Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, March 22, 2023
    7:30 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:30 am - 4:30 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    [PLUS Course] Developing a Ransomware Program Using the MITRE ATT&CK Framework: Part 1
    • session level icon
    speaker photo
    Executive Director, Information Security & Cyber Protection, Sumitomo Pharma Americas
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am

    Ransomware is a type of malicious software, or malware, that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return. Ransomware attacks can cause costly disruptions to operations and the loss of critical information and data. You can unknowingly download Ransomware onto a computer by opening an email attachment, clicking an ad, following a link, or even visiting a website that’s embedded with malware.

    Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the frequency of attacks remains consistent. Since early 2018, the incidence of broad, indiscriminate Ransomware campaigns has declined, but losses from Ransomware attacks have increased significantly, according to complaints received by FBI case information. Although state and local governments have been particularly visible targets for Ransomware attacks, threat actors have also targeted health care organizations, industrial companies, and the transportation sector.

    This course helps organizations design, build, update, maintain a comprehensive Ransomware Program.

    Course Outline:

    Part 1: Ransomware Overview – The Current Threat Landscape

    • What is ransomware and how does it work?
    • How ransomware attacks have changed—from 2016 to today
    • Today’s ransomware attacks: big game hunting
    • Ransomware attacks against critical infrastructure
    • Ransomware and cyber insurance

    Part 2: Ransomware Attacks and the MITRE ATT&CK Framework  

    • Discuss ransomware attack stages (initial access, lateral movement, privilege escalation…)
    • Review the MITRE ATT&CK Framework (tactics, techniques, procedures)
    • Map ransomware attack stages to the MITRE Attack Framework

    Part 3:  Ransomware Controls Frameworks, Guides, and Best Practices   

    • NIST IR 8374: Cybersecurity Framework Profile for Ransomware Risk Management
    • CISA MS-ISAC Ransomware Guide
    • NIST SP 1800-25: Identifying and Protecting Assets Against Ransomware & Other Destructive Events
    • NIST SP 1800-26: Detecting and Responding to Ransomware & Other Destructive Events
    • NIST SP 1800-11: Recovering from Ransomware & Other Destructive Events

    Part 4:  Building a Ransomware Program Based on the NIST Risk Management   

    • Step 1: Prepare – Essential activities to prepare the organization for a ransomware attack
    • Step 2: Categorize– Architect, design, organize critical systems, information, and security tools
    • Step 3: Select – Choose the ransomware controls (i.e., CISA_MS-ISAC Ransomware Guide)
    • Step 4: Implement – Using security tools / sensors to apply ransomware controls to critical assets
    • Step 5: Assess – Determine if controls are in place, operating as intended, producing desired results
    • Step 6: Authorize – Communicate ransomware program / assessment with executive management
    • Step 7: Monitor – Continuously monitor
    7:30 am
    [PLUS Course] Operationalizing Privacy Laws into Your Organization: Part 1
    • session level icon
    An Overview of US and Global Privacy Laws
    speaker photo
    Cyber Attorney, Global Leader of Privacy Practice Group, Octillo Law
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am

    This SecureWorld PLUS course will focus on key privacy laws and concepts, and how to implement privacy into your organization. The main components that the course will cover include:

    1. Overview of US and Global Privacy Laws
    2. Building an Effective and Practical Privacy and Security compliance program
    3. Creating a process to respond to data subject rights
    4. Addressing key privacy concepts: data minimization, privacy by design, data protection impact assessments, responding to privacy breaches.

    Increasingly, each country, and even each state, is providing unique legal solutions to data privacy and information security. For businesses that cross borders, both national and domestic, this creates distinct challenges to building effective solutions that address legal requirements while also allowing a business to innovate and evolve. These changing privacy, security and technology requirements are impacting the growth and innovation within companies, requiring strategic decisions regarding risk, legal liability, and strategic planning.

    Often, understanding the requirements of the law, and translating those requirements into technological solutions can be challenging. However, companies that are operationalizing privacy and information security within their organizations are able to address these evolving legal requirements while balancing growth and new opportunities. This workshop will provide in-depth understanding of those legal requirements, and provide a framework to help the industry incorporate privacy and security within their operations so that the law can work hand-in-hand with the business, and not become a barrier for the businesses growth and evolution.

    The course will include both lecture and hands-on exercises. The goal is for attendees to take away tools and strategies to bring this conversation to their teams and departments.

    Session 1 of the course will start with an overview of general privacy and security legal and policy principles, and then will focus on the key laws and regulatory decisions that are pushing the privacy and security legal landscape, including the European Union’s General Data Protection Regulation (“GDPR”), the Federal Trade Commission (“FTC”) rules and regulations, the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), and the various U.S. state privacy laws. Using these laws, we will discuss case studies, and how to communicate, plan, and strategize on products and solutions that
    incorporate privacy and security requirements.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 4:30 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    Advisory Council Roundtable Breakfast – (VIP / Invite only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:50 am

    This roundtable discussion is for our Advisory Council members only.

    8:00 am
    Table Top Exercise
    • session level icon
    Military Cyber Professionals Association
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:50 am

    Session description coming soon.

    8:00 am
    Can You Pass the Cyber Quiz?
    • session level icon
    speaker photo
    CISO, Cyber Guide LLC
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:50 am

    Session description coming soon.

    8:00 am
    ISSA Chapter Meeting
    • session level icon
    Open to all attendees
    speaker photo
    Sr. Principal, Security Risk Management, Verizon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:50 am

    Discussion topic and agenda TBD.

    9:00 am
    [Opening Keynote] Lessons Learned from a Day in Ukraine
    • session level icon
    speaker photo
    CISO, Afiniti
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    Cybersecurity expert and good Samaritan Andrew Smeaton shares his personal and professional story that started from sitting on a beach in Cancun with a cocktail drink in hand to driving into Ukraine to save a colleague and his family from an active war zone. One year later, he will reflect on his lessons learned in crisis management, preparation, and how his career led to a once in a lifetime humanitarian mission.
    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:15 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    10:15 am
    Supply Chain Risks
    • session level icon
    speaker photo
    CISO, Sonesta Hotels
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am

    Session description to come.

    10:15 am
    AppSec Nirvana
    • session level icon
    speaker photo
    Director of Application Security, GoodLeap LLC
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am

    Session description coming soon.

    10:15 am
    Deriving Insight from Threat Actor Infrastructure
    • session level icon
    speaker photo
    Sr. Security Engineer, Team Cymru
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am

    From proactively hunting for unknown attacker infrastructure, to placing the exploitation of vulnerabilities on a timeline often obscured by large spikes in activity, this talk will explore ways in which we can enrich our understanding of the threat landscape beyond that which is shared in threat feeds and reports.

    10:15 am
    [Qualys] Cybersecurity Risk Management
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am

    Session description coming soon.

    11:10 am
    [Panel] There’s a Bad Moon on the Rise – Are You Ready?
    • session level icon
    Identifying the Current Threat Landscape
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am

    Like the main character in the 1981 horror movie, An American Werewolf in London, cybercriminals continue to morph into something evil, lurking in the night (and day) to cause harm to people, organizations, and governments. Cue the Creedence Clearwater Revival song, Bad Moon Rising.

    The cybersecurity community is smart and more than capable of thwarting bad actors, fangs and all. They have tools, technologies, partnerships across private and public entities, and solution vendors to help them along the way. Don’t forget about the consultants working hard to stay ahead of those wanting to do harm, as well.

    Hear our panelists’ views on the current threat landscape, solutions they have to offer, and ideas they have for turning a bad moon into a harvest moon.

    11:10 am
    Leveraging Your Organization’s ERM Program to Improve Your Cyber Program
    • session level icon
    speaker photo
    Information Security Officer, Blue Cross & Blue Shield of Rhode Island
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am

    Cyber Security is a top risk for most, if not all organizations. This session will discuss how active participation in your organization’s Enterprise Risk Management program can lead to a data driven approach to track and demonstrate improvement of your cyber program with the added benefit of opening it up to new audiences within your organization.  We will discuss the process that we follow to create and then update our risk metrics on an annual basis and how over time this has led to data that demonstrates program maturity and adaptation to the changing risk landscape. Finally, we will touch on the greater ERM program and how alignment with it can be a win-win for both teams as each program matures  

    11:10 am
    BEC Attacks: The Stealthiest and Most Lucrative Threat
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am
    12:00 pm
    [Lunch Keynote] That Moment When You Realize There Is Nowhere Left to Hide
    • session level icon
    speaker photo
    CISO and Senior Director, Boom Supersonic
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm
    Location / Room: Keynote Theater
    We’ve connected everything, everywhere, all the time, so how DO we more efficiently interact with a digital realm that continually measures our pulse in the real world? Let’s talk about some attack vectors that I’ve spent the last few years researching and helping others work on. And then let’s talk about what we CAN do about things. You’ll never look at your lights the same way again.
    12:00 pm
    Advisory Council Roundtable Lunch (VIP / Invite Only)
    • session level icon
    Sponsored by Skybox Security
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 12:45 pm

    Discussion topic and moderator to be announced.

    Sponsored by:

    12:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:45 pm - 1:15 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    1:15 pm
    [Panel] Hitting the Right Note with Your Network Security
    • session level icon
    Developing an Incident Response Plan
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    A new attack vector (or two or eight) is identified daily, and who knows what is coming down the pike from those with nefarious intentions. How do cybersecurity professionals keep up and strike the right note in their symphony of defenses? Cybersecurity teams must have solid Incident Response (IR) plans in place to mitigate these attacks.

    Our panel of experts reveals the instruments—tools, technologies, and systems—they have to offer so that cybersecurity band members are all playing the same tune on behalf of their organizations. They’ll identify current threats and solutions for each so public and private entities have an IR plan that balances defense and offense, creating a beautiful song.

    1:15 pm
    Principle-Based Leadership: Consistently Developing and Retaining High-Performing Talent
    • session level icon
    speaker photo
    VP, Global Security & Privacy, SharkNinja
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:15 pm
    Defining and communicating leadership principles enables leaders to achieve results in a dynamic cybersecurity world. Setting expectations for how a team operates creates a baseline for operating performance, defines team values, and holds team members accountable for results. In this session, we will discuss how leaders can define their team principles, deliver results, and retain top performing talent.
    1:15 pm
    [ThreatLocker] The Cybersecurity Paradigm Is Shifting
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    Session description coming soon.

    2:15 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 2:30 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    2:30 pm
    Measuring Your Risk Management
    • session level icon
    speaker photo
    CISO, Monotype
    Registration Level:
    • session level iconConference Pass
    2:30 pm - 3:15 pm

    Regardless of how well you assess risk, it is import to know if the controls you put into place are working as designed. This talk will discuss how to measure the controls used to mitigate risk in a way that informs not only on if the controls are being effective in managing business risk, but also to ensure that they’re not having a negative impact. The creation of visual representations for the effective reporting of metrics will also be discussed. The example metrics used in my presentation are all currently in use in my organization.

    2:30 pm
    Maximizing Cloud Security Posture Management for Enhanced Protection
    • session level icon
    speaker photo
    Director, Information Security, Farm Credit Financial Partners, Inc.
    Registration Level:
    • session level iconConference Pass
    2:30 pm - 3:15 pm

    Cloud-based environments have become a staple in modern organizations, offering increased flexibility and scalability for business operations. However, as more sensitive data and critical processes are moved to the cloud, ensuring the security and integrity of these assets becomes increasingly important. In this presentation, we will discuss the key considerations and best practices for implementing a comprehensive cloud security posture management strategy. Through a combination of technical controls, governance frameworks, and ongoing monitoring, organizations can maximize their protection against potential threats and vulnerabilities in the cloud. Attendees will leave with a deeper understanding of the tools and techniques available for managing and securing their cloud environments, as well as practical tips for implementing a successful cloud security posture management program.

    2:30 pm
    How to Build an Insider Threat Program
    • session level icon
    speaker photo
    Director, Product Marketing, Exabeam
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 3:15 pm

    Sometimes just having a SOC isn’t enough to address insider threat issues. Security operations teams are managing massive amounts of data across billions of events from on premises to the cloud. Looking for specific needles like insider threats in this complex haystack has special requirements that encompass both searching historic data and seeing evolving credential behavior changes as they happen.

    Whether from downsizing or expanding the business, employees, vendors, contractors, and more are moving in and out of your environment. And often, it is during turbulent times that insider threats go unobserved as everything  changes so quickly. Insider threat initiatives require a new, more focused approach.

    This presentation will explore:

    • The common scenarios that indicate you need an insider threat team, how to build a mission statement, and tools
    • Four attributes of a successful insider threat program
    • How behavioral analytics baseline “normal” behavior of users and devices—showing risk faster
    • An automated investigation experience that replaces manual routines and effectively guides new insider threat teams
    2:30 pm
    Protecting Your Digital Data
    • session level icon
    speaker photo
    Cybersecurity Architect, Instructor, and Evangelist, Atlantic Data Security
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 3:15 pm

    Session description coming soon.

    3:15 pm
    Happy Hour
    • session level icon
    Sponsored by Atlantic Data Security
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 5:30 pm

    Join your peers for complimentary hors d’oeuvres, beverages, and conversation following the first day of SecureWorld. This is a great opportunity to network with other security professionals from the area, and to discuss the hot topics from the day.

    Generously sponsored by:

    3:15 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 3:45 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    3:45 pm
    Covering Your Cyber Assets
    • session level icon
    speaker photo
    Consultant, Cyber Risk Solutions Team, WTW
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 4:30 pm
    The cyber insurance market has went through dramatic change over the past few years, with rapidly increasing rates and restricting coverages. Join a former CISO and cyber underwriter to discuss the current cyber market environment, where it may be going, and what you can do to improve your own coverages and pricing.
    3:45 pm
    [PLUS Course] Developing a Ransomware Program Using the MITRE ATT&CK Framework: Part 2
    • session level icon
    speaker photo
    Executive Director, Information Security & Cyber Protection, Sumitomo Pharma Americas
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm

    Part 2: Ransomware Attacks and the MITRE ATT&CK Framework  

    • Discuss ransomware attack stages (initial access, lateral movement, privilege escalation…)
    • Review the MITRE ATT&CK Framework (tactics, techniques, procedures)
    • Map ransomware attack stages to the MITRE Attack Framework
    3:45 pm
    [PLUS Course] Operationalizing Privacy Laws into Your Organization: Part 2
    • session level icon
    Building an Effective and Practical Data Privacy and Information Security Program
    speaker photo
    Cyber Attorney, Global Leader of Privacy Practice Group, Octillo Law
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm

    Session 2 will focus on the key components of an effective and practical data privacy and information security compliance program. This session will include an overview of key compliance documentation, including policies, procedures, and supporting documentation. We will discuss how to build a program that addresses the regulatory and legal requirements, while also balancing your business’ unique infrastructure and organization.

  • Thursday, March 23, 2023
    7:30 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:30 am - 4:30 pm
    Location / Room: Registration Desk / Lobby

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    [PLUS Course] Developing a Ransomware Program Using the MITRE ATT&CK Framework: Part 3
    • session level icon
    speaker photo
    Executive Director, Information Security & Cyber Protection, Sumitomo Pharma Americas
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am

    Part 3:  Ransomware Controls Frameworks, Guides, and Best Practices   

    • NIST IR 8374: Cybersecurity Framework Profile for Ransomware Risk Management
    • CISA MS-ISAC Ransomware Guide
    • NIST SP 1800-25: Identifying and Protecting Assets Against Ransomware & Other Destructive Events
    • NIST SP 1800-26: Detecting and Responding to Ransomware & Other Destructive Events
    • NIST SP 1800-11: Recovering from Ransomware & Other Destructive Events
    7:30 am
    [PLUS Course] Operationalizing Privacy Laws into Your Organization: Part 3
    • session level icon
    Operationalizing Your Data Privacy and Information Security Program
    speaker photo
    Cyber Attorney, Global Leader of Privacy Practice Group, Octillo Law
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am

    In Session 3 and 4, we will focus on operationalizing your Data Privacy and Information Security Program, making it actionable for the teams that will implement the requirements into the organization’s day-to-day operations. With hands-on exercises and discussion, these sessions will provide step-by-step approaches to implementing key areas of your Data Privacy and Information Security Program, including data subject rights, privacy breaches, data protection agreements, cross-border data transfers, data mapping, and data protection impact assessments.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 4:30 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    Advisory Council Roundtable Breakfast – (VIP / Invite only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:50 am

    This roundtable discussion is for our Advisory Council members only.

    8:00 am
    InfraGard Chapter Meeting
    • session level icon
    Open to all attendees
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:50 am

    Discussion topic and agenda TBD.

    8:00 am
    WiCys Chapter Meeting
    • session level icon
    Open to all attendees
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:50 am

    Session description coming soon.

    9:00 am
    [Opening Keynote] Threats to National Security in Cyberspace
    • session level icon
    speaker photo
    JIOC Commander, United States Cyber Command
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    Location / Room: Keynote Theater
    As 2022 was a record-breaking year with the volume of cyberattacks, data breaches, and phishing scams on the rise, there was also an increase in state-sponsored hacktivism cases. In her keynote, Col. Candice Frost covers known hacking groups, their methods, motivations, and relationship to greater geopolitical developments. Col. Frost covers state-affiliated threats, while also touching other adjacent realms of the cyberthreat ecosystem, such as ransomware, DDoS attacks, and stolen information. In addition, she covers critical infrastructure, election security, and the security of local and state governments.
    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:15 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    10:15 am
    Bored with Boards... but Wait!
    • session level icon
    speaker photo
    CISO, Steward Health Care
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am

    After repeated wake-up calls, Boards of Directors are under pressure to add cybersecurity skills to their responsibilities and be more accountable for cyber-risk. The SEC have even proposed new rules expected to force public companies to add skilled cybersecurity members to their boards, a tactic that worked 20 years ago for financial expertise. But can it work again?

    Board membership is not an arena typically open to CISOs, we’ve spent decades struggling to translate and communicate the risks behind digital transformation to the board – what does it mean if a CISO is also one of the Board members?

    • What you should know around board oversight – not all boards are created equal!
    • What organizations may look for in board members with a security background
    • What you can do to prepare now
    10:15 am
    Recalibrating Resiliency to Address Disruption at Scale
    • session level icon
    speaker photo
    Chief of Cybersecurity, CISA Region 1 (New England)
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am

    Risk, either positive or negative, is inherent to all business operations. As our operating environments interact, they evolve and become more complex, interdependent, and fragile. Threats proliferate, risk becomes ambiguous, and disruptions ripple outwards. This is the essence of the conditions we are experiencing today, and dynamic risk compounds due to the confluence of dependencies.

    CISA was formed to understand, assess, and reduce risk to cyber and physical infrastructure, yet we increasingly see that organizations are unprepared to manage dynamic risk at scale. If dynamic risk, threats, and disruptions are now the norm, what approaches are needed to recalibrate readiness and resiliency?

    10:15 am
    [Randori] Attack Surface Management
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am

    Session description coming soon.

    11:10 am
    [Panel] Lucy in the Cloud with Diamonds
    • session level icon
    Securing Your Cloud Environment
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am

    Can you “imagine” if The Beatles, when first starting out, had to deal with having their catalog of music hacked, stolen, and held for ransom simply because it was in an unsecure cloud setting? While it is possible for that to happen with their hit-laden collection of songs today, it’s merely a tiny example of how businesses operate at a minimum in a hybrid cloud environment—many in a cloud-only platform.

    With that comes security issues and another major area which cybersecurity professionals must work diligently to protect.

    Our panel of experts share the good, the bad, and the ugly of operating in a cloud environment, what it takes to make the move to hybrid or multi-cloud successful, how to protect data from insider and outsider threats, and what it takes to provide the support DevOps teams need.

    11:10 am
    Transforming Information Security for Businesses of All Sizes
    • session level icon
    speaker photo
    CTO, Center for Internet Security
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am

    In order to combat cyber threats for organizations of all sizes and the supply chain, how information security is delivered and managed requires transformation. The burden of securing systems and networks has long been placed on the end organization, resulting in a distributed management requirement that does not scale. Requirements placed on the end organization exacerbate the burden, whereas “shift left,” setting requirements on the vendor, can alleviate it. Industry has a unique opportunity to aid a positive transformation to better scale security for solutions, with an aim towards improving the overall security posture and reducing the security professional deficit. Innovation to deploy security following scalable architectural patterns for security management is paramount.

    12:00 pm
    [Lunch Keynote] Cybersecurity Really Is a Team Sport
    • session level icon
    speaker photo
    Co-Chair of the Data Privacy & Cybersecurity Practice, Spencer Fane LLP
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm
    Location / Room: Keynote Theater

    Why strategic leadership and an understanding of roles, personalities, and psychology is important for building and managing effective cybersecurity teams.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 12:45 pm

    Advisory Council – VIP / INVITE ONLY

    12:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:45 pm - 1:15 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    1:15 pm
    [Panel] Hitting the Right Note with Your Network Security
    • session level icon
    Developing an Incident Response Plan
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    A new attack vector (or two or eight) is identified daily, and who knows what is coming down the pike from those with nefarious intentions. How do cybersecurity professionals keep up and strike the right note in their symphony of defenses? Cybersecurity teams must have solid Incident Response (IR) plans in place to mitigate these attacks.

    Our panel of experts reveals the instruments—tools, technologies, and systems—they have to offer so that cybersecurity band members are all playing the same tune on behalf of their organizations. They’ll identify current threats and solutions for each so public and private entities have an IR plan that balances defense and offense, creating a beautiful song.

    1:15 pm
    How to Win the InfoSec Budget Game
    • session level icon
    speaker photo
    CISO, Emburse
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:15 pm
    If you are approved for the spend does this mean we will not get breached? How do you get the boards ear, executive team’s blessing, and the funding for your program? Join Bill who will walk you though an approach that might just deliver you best budget yet.
    2:15 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 2:30 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    2:30 pm
    Build Better Controls Around Third-Party Risk
    • session level icon
    speaker photo
    CISO, Tufts Medicine
    Registration Level:
    • session level iconConference Pass
    2:30 pm - 3:15 pm

    Session description coming soon.

    2:30 pm
    Debunking Common Myths About XDR
    • session level icon
    speaker photo
    Chief Cybersecurity Evangelist & Head of Technical Marketing, SentinelOne
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 3:15 pm

    There has been a tremendous buzz across the cybersecurity community about the emerging technology known as XDR (eXtended Detection & Response). Unfortunately for the practitioner, there has yet to be a single definition widely accepted by both analysts and vendors perporting to be knowledgeable on the subject. What is XDR and why should I consider the technology in my enterprise security stack? What should I expect from vendors who claim to have built the perfect mousetrap? What is reality, and what is just hype? This session will walk through some generally accepted value statements associated with XDR, while attempting to debunk a few common myths that continue to muddy the water for security teams.

    3:15 pm
    Networking Break and Dash for Prizes
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 3:45 pm
    Location / Room: Exhibitor Hall

    Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

    Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

    3:45 pm
    [Executive Panel] Making the Cybersecurity Music
    • session level icon
    speaker photo
    CISO, City of Boston
    speaker photo
    Director, Information Security & IT Governance, Digital Federal Credit Union
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 4:30 pm

    Session description coming soon.

    3:45 pm
    (ISC)2 Chapter Meeting
    • session level icon
    Open to All Attendees
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 4:30 pm

    Join (ISC)2 for a meet and greet. This session is intended for members and non-members.

    3:45 pm
    [PLUS Course] Developing a Ransomware Program Using the MITRE ATT&CK Framework: Part 4
    • session level icon
    speaker photo
    Executive Director, Information Security & Cyber Protection, Sumitomo Pharma Americas
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm

    Part 4:  Building a Ransomware Program Based on the NIST Risk Management   

    • Step 1: Prepare – Essential activities to prepare the organization for a ransomware attack
    • Step 2: Categorize– Architect, design, organize critical systems, information, and security tools
    • Step 3: Select – Choose the ransomware controls (i.e., CISA_MS-ISAC Ransomware Guide)
    • Step 4: Implement – Using security tools / sensors to apply ransomware controls to critical assets
    • Step 5: Assess – Determine if controls are in place, operating as intended, producing desired results
    • Step 6: Authorize – Communicate ransomware program / assessment with executive management
    • Step 7: Monitor – Continuously monitor
    3:45 pm
    [PLUS Course] Operationalizing Privacy Laws into Your Organization: Part 4
    • session level icon
    Operationalizing Your Data Privacy and Information Security Program
    speaker photo
    Cyber Attorney, Global Leader of Privacy Practice Group, Octillo Law
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm

    In Session 3 and 4, we will focus on operationalizing your Data Privacy and Information Security Program, making it actionable for the teams that will implement the requirements into the organization’s day-to-day operations. With hands-on exercises and discussion, these sessions will provide step-by-step approaches to implementing key areas of your Data Privacy and Information Security Program, including data subject rights, privacy breaches, data protection agreements, cross-border data transfers, data mapping, and data protection impact assessments.

Exhibitors
  • Abine
    Booth: TBD

    For over 10 years, Abine has been the market leader in personal identity management software and services. The company’s flagship solution, DeleteMe, removes publicly available executive and employee personal information from the web to counter cyber threat, social engineering, phishing, doxxing, harassment, robocalls, and spam

  • Absolute Software Inc.
    Booth: TBD

    Absolute provides endpoint visibility and control to help self-healing endpoint security and always-connected IT asset management to protect devices, data, applications and users — on and off the corporate network.

    Bridging the gap between security and IT operations, only Absolute gives enterprises visibility they can act on to protect every endpoint, remediate vulnerabilities, and ensure compliance in the face of insider and external threats. Absolute’s patented Persistence technology is already embedded in the firmware of PC and mobile devices and trusted by over 12,000 customers worldwide.

    Headquartered in Vancouver, Canada, our regional headquarters are located in Austin, Texas, San Jose, California, Ho Chi Minh City, Vietnam and Reading, England.

  • AccessIT Group
    Booth: TBD

    AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.

    AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.

  • APCON
    Booth: TBD

    APCON, an industry leader in network visibility and security solutions, provides an unparalleled level of confidence to enterprise and midsize businesses seeking network insights for enhanced investigation, threat detection and response. Our customers include Fortune 1000 companies to midsize organizations as well as government and defense agencies. Organizations in over 40 countries depend on APCON solutions.

  • ASIS
    Booth: TBD

    ASIS International is the world’s largest membership association for security professionals. With hundreds of chapters across the globe, ASIS is recognized as the premier source for learning, networking, standards, and research. ASIS ensures its members and the security community have access to the intelligence and resources necessary to protect their people, property, and information assets. www.asisonline.org

  • Atlantic Data Security
    Booth: TBD

    Since 1993, Atlantic has been representing industry leading security products to help get customers to an acceptable level of IT security risk. Atlantic works extensively with both large enterprises and SMB markets, understanding their business goals before any solution is recommended. Atlantic’s strict focus ensures that customers receive the highest level of both service and support.

  • Cloudflare
    Booth: TBD

    Cloudflare is a global network designed to make everything you connect to the Internet secure, private, fast, and reliable.

    Secure your websites, APIs, and Internet applications.
    Protect corporate networks, employees, and devices.
    Write and deploy code that runs on the network edge.

  • CREST
    Booth: n/a

    CREST is an international not-for-profit accreditation and certification body that represents and supports the technical information security market. CREST provides internationally recognised accreditations for organisations and professional level certifications for individuals providing penetration testing, cyber incident response, threat intelligence and Security Operations Centre (SOC) services.

  • Critical Start
    Booth: TBD

    Critical Start is a cybersecurity company with a holistic, customer-focused approach. We work with our customers to understand the impact of IT on their business and determine the associated risks. Using this risk profile, we can offer big-picture guidance on the strategies and controls that will enable them to effectively manage risk and improve security. Critical Start is 100% employee owned by a team of experts who are passionate about security, quality and service. For more information on what sets us apart, visit criticalstart.com.

  • Cymulate
    Booth: TBD

    Cymulate SaaS-based continuous security validation makes it simple to measure and improve your security posture across the full attack kill-chain. Every assessment is scored and includes actionable remediation guidance to mitigate risk and optimize security control effectiveness. Cymulate enables you to take data-driven decisions and manage your security resources efficiently.

  • Envision Technology Advisors
    Booth: TBD

    Envision Technology Advisors is a business and technology consultancy specializing in Digital Transformation, Cybersecurity, Business Continuity, Infrastructure Consulting, Web Design and Development, and much more. With offices in Rhode Island and the Boston area, Envision serves clients throughout New England and beyond.

  • Exabeam
    Booth: TBD

    Exabeam is a global cybersecurity leader that adds intelligence to every IT and security stack. The leader in Next-gen SIEM and XDR, Exabeam is reinventing the way security teams use analytics and automation to solve Threat Detection, Investigation, and Response (TDIR), from common security threats to the most critical that are difficult to identify. Exabeam offers a comprehensive cloud-delivered solution that leverages machine learning and automation using a prescriptive, outcomes-based approach to TDIR. We design and build products to help security teams detect external threats, compromised users and malicious adversaries, minimize false positives and best protect their organizations.

  • ForgeRock
    Booth: TBD

    ForgeRock® (NYSE: FORG) is a global leader in digital identity that delivers modern and comprehensive identity and access management solutions for consumers, employees, and things to simply and safely access the connected world. Using ForgeRock, more than 1,300 global customer organizations orchestrate, manage, and secure the complete lifecycle of identities from dynamic access controls, governance, APIs, and storing authoritative data—consumable in any cloud or hybrid environment. The company is headquartered in San Francisco, California, with offices around the world.

    For more information and free downloads, visit www.forgerock.com or follow ForgeRock on social media.

  • Gigamon
    Booth: TBD

    Gigamon is the first company to deliver unified network visibility and analytics on all information-in-transit, from raw packets to apps, across physical, virtual and cloud infrastructure. We aggregate, transform and analyze network traffic to solve for critical performance and security needs, including rapid threat detection and response, freeing your organization to drive digital innovation. Gigamon has been awarded over 75 technology patents and enjoys industry-leading customer satisfaction with more than 3,000 organizations, including over 80 percent of the Fortune 100. Headquartered in Silicon Valley, Gigamon operates globally. For the full story on how Gigamon can help you to run fast, stay secure and innovate, please visit www.gigamon.com.

  • HUB Tech
    Booth: TBD

    HUB Tech partners with its clients becoming part of their support team. We work beside you to ensure you have a strategy that allows you to transform your Information infrastructure to keep up with the needs of your organization and your users. We have developed proprietary tools and strategies that have enabled us to lower cost and increase the quality of service to our client base, especially to state agencies, municipalities and school districts, where cost is a deciding factor in everyday decision making.

    Our mission is simple – to take full ownership for all that we do, to protect those who trust in us, and to make lifelong clients from every customer contact.

  • ISACA New England Chapter
    Booth: TBD

    The New England Chapter of ISACA® was founded in 1976. From the modest beginnings of its first meeting—which was held at Valle’s Steak House on Route 9 in Newton, Massachusetts—the chapter has grown to over 2000 members across four states (MA, NH, ME, VT).

    The primary objective of the New England Chapter  is to provide quality Information Systems audit and security-related education to support its members and their professional certifications.

  • (ISC)2 Eastern Massachusetts
    Booth: TBD

    Advancing Information Security One Community at a Time
    As anyone seriously involved in the information security profession can attest, peer networking is an invaluable resource. (ISC)² Eastern Massachusetts Chapter provide members with the opportunity to build a local network of peers to share knowledge, exchange resources, collaborate on projects, and create new ways to earn CPE credits!

  • (ISC)2 Maine Chapter
    Booth: TBD

    The (ISC)2 Maine Chapter is a professional association authorized by the (ISC)2 the World’s Leading Cybersecurity Professional Organization created by (ISC)2 members and information security professionals living and working in Maine.

    The (ISC)2 Maine Chapter is dedicated to providing education and regular meetings to help information security professionals in Maine. Our chapter benefits from a diverse membership that works in various organizations across important sectors such as healthcare, financial services, national defense, government, service providers, and many more.

  • ISSA New England
    Booth: TBD

    The Information Systems Security Association (ISSA) is an international organization providing educational forums, publications, and peer interaction opportunities that enhance the knowledge, skills, and professional growth of its members’ information security professionals. The primary goal of ISSA is to promote management practices that will ensure availability, integrity, and confidentiality of organizational resources.

    Since its inception in 1982, ISSA’s membership has grown to include more than 100 chapters around the world with members who represent a diverse collection of organizations, including major U.S. and international corporations, leading consulting firms, world-class educational institutions, and government agencies. From EDP audit and corporate security to contingency planning and disaster recovery, ISSA members are committed to protecting their organizations’ assets and resources.

    Visit the National Headquarter’s website at www.issa.org.

  • JS Held
    Booth: TBD

    J.S. Held is a global consulting firm providing technical, scientific, and financial expertise across all assets and value at risk. Our professionals serve as trusted advisors to organizations facing high-stakes events demanding urgent attention, staunch integrity, clear-cut analysis, and an understanding of both tangible and intangible assets.

    The firm provides a comprehensive suite of services, products, and data that enable clients to navigate complex, contentious, and often catastrophic situations.

  • K Logix
    Booth: TBD

    K logix is the leading information security company. We provide security consulting, technology solutions, and integration services to enterprise companies. Our experienced team and our established process help enterprise customers make confident security decisions that impact their business goals.

  • Keysight
    Booth: TBD

    Keysight works with innovators to push the boundaries of engineering to design, emulate, test, and deliver breakthrough electronics. Whether you’re looking to improve product experiences, optimize and secure your network, or get a head start on technologies like 5G, 6G, electric or autonomous vehicles, IoT, or quantum, Keysight accelerates innovation with intelligent insights built on the most accurate measurements to reduce risk and speed time-to-market. Forge ahead with confidence knowing your new technologies have been designed and tested for our increasingly connected and dynamic world.

  • Military Cyber Professionals Association (MCPA)
    Booth: TBD

    The Military Cyber Professionals Association is dedicated to developing the American military cyber profession and investing in our nation’s future through STEM education. We are working towards an American military cyber profession that is accomplishing what our nation needs, expects, and deserves. Our goal is to secure cyberspace for military, economic, and private individual pursuits.

  • New England Cyber Fraud Task Force (NECFTF)
    Booth: TBD

    The NECFTF is composed of officials from state and local law enforcement throughout Massachusetts, New Hampshire, Rhode Island, Vermont and Maine and is charged with preventing, detecting and mitigating complex cyber-crime threatening payment systems and critical infrastructure. The five task force officers represent the Concord Police Department, the Grafton County Sheriff’s Office, the Manchester Police Department and the Nashua Police Department.

  • Okta
    Booth: TBD

    Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.

  • OpenText Cybersecurity
    Booth: TBD

    OpenText is a world leader in Information Management, helping companies securely capture, govern and exchange information on a global scale. OpenText solves digital business challenges for customers, ranging from small and mid-sized businesses to the largest and most complex organizations in the world.

  • Palo Alto Networks
    Booth: TBD

    Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before.

  • Qualys, Inc.
    Booth: TBD

    Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 120 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

  • Randori, an IBM Company
    Booth: TBD

    Randori is your trusted adversary. Recognized as a leader in offensive security, Randori combines attack surface management (ASM) and continuous automated red teaming (CART) in a single unified platform to provide a continuous, proactive, and authentic offensive security experience. Relied upon by Meijer, Greenhill Inc, FirstBank, NOV, Lionbridge and many more, Randori helps companies stay one step ahead of attackers by continuously discovering what’s exposed and validating risks as they arise. Discover your true attack surface today at www.Randori.com.

  • Rapid7
    Booth: TBD

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • Rubrik
    Booth: TBD

    Rubrik, the Zero Trust Data Security Company, delivers data security and operational resilience for enterprises. Rubrik’s big idea is to provide data security and data protection on a single platform, including Zero Trust Data Protection, ransomware investigation, incident containment, sensitive data discovery and orchestrated application recovery. This means data is ready at all times so you can recover the data you need and avoid paying a ransom. Because when you secure your data, you secure your applications, and you secure your business.

  • SecurEnds, Inc
    Booth: TBD

    SecurEnds provides companies with a tool to automate user access reviews (UAR) across cloud and on-prem applications to meet SOX, ISO27001, PCI, HIPAA, HITRUST, FFEIC, GDPR, and CCPA audit requirements. Utilizing fuzzy logic to pull data from systems of record (SOR), complimentary identity governance and administration (IGA) solutions, and SaaS-based, custom, and legacy downstream applications, SecurEnds provides a complete, end-to-end process for UAR, then automates it out of the box.

  • SentinelOne
    Booth: TBD

    SentinelOne is the future of Endpoint Protection. It unifies prevention, detection and response in a single platform driven by sophisticated machine learning and intelligent automation. With SentinelOne, organizations can detect malicious behavior across multiple vectors, rapidly eliminate threats with fully-automated, integrated response capabilities, and adapt their defenses against the most advanced cyber attacks.

  • Skybox Security
    Booth: TBD

    Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.

  • Tanium
    Booth: TBD

    Tanium was founded to deliver a new and innovative approach to endpoint management and security that delivers instant visibility and responsiveness that does not slow down as the enterprise environment scales. Tanium is empowering the largest enterprises in the world to gather critical information globally from every endpoint and drive remediating action in seconds, including the distribution of patches, applications, and tools – all from a single server.

  • Team Cymru
    Booth: TBD

    Team Cymru’s mission is to save and improve human lives.  We are unrivalled across three disciplines; digital business risk platforms, free to use community services and support services to over 143 Government CSIRT teams.

    Our business risk and threat intelligence platforms empower global organizations with unmatched Threat Reconnaissance and Attack Surface Management capabilities to meet the challenges of today’s cyber threats.

    Community Services equip those who run the internet to defend it from criminals who wish to disrupt and cause harm, and CSIRT enables Governments the tools to outmaneuver nation state threat actors.

    Since 2005, our reputation remains unchallenged.

  • Tec-Refresh, Inc.
    Booth: TBD

    Tec-Refresh is a full-service IT solutions provider and consulting firm. Delivering solutions across every platform, we partner with the best vendors in the industry using cutting-edge technology and methods to architect, implement and secure your IT infrastructure.

    Tec-Solutions-as-a-Service (TSaaS) include:

    – Consulting & Project Management
    – Cyber Security Solutions
    – Data Center Solutions
    – Storage & Infrastructure Solutions

  • TechTarget
    Booth: n/a

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • ThreatLocker
    Booth: TBD

    ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com

  • UpGuard
    Booth: TBD

    UpGuard is the best platform for securing your organization’s sensitive data. Our security ratings engine monitors millions of companies and billions of data points every day.

  • Varonis Systems, Inc.
    Booth: TBD

    Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • WiCyS New England Affiliate
    Booth: TBD
  • Zimperium
    Booth: TBD

    Zimperium, the global leader in mobile device and application security, offers the only real-time, on-device, machine learning-based protection against Android, iOS, and Chromebooks threats.

    Powered by our patented z9 engine, Zimperium provides protection against device, network, phishing, and malicious app attacks. Our best-in-class solutions include zIPS, which protects mobile devices against risks and attacks without requiring a connection to the cloud and our Mobile Application Protection Suite (MAPS), the only comprehensive solution that protects mobile apps from risks during development, in the app marketplaces, and on end-user devices.

    Zimperium was the first MTD provider to be granted an Authority to Operate (ATO) status from the Federal Risk and Authorization Management Program (FedRAMP). Headquartered in Dallas, TX, Zimperium is backed by Liberty Strategic Capital and SoftBank.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Executive Director, Information Security & Cyber Protection, Sumitomo Pharma Americas

    Larry Wilson is a senior consultant and was formerly the Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Jordan Fischer, Instructor
    Cyber Attorney, Global Leader of Privacy Practice Group, Octillo Law

    Jordan Fischer leads Octillo Law's Global Privacy Team, where she represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Thomas Hart
    CISO, Cyber Guide LLC

    Thomas F Hart - Tom has been in the IT field since 1978(EDP), starting as a programmer trainee (Assembler and COBOL). First computer worked on was an IBM360 system (PCs were a long way off). He has been a Programmer, Systems Analyst, Operating Systems Programmer, Network Systems Programmer, DR / BCS Specialist, IT Auditor, GRC, Sr. Security Analyst, Contractor/Consultant, Security Conference Panelist- Moderator-Organizer-Speaker. Tom has been involved in the InfoSec community via ISC2, ISACA, SANS, HOPE, BSides, Secure World and others. He has worked in the Banking, Defense, Utilities, Gov. and Health Care industries in his career. Most recently he has founded Cyber Guide LLC consulting firm.

  • speaker photo
    David Dumas
    Sr. Principal, Security Risk Management, Verizon

    David Dumas, CISSP, CISM, ISSA Distinguished Fellow. David is a Senior Principal in Security Risk Management for Verizon's Wireline Security Operations group. He has 32 years in the security field, working at Digital Equipment and Verizon. He has been on the ISSA New England Chapter Board since 1998.

  • speaker photo
    Andrew Smeaton
    CISO, Afiniti

    Andrew holds over 22 years of experience in the banking, financial services, and healthcare industries. He is experienced in all facets of IT/IS Security & Risk Management including acquisitions and disaffiliations, and has a track record of developing and implementing security strategies from inception through execution. In addition to his corporate experience, Andrew has also served on the executive boards for international conferences and advised government agencies on information security subjects. Andrew’s regulatory compliance experience includes FSA, PRA, FDIC, ISO 27K, COBIT, HIPAA, PCI-DSS, GLBA, Mass 201 CMR 17.00, SOX 404.SAMA, and NYDFS.

  • speaker photo
    Michael L. Woodson
    CISO, Sonesta Hotels
  • speaker photo
    David Barker
    Director of Application Security, GoodLeap LLC

    David Barker is Director of Application Security for GoodLeap LLC, a Fintech company providing a point-of-sale platform for sustainable home solutions. GoodLeap marks David’s fourth creation of a Code-to-Cloud Application Security program. His pedigree includes companies like Dell EMC, Stanley Black & Decker, and PTC. David has both an MBA and an MS in IT and wields his combination of business and technical acumen with repeated success.

  • speaker photo
    Scott Fisher
    Sr. Security Engineer, Team Cymru
  • speaker photo
    Panel Discussion
  • speaker photo
    Frederick Webster, CISM
    Information Security Officer, Blue Cross & Blue Shield of Rhode Island

    Frederick Webster leads Blue Cross & Blue Shield of Rhode Island’s cybersecurity program as their Information Security Officer. He has over 15 years of experience in the IT and Information Security fields with a background in Security Operations, Business Continuity and Information Assurance. He has experience in Healthcare, Retail Pharmacy, Pharmacy Benefits Management, and MSSP industries. Frederick is a credentialed ISACA CISM with a BS. in Management of Information Systems and an MBA.

  • speaker photo
    Chris Roberts
    CISO and Senior Director, Boom Supersonic

    Macintosh HD:Users:Sidragon1:Pictures:y3t1-CR.jpegChris is the CISO for Boom Supersonic and works as an advisor for several entities and organizations around the globe. His most recent projects are focused within the aerospace, deception, identity, cryptography, Artificial Intelligence, and services sectors. Over the years, he's founded or worked with several folks specializing in OSINT/SIGINT/HUMINT research, intelligence gathering, cryptography, and deception technologies. These days he’s working on spreading the risk, maturity, collaboration, and communication word across the industry. (Likely while coding his EEG driven digital clone that’s monitoring his tea and biscuit consumption!)

    Since the late 90’s Chris has been deeply involved with security R&D, consulting, and advisory services in his quest to protect and defend businesses and individuals against various types of attack. Prior to that he jumped out of planes for a living, visiting all sorts of interesting countries and cultures while doing his best to avoid getting shot at too often. (Before that, he managed to get various computers confiscated by several European entities.)

    He’s considered one of the world’s foremost experts on counter threat intelligence and vulnerability research within the Information Security industry. He’s also gotten a name for himself in the transportation arena, basically anything with wings, wheels, tracks, tyres, fins, props or paddles has been the target for research for the last 15 years. (To interesting effect.)

    Chris has led or been involved in information security assessments and engagements for the better part of 25 years and has a wealth of experience with regulations such as GLBA, GDPR, HIPAA, HITECH, FISMA, and NERC/FERC. He has also worked with government, state, and federal authorities on standards such as CMS, ISO, CMMC, and NIST.

    Chris has been credentialed in many of the top IT and information security disciplines and as a CyberSecurity advocate and passionate industry voice, he is regularly featured in national newspapers, television news, industry publications and several documentaries. He can typically be found waving arms on a stage somewhere on this planet…or hacking into whatever’s taken his fancy… (Cows and camels being two of the more bizarre things, we’ll ignore things in space for now.)

    As one of the well-known hackers and researchers, Chris is routinely invited to speak at industry conferences. CNN, The Washington Post, WIRED, Business Insider, USA Today, Forbes, Newsweek, BBC News, Wall Street Journal, and numerous others have covered him in the media.

    And worst case, to jog the memory, Chris was the researcher who gained global attention in 2015 for demonstrating the linkage between various aviation systems, both on the ground and while in the air that allowed the exploitation of attacks against flight control system.

  • speaker photo
    Panel Discussion
  • speaker photo
    Brian McGowan, CISM
    VP, Global Security & Privacy, SharkNinja

    Brian currently leads the cybersecurity and privacy program as Vice President, Global Security & Privacy at SharkNinja, a relentless innovator and global leader in the housewares industry. Previously, he served as head of IT security & compliance at Hasbro, where for seven years he led the maturity of a global cybersecurity program designed to meet everchanging cyber risk of a company that evolved from a toy manufacturer to a global entertainment company serving the film, unscripted TV, and online gaming industries. Prior to Hasbro, he served as Director of IT Compliance for Upromise, the Boston-based pioneer of loyalty and 529 college savings programs, where he led development of the company's PCI and SOX compliance programs.

    Brian established himself as a leader in cybersecurity, privacy, and compliance program development. His career path differs from many IT professionals; he started his professional career in technology sales with Cabletron Systems in the mid-90s where he was first exposed to information technology and shifted to a career in IT operations in 2001. He was drawn to the structure of process and controls, which led to a role in IT security & compliance in 2005.

    Brian has a passion for developing teams with a focus on individual team member success and career growth. He attributes relationship and team-building skills developed early in his career as a sales professional as keys to his program development and leadership success.

    Education:
    BS, Management Science, Bridgewater State University
    Executive Leadership Professional Coach Program, AIIR Professional Consulting
    Executive Leadership Certificate, Business Engagement & the Information Security Professional, Tuck School of Business
    Executive Leadership Certificate, Harvard Leadership Management Program

  • speaker photo
    Walter Williams
    CISO, Monotype

    Walter Williams has over 20 years of experience in Information Security. He is the author of "Creating an Information Security Program from Scratch" (2021, CRC Press) and "Security for Service Oriented Architecture" (2014, CRC Press). He was a member of the program committee for MetricCon 8 and Metricon 10. He holds the CISSP and SSCP certifications in good standing.

  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners, Inc.

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

  • speaker photo
    Jeannie Warner
    Director, Product Marketing, Exabeam

    Jeannie Warner, CISSP, Director of Product Marketing at Exabeam, is an information security professional with over twenty years in infrastructure operations/security. Jeannie started her career in the trenches working in various Unix helpdesk and network operations centers. She began in Security Operations for IBM MSS and quickly rose through the ranks to technical product and security program manager for a variety of software companies such as Symantec, Fortinet, and NTT (formerly WhiteHat) Security. She served as the Global SOC Manager for Dimension Data, building out their multi-SOC “follow the sun” approach to security. Jeannie was trained in computer forensics and practices. She also plays a lot of ice hockey.

  • speaker photo
    Eric Anderson
    Cybersecurity Architect, Instructor, and Evangelist, Atlantic Data Security

    Eric is a 35-year veteran of the technology industry, with the last 25 of that focused on cybersecurity. After having served in just about every technical capacity from coding to customer service, in both pre- and post-sales, he currently spends the majority of his time working with clients to solve their security challenges. Combining creative thinking and a sympathetic understanding of customer issues and motivations, he architects solutions to difficult problems while fostering deeper comprehension with those he works with and teaches.

  • speaker photo
    Happy Hour
  • speaker photo
    Sean Scranton
    Consultant, Cyber Risk Solutions Team, WTW

    Cyber Liability National Practice Leader (current).
    IT Security / IT Auditor at RLI for 8 years.
    Network / security consulting / auditor for financial institutions, government for 9 years.
    Network / firewall administrator in healthcare for 7 years.

    Designations - CPCU, RPLU+, CISSP, CISM, CISA, CRISC, CSXF, MBA

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Executive Director, Information Security & Cyber Protection, Sumitomo Pharma Americas

    Larry Wilson is a senior consultant and was formerly the Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Jordan Fischer, Instructor
    Cyber Attorney, Global Leader of Privacy Practice Group, Octillo Law

    Jordan Fischer leads Octillo Law's Global Privacy Team, where she represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Executive Director, Information Security & Cyber Protection, Sumitomo Pharma Americas

    Larry Wilson is a senior consultant and was formerly the Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Jordan Fischer, Instructor
    Cyber Attorney, Global Leader of Privacy Practice Group, Octillo Law

    Jordan Fischer leads Octillo Law's Global Privacy Team, where she represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Col. Candice E. Frost
    JIOC Commander, United States Cyber Command

    Candice E. Frost is the Joint Intelligence Operations Center Commander at the United States Cyber Command. As the commander, Colonel Frost leads over 200 employees from the Defense Intelligence Agency (DIA), National Security Agency, and Department of Defense, to provide and produce intelligence required to direct, operate, and secure Department of Defense networks, systems, and data; deter or defeat strategic threats to U.S. interests and infrastructure; and support achievement of Joint Force Commanders objectives.

    Before serving in her current role, Colonel Frost was the Director of Foreign Intelligence with the Headquarters of the Army Staff, G-2. She was responsible for daily briefings of the future strategic environment to the Secretary of the Army, Chief of Staff of the Army, Vice Chief of Staff of the Army, and the Army G2.

    Colonel Frost’s commitment to national security includes three decades of public service. Her career in intelligence and cyber, includes operational tours of duty in the Balkans, multiple deployments to Afghanistan, and currently, her work at Fort Meade. Candice was instrumental in the integration of women into combat arms and served close to half of her career in infantry divisions. Colonel Frost is an adjunct professor at Georgetown University teaching masters students in the Security Studies Program. She has spoken and instructed at colleges and universities to include Harvard, MIT, Columbia, Universities of Arizona, Florida, and Illinois. She also briefed the National Intelligence Council and spoke at conferences like RSA and the Billington Summit about technology and national security.

    A graduate of the United States Military Academy at West Point, Colonel Frost holds masters degrees from Central Michigan University and the United States Army School of Advance Military Studies. Her awards and decorations include the Bronze Star, Legion of Merit, and Combat Action Badge. She is also the recipient of the Billington Cybersecurity Workforce Development Award, Business Council for Peace Lifetime Mentorship Award, and the Lifetime Achievement Award in Muscatine, Iowa.

    She is a member of the Executive Advisory Council for AFCEA DC. COL Frost is the past recipient of numerous fellowships, including Seminar XXI at the Massachusetts Institute of Technology, the Army War College Fellowship with the Central Intelligence Agency, and the Foundation for Defense of Democracies Fellowship. Colonel Frost pivots in 2023 from the United States Army after more than twenty-five years of service.

  • speaker photo
    Esmond Kane
    CISO, Steward Health Care

    Esmond Kane currently serves as Chief Information Security Officer (CISO) at Steward Health Care, an international healthcare delivery organization serving millions of patients annually. In his role at Steward, Esmond helps clinicians and leaders deliver world class care aligned with industry frameworks, regulations and best practices.

    Esmond has over 25 years’ experience leading IT and Security programs in multiple industries. Before joining Steward, he served as Deputy CISO at Partners Healthcare/MassGeneralBrigham and in various roles in Harvard University. In his spare time, Esmond likes to fret about spare time and annoy people who read bios.

  • speaker photo
    Daniel J.W. King
    Chief of Cybersecurity, CISA Region 1 (New England)

    Daniel J. W. King is the Region 1 Chief of Cybersecurity for the Cybersecurity and Infrastructure Security Agency (CISA) within the U.S. Department of Homeland Security. Region 1 is headquartered in Boston and Mr. King oversees CISA cybersecurity services and support via Cybersecurity Advisors throughout New England. CISA works with partners to defend against today’s digital and physical threats to reduce risk and enable secure and resilient infrastructure into the future.

    Before his time with CISA, Mr. King was Global Lead for IBM Security Command. Mr. King served 30 years on active duty with the U.S. Army, retiring as a Colonel (O6). His service included Desert Shield/Storm, Joint Endeavor, Iraqi and Enduring Freedom and many other international contingency operations. He was assigned duties at NATO/SHAPE, U.S. CENTCOM, U.S. INDO-PACOM, and U.S. CYBERCOM.

    Mr. King holds a bachelor’s degree from the University of Denver and master’s degrees from the University of Southern California, U.S. Army War College, and the University of Maryland. Mr. King is a Certified Information Systems Security Professional (CISSP), Global Industrial Cyber Security Professional (GICSP) and holds additional industry certifications for penetration testing, incident response, and security leadership.

  • speaker photo
    Panel Discussion
  • speaker photo
    Kathleen Moriarty
    CTO, Center for Internet Security

    Kathleen Moriarty, Chief Technology Officer, Center for Internet Security, has over two decades of experience. Formerly as the Security Innovations Principal in Dell Technologies Office of the CTO, Kathleen worked on ecosystems, standards, and strategy. During her tenure in the Dell EMC Office of the CTO, Kathleen had the honor of being appointed and serving two terms as the Internet Engineering Task Force (IETF) Security Area Director and as a member of the Internet Engineering Steering Group from March 2014-2018. Named in CyberSecurity Ventures, Top 100 Women Fighting Cybercrime. She is a 2020 Tropaia Award Winner, Outstanding Faculty, Georgetown SCS.

    Kathleen achieved over 20 years of experience driving positive outcomes across Information Technology Leadership, IT Strategy and Vision, Information Security, Risk Management, Incident Handling, Project Management, Large Teams, Process Improvement, and Operations Management in multiple roles with MIT Lincoln Laboratory, Hudson Williams, FactSet Research Systems, and PSINet.

    Kathleen holds a Master of Science Degree in Computer Science from Rensselaer Polytechnic Institute, as well as, a Bachelor of Science Degree in Mathematics from Siena College. Published work: "Transforming Information Security: Optimizing Five Concurrent Trends to Reduce Resource Drain," July 2020.

  • speaker photo
    Shawn E. Tuma
    Co-Chair of the Data Privacy & Cybersecurity Practice, Spencer Fane LLP

    Shawn Tuma is an internationally recognized cybersecurity, computer fraud and data privacy law attorney, areas in which he has practiced for two decades. He is Co-Chair of Spencer Fane’s Data Privacy & Cybersecurity Practice where he regularly serves as cybersecurity and privacy counsel advising a wide variety of businesses ranging from small and mid-sized companies to Fortune 100 enterprises. Shawn has been named a Cybersecurity Law Trailblazer by the National Law Journal, SuperLawyers Top 100 Lawyers in DFW, and Best Lawyers in Dallas. He serves as the Practitioner Editor for Bloomberg Law’s Texas Privacy & Data Security Law, among many other activities.

  • speaker photo
    Panel Discussion
  • speaker photo
    Bill Bowman
    CISO, Emburse

    Bill Bowman has been the first CISO at five different organizations over the last 20 years. He has been in Educational Technology, Financial Technology, and B2B Growth companies. He was the founding President for the (ISC)2 Eastern Massachusetts organization 10 years ago. Bill lives in Framingham with his wife and five children.

  • speaker photo
    Brian Cayer
    CISO, Tufts Medicine

    Brian Cayer joined Tufts Medicine as CISO in December 2019. During his tenure at Tufts Medicine, Brian assisted with their transformation to bring multiple hospitals and a home healthcare group into one organization. He also acted as the Interim Chief Technology Officer merging into one electronic medical record system (Epic), which included being the first healthcare system to host Epic in AWS. Prior to joining Tufts Medicine, Brian held vice president roles, in Security/IT, for over 25 years between Stroz Friedberg (an Aon Company) and State Street Bank.

  • speaker photo
    Michael Leland
    Chief Cybersecurity Evangelist & Head of Technical Marketing, SentinelOne

    Michael joined SentinelOne in May 2020 as Head of Technical Marketing where he brings over 25 years of security domain expertise. He is responsible for messaging and strategic development of the XDR product roadmap. Prior to SentinelOne, he held the title of Chief Technical Strategist for McAfee. Michael served formerly as the CTO at NitroSecurity where he was responsible for developing and implementing NitroSecurity's overall SIEM technology vision and roadmap. Michael has held senior technical management positions at Eziaz, Cabletron and Avaya. At Avaya, a global telecommunications equipment and services vendor, he served as CTO where he led the company in its strategic efforts for converged data/voice development initiatives.

  • speaker photo
    Greg McCarthy
    CISO, City of Boston

    Greg McCarthy is the first Chief Information Security Officer for the City of Boston and career public servant. Since joining the City of Boston’s Cybersecurity Team in 2010, Greg has managed the implementation of numerous information security solutions, developed the City's first cybersecurity awareness program for employees and successfully enforced the use of multi-factor authentication for all employees. In his role, Greg continues to lead efforts to strengthen the cybersecurity capabilities across the City and further the team’s mission through modernizing technology, partnerships, and regular training. Greg is a cybersecurity leader and change agent who is focused on strengthening cybersecurity for the City of Boston and all municipal governments through partnership and collaboration.

  • speaker photo
    Benjamin Corman
    Director, Information Security & IT Governance, Digital Federal Credit Union

    Over 20 years' experience leading fast-paced operations and diverse teams, specializing in Cybersecurity, IT, Cloud, and Telecom, systems and networks. Self-directed and self-motivated with strong communications skills.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Executive Director, Information Security & Cyber Protection, Sumitomo Pharma Americas

    Larry Wilson is a senior consultant and was formerly the Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Jordan Fischer, Instructor
    Cyber Attorney, Global Leader of Privacy Practice Group, Octillo Law

    Jordan Fischer leads Octillo Law's Global Privacy Team, where she represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Grow in person!

Join your cybersecurity community for learning and professional growth. Register today!