, Infoblox

    John Fahey is a technical consultant with over 25 years of experience in infrastructure and security solutions. John’s career spans healthcare, telecommunications, and software manufacturers such as EMC, Intel Security, McAfee and Splunk prior to his current role as Product Security Specialist with Infoblox’s BloxOne Threat Defense solution. John has spent the last decade focused on helping to improve the lives of security analysts and security operations teams using software solutions, data analytics and automation. Today, John focuses on DNS as the real perimeter of security and on helping to improve security posture by automating DNS data for visibility, threat detection and as a mitigating control.

  • speaker photo
    Shawn E. Tuma
    Co-Chair, Data Privacy & Cybersecurity Practice, Spencer Fane LLP

    Shawn Tuma is an internationally recognized cybersecurity, computer fraud and data privacy law attorney, areas in which he has practiced for two decades. He is Co-Chair of Spencer Fane’s Data Privacy & Cybersecurity Practice where he regularly serves as cybersecurity and privacy counsel advising a wide variety of businesses ranging from small and mid-sized companies to Fortune 100 enterprises. Shawn has been named a Cybersecurity Law Trailblazer by the National Law Journal, SuperLawyers Top 100 Lawyers in DFW, and Best Lawyers in Dallas. He serves as the Practitioner Editor for Bloomberg Law’s Texas Privacy & Data Security Law, among many other activities.

  • speaker photo
    David Barker
    Director of Application Security, GoodLeap LLC

    David Barker is Director of Application Security for GoodLeap LLC, a Fintech company providing a point-of-sale platform for sustainable home solutions. GoodLeap marks David’s fourth creation of a Code-to-Cloud Application Security program. His pedigree includes companies like Dell EMC, Stanley Black & Decker, and PTC. David has both an MBA and an MS in IT and wields his combination of business and technical acumen with repeated success.

  • speaker photo
    Scott Margolis
    CISO, Massachusetts Bay Transportation Authority (MBTA)

    Senior Information Technology/Security Executive with over 25 years of experience at premier institutions successfully building services and client relationships, developing methodologies, and integrating cross-functional skills. Specializes in information security and risk management, compliance, knowledge management, strategy, business continuity, and operational efficiency. Reputation for leading new initiatives focused on transforming operations, establishing partner/industry relationships, increasing revenue, and reducing cost and risk exposure. Proactive leader with intense focus on customers and beneficial outcomes.

  • speaker photo
    Katherine Chipdey
    Director, Solutions Engineering and Alliances, Automox

    Katherine Chipdey has spent her career in Cybersecurity, consulting on how to simplify our understanding of the threat landscape and building programs for thousands of customers around EDR, SOAR, and MDR. At Automox, she helped build out the Solutions Engineer Team, where she focused on automating IT operations, reducing risk, and bridging that gap between security and IT for prospects and customers alike. Katherine now manages the technical channel relationships, enabling other IT and Security experts on how to use Automox in order to help their customers meet business needs and critical security goals like never before. Katherine has most enjoyed the opportunity to use her background and experiences in the the field to meet security/ IT teams, and enable them to be as successful as possible with their initiatives - where a relationship can be made, she will try, as those meaningful interactions and the growth, learning, and connection they bring are invaluable to her. Outside of work, she could spend forever talking about her travels, archery, and pups.

  • speaker photo
    Jason Albuquerque
    Chief Operating Officer, Envision

    With more than 20 years of experience in the technology field, Jason has served in numerous leadership role in his career leading to the Chief Operating Officer position with Envision.

    Jason takes pride in leading the charge, and in building a culture that is innovative and secure by design for the business and its clients. He brings the strategic insight, industry knowledge, and agility that today’s industry requires to effectively respond to the rapidly changing technology, threat, risk, and business landscapes.

    He has been the recipient of several prestigious recognitions and awards in technology and leadership, including being named a “2021 Top Cybersecurity Leader" by Security Magazine partnered with (ISC), Rhode Island’s 40 under Forty Award, and Rhode Island’s Tech 10 Award. He is also a seven-time National Public Technology Institute Solutions Award winner.

    Jason currently co-hosts the Business Security Weekly podcast and serves on Congressman Langevin’s (Congressional Cybersecurity Caucus co-chair) Cybersecurity Advisory Committee. He also serves on the Tech Collective Board of Directors and the Rhode Island Joint Cyber Task Force.

  • speaker photo
    Donald Borsay, Moderator
    Director of Security Solutions, HCH Enterprises
  • speaker photo
    Jeanette Sherman
    Director of Product, Mend

    Jeanette Sherman has spent her cybersecurity career working to understand and relieve the struggles of security leaders as they work to secure open source. After a youth spent befriending famous hackers, Jeanette has developed a perspective on cybersecurity that takes into account not only today's business needs, but also the thought patterns of real threat actors.

  • speaker photo
    Brian Cayer
    CISO, Keck Medicine of USC
  • speaker photo
    Roy Wattanasin
    Healthcare Information Security Officer, Healthcare Organization

    Roy Wattanasin is a healthcare information security professional. He is an avid speaker providing thought leadership at many conferences and webinars. Roy enjoys incident response and building security programs. He is involved with many computer security groups including the Boston Application Security Conference (BASC), OWASP Boston and other local associations. Roy is a member of multiple advisory groups, including SecureWorld Boston. He was previously an adjunct instructor at Brandeis University as part of the Health and Medical Informatics program. He is the co-founder of the decade-old program.

  • speaker photo
    Michael Leland
    Chief Cybersecurity Evangelist & Head of Technical Marketing, SentinelOne

    Michael joined SentinelOne in May 2020 as Head of Technical Marketing where he brings over 25 years of security domain expertise. He is responsible for messaging and strategic development of the XDR product roadmap. Prior to SentinelOne, he held the title of Chief Technical Strategist for McAfee. Michael served formerly as the CTO at NitroSecurity where he was responsible for developing and implementing NitroSecurity's overall SIEM technology vision and roadmap. Michael has held senior technical management positions at Eziaz, Cabletron and Avaya. At Avaya, a global telecommunications equipment and services vendor, he served as CTO where he led the company in its strategic efforts for converged data/voice development initiatives.

  • speaker photo
    Greg McCarthy
    CISO, City of Boston

    Greg McCarthy is the first Chief Information Security Officer for the City of Boston and career public servant. Since joining the City of Boston’s Cybersecurity Team in 2010, Greg has managed the implementation of numerous information security solutions, developed the City's first cybersecurity awareness program for employees and successfully enforced the use of multi-factor authentication for all employees. In his role, Greg continues to lead efforts to strengthen the cybersecurity capabilities across the City and further the team’s mission through modernizing technology, partnerships, and regular training. Greg is a cybersecurity leader and change agent who is focused on strengthening cybersecurity for the City of Boston and all municipal governments through partnership and collaboration.

  • speaker photo
    Benjamin Corman
    Director, Information Security & IT Governance, Digital Federal Credit Union

    Ben has had a lifelong love of all things technical and has been an IT and Security professional for over 15 years. For the last 12 years he has been in the credit union industry and has been involved in an array of different projects and solutions. From core platform, networking, and system operations, to working on custom developed applications and with startups and Fintechs. He has been a presenter at CUNA Technology Council and CUIntersect. Most recently, Ben has been involved in security evolution, as it extends beyond the traditional boundaries, and into the wider world.

  • speaker photo
    Esmond Kane
    CISO, Steward Health Care

    Esmond Kane brings more than two decades of expertise as a distinguished leader in information security, safeguarding vital sectors. With a rich leadership background at prestigious institutions like Harvard University, Mass General Brigham, and Steward Health Care, he also serves on the advisory boards of multiple companies, providing valuable insights on cyber matters. Kane excels as a trusted consultant to top executives and founders, ensuring secure IT operations, regulatory compliance, and resilient design. His stellar track record is a testament to his recognized authority in the field.

  • speaker photo
    David Dumas, Moderator
    Sr. Principal, Security Risk Management, Verizon

    David Dumas, CISSP, CISM, ISSA Distinguished Fellow. David is a Senior Principal in Security Risk Management for Verizon's Wireline Security Operations group. He has 32 years in the security field, working at Digital Equipment and Verizon. He has been on the ISSA New England Chapter Board since 1998.

  • speaker photo
    Erin Joe
    Sr. Executive Service, Office of Private Sector (Retired), FBI

    Erin Joe, Office of the CISO, Google Cloud, formerly SVP, Strategy and Alliances at Mandiant, draws from her 25-year career serving as a transformational leader guiding organizational change as well as an Executive Leadership Coach developing other leaders. Erin is responsible for supporting the cyber industry, clients, and partners as a thought leader with insights into threats, strategies to protect, approaches to change, preparing for crisis, and improving business resilience. Prior to Mandiant, Erin was a top-ranking FBI executive driving federal cyber response strategies and operations in partnership with the private sector. This includes co-authoring the FBI's first integrated strategy for Cyber, Counterterrorism, and Counterintelligence as well as implementing cyber operations executed in collaboration with Intelligence and Law Enforcement Communities, allied nations, and private industry. Erin was an FBI Special Agent and leader in four FBI Field Offices and five divisions at FBI Headquarters. Her career highlights include large scale crisis management along with trial and investigative work related to the Oklahoma City Bombing, 9/11, terrorist attacks against US Embassies, nation state cyber attacks against US critical infrastructure, and threats to US elections. During her six years in the FBI’s Senior Executive Service, Erin improved intelligence sharing, threat preparedness, and operational collaboration with Fortune 500 company C-suite executives, and U.S. and foreign government counterparts. As Director of the Cyber Threat Intelligence Integration Center, Erin delivered the current threat picture across government, chaired the board of the seven federal cyber centers, and assessed risk for international operations. Erin holds cyber security certifications and completed Executive Programs at the Naval Post Graduate School, Carnegie Mellon University, Kellogg School of Business, Harvard Business School, Ross School of Business, and the University of Southern California. She is a licensed attorney in Texas, lives with her family in Northern Virginia, and enjoys her advisory board and adjunct professor roles.

  • speaker photo
    Deidre Diamond
    Founder and CEO, CyberSN and Secure Diversity

    Deidre Diamond is the founder and CEO of CyberSN, the largest cybersecurity talent acquisition technology and services firm in the U.S., transforming job searching and hiring for the cybersecurity industry. Standardizing all cybersecurity job functions into a common taxonomy of 45 roles, the CyberSN platform allows professionals to make anonymous, public profiles that match with employer-posted job descriptions using the same taxonomy. This innovation is disruptive and solves a serious national security issue. Deidre’s leadership style combines 25 years of experience working in technology and staffing, her love of the cybersecurity community, and a genuine enthusiasm for people. She has led large-scale sales and operations and built high-performance teams at Rapid7 and Motion Recruitment prior to founding her own organizations. She believes a company-culture established on ‘anything is possible’ attitudes and open communication frameworks, along with positive energy, career advancement, and kindness, enables her teams to have fun at work and reach beyond peak performance. She also encourages the use of EQ (Emotional Intelligence) skills: self-awareness, self-regulation, motivation, social skills, and empathy. Deidre has also founded SecureDiversity.org, a non-profit organization working to raise awareness for, and increase the hiring of, women and underrepresented humans in the cybersecurity workforce. She has also spoken at some of the biggest tech summits, conferences, and podcasts in the world including ISC2 Congress, RSA, ISSA International, and Hacker Halted.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Jordan Fischer, Instructor
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP

    Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes