- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, March 13, 20247:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 4:15 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 1Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amLocation / Room: 105Today’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.
This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:
- How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
- How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
- How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
- How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
- How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.
The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.
7:30 am[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 1vCISO, Cyber Risk Opportunities LLCRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amLocation / Room: 104Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 4:30 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amAdvisory Council Roundtable Breakfast – (VIP / Invite only)Building Your Cybersecurity Community: Connections and Career GrowthRegistration Level:- VIP / Exclusive
8:00 am - 8:45 amLocation / Room: 101Developing meaningful professional relationships and strategically managing your career are vital for success and advancement in the fast-moving cybersecurity ecosystem. Connections are critical in our lives – we cannot do it alone. This closed-door, interactive session provides perspectives and frameworks for expanding your network both internally and across the industry. Come ready to share and hear proven approaches for becoming a trusted advisor to business leaders while raising the profile of your security team. We’ll discuss techniques to foster connections through conferences, media, and writing while aligning activities to your long-term career roadmap. Participants will leave ready to proactively network with purpose, find and become mentors and sponsors, and chart a fulfilling career trajectory in cybersecurity.8:00 amEnabling Business with Security: Establishing Strategic Cyber ProgramsVP, Information Security, PayScale, Inc.Registration Level:- Open Sessions
8:00 am - 8:45 amLocation / Room: 108Too often cybersecurity is viewed as a roadblock to innovation and progress. But leading organizations are shifting to value-added security programs that enable the business. In this session, learn how security leaders can cultivate trust, shape forward-thinking policy, and provide risk-based guidance to fuel competitive advantage. Hear communication strategies to convey cyber priorities in business terms as an enabler, not blocker. Learn how to gain support and buy-in for initiatives that not only strengthen a security program but also support the top and bottom lines. Learn how to leverage the security-to-business connection to ensure proper prioritization, buy-in, and support from internal teams ranging from Engineering to Product to Sales.8:45 amNetworking BreakRegistration Level:- Open Sessions
8:45 am - 9:00 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
9:00 am[Opening Keynote] Drag Racing & Cybersecurity: The CrossoverAssociate CISO, St. Luke's University Health NetworkRegistration Level:- Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterYou’d be amazed what you can learn from everyday hobbies or obstacles to help you become a better practitioner. Krista Arndt shares a very personal story of survival after a bad drag racing accident in 2015. It was a life-altering experience and provided perspective on her personal and professional life that drives her every day as a loving mom and wife, volunteer, and successful CISO.
9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:15 amBoardroom Boot Camp: From Rookie to Rockstar in Your First Cybersecurity MeetingVP, Global Security & Privacy, SharkNinjaRegistration Level:- Conference Pass
10:15 am - 11:00 amLocation / Room: 103Feeling nervous about your first cybersecurity presentation to the board? Don’t sweat it! This session is your secret weapon to transforming from newbie to a confident cybersecurity rockstar.
Get ready to:
- Craft a killer message: Lock-in the theme you want the board to remember and build your personal credibility.
- Establish a program maturity baseline and threat model: Build a compelling narrative that connects today’s risks and the cybersecurity roadmap to real-world impact.
10:15 amBreaking Down Current and Future Security ThreatsResearch Security Officer, Massachusetts Institute of TechnologyRegistration Level:- Conference Pass
10:15 am - 11:00 amLocation / Room: 102This session explores current and future information security threats that should be on everyone’s radar. The session offers recommendations and best practices for combatting said threats, based on practical experience. Come with your questions and willingness to share. Walk away with insights to help your organization, including methods for testing security programs and making sure you and your team are armed with the best approaches for providing security due diligence.10:15 amZero Trust Considerations in an AI-Enabled Enterprise: Navigating the Intersection of AI Innovation and CybersecurityChief Technologist, InfobloxRegistration Level:- Open Sessions
10:15 am - 11:00 amLocation / Room: 108From A(I) to Z(T), we’re inundated with new terms and technologies. Our enterprises are in a constant state of flux, users searching for better and faster ways to accomplish their goals, and administrators focused on more effective ways to protect their assets. AI has drastically reduced time-to-task, but at what cost? And how has AI better enabled the threat actor? We will discuss these topics as well as how to implement flexible Zero Trust principles that securely support and embrace future tech.
10:15 amWhat is UEM (Unified Endpoint Management), and Why Should I Care?Lead Solutions Architect, SyxsenseRegistration Level:- Open Sessions
10:15 am - 11:00 amLocation / Room: 109This session walks through the basics of UEM as outlined by the GigaOm Radar Report and provides insights into why pacesetting operations and security leaders are pivoting away from point products towards unified solutions. Discover emerging UEM features that are already helping security operations teams automate vulnerability remediation and enforce compliance. And, if you or your organization care about Patch Management, Software Deployment, Security Policy Enforcement, Lifecycle Management, Endpoint Monitoring, or Remote Control, learn why it makes sense to adopt a combined solution.
11:00 amNetworking BreakRegistration Level:- Open Sessions
11:00 am - 11:10 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
11:10 amLeverage AI to Develop Your Organization's Security PoliciesSr. Security Engineer, Cape Cod HealthcareRegistration Level:- Conference Pass
11:10 am - 11:55 amLocation / Room: 109Artificial Intelligence is being used to create everything including code samples, realistic images and security awareness training messages. Another area AI can be used is for creating corporate security policies. There are ways CISOs and/or security managers can leverage AI to update or create security policies for their organizations. Certain steps should be considered when using AI to create these policies. This session explores leveraging artificial intelligence in creating security policies for your organization.11:10 amHere to Help: Law Enforcement Is a Vital Partner for CISOsSr. Special Agent, U.S. Secret Service – Burlington, VTSr. Special Agent, Boston Field Office, U.S. Secret ServiceNetwork Intrusion Forensic Analyst, U.S. Secret Service – Manchester, NHCISO, Massachusetts Bay Transportation Authority (MBTA)Registration Level:- Conference Pass
11:10 am - 11:55 amLocation / Room: 102Cybercrime flourishes in the shadows. But security leaders don’t have to face it alone. This panel discussion demystifies the role of law enforcement and illuminates their collaborative potential as allies in the fight against cyber threats. Takeaways from this session:- Learn firsthand experiences and success stories from CISOS for leveraging law enforcement partnerships.
- Gain insights from law enforcement officials into investigative capabilities, information-sharing protocols, and support available to organizations.
- Understand the legal landscape surrounding collaboration, data privacy considerations, and incident reporting requirements.
This session:
- Explores practical steps for building meaningful partnerships with law enforcement.
- Details moving beyond incident response to discover joint initiatives for threat prevention, public awareness, and legislative advocacy.
- Addresses concerns about data sharing, legal complexities, and establishing trust.
11:10 am[Panel] Unveiling the Threat Landscape and Unmasking Digital VillainsCo-Founder & CPO, VeritiCo-Founder & CTO, Astrix SecurityHead of Global Solutions Architects, Google Threat IntelligenceSr. Sales Engineer, ThalesSr. Cloud Security Strategist, PantherInformation Security Officer, Blue Cross & Blue Shield of Rhode IslandRegistration Level:- Open Sessions
11:10 am - 11:55 amLocation / Room: 103In the shadows of our digital world, a clandestine battle is waged against our data, systems, and infrastructure. These hidden threats, much like the villains of comic books, lurk in the shadows, seeking to exploit vulnerabilities and disrupt our digital lives. Join us as we delve into the ever-evolving threat landscape, unmasking the villains of the digital realm and exploring their nefarious tactics.
Our panel of cybersecurity experts unravel the intricate world of cyber threats, shedding light on the latest trends, emerging attack vectors, and the expanding arsenal of malicious tools employed by cyber adversaries. Learn the motivations behind these threats, from profit-driven cybercriminals to state-sponsored actors wielding cyberweapons.
Our panel provides a comprehensive overview of the current threat landscape.
11:10 amCloud Delivered AI-Powered Threat PreventionHead of Engineering, East US, Check Point Software TechnologiesRegistration Level:- Open Sessions
11:10 am - 11:55 amLocation / Room: 108This session will explore how AI-powered and cloud-delivered threat prevention enables cybersecurity professionals to deploy enterprise-grade security across the data center, network, cloud, email, branch office, and remote users with unified management and automated operations. Specific use cases will be reviewed in which AI-powered security engines are implemented to prevent attack vectors by sharing real-time threat intelligence and anomalies.
12:00 pm[Lunch Keynote] Disrupting the Modern Adversary – Implementing Cross-Domain Threat Hunting to Defeat an Evolving ThreatSVP, Counter Adversary Operations, CrowdStrikeRegistration Level:- Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterThe threat has evolved. Adversaries are increasingly cloud-conscious and conducting intrusions with native tooling. Living off the land is firmly the rule, not the exception. Average breakout times have dropped to 62 minutes all while the complexity of IT environments has dramatically increased.
In this keynote, you’ll learn about how CrowdStrike is developing novel tradecraft and capabilities to disrupt and defeat sophisticated criminal and state-sponsored cyber operations.
12:00 pmAdvisory Council Roundtable Lunch (VIP / Invite only)The Eternal Challenges of AppSecChief Architect, InvictiRegistration Level:- VIP / Exclusive
12:00 pm - 12:45 pmLocation / Room: 101Even though the field of application security seems to change by the hour, the same underlying challenges keep cropping up year after year. From increasingly intense and ingenious attacks to internal frictions between development and security teams, each organization needs to find its own ways to deal with problems old and new. In this session, we will chat about the challenges we face daily – and the solutions we have found effective.
Moderated discussion for SecureWorld Advisory Council members. By invite only.
Sponsored by:
12:45 pmNetworking BreakRegistration Level:- Open Sessions
12:45 pm - 1:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pmSupply Chain Showdown: Taming Third-Party Risk in Today’s HIPAA and NIST WorldVP, CISO, Surgery Partners, Inc.Registration Level:- Conference Pass
1:15 pm - 2:00 pmLocation / Room: 109Third-party risk management is at the forefront of cybersecurity, particularly for the healthcare industry working under HIPAA constraints and the NIST framework. Vendors are there to help but create the extra layer of risk as bad actors target healthcare organizations as other vital industries. This session sheds light on the promise and perils of third-party risk.
Get ready to:
- Understand how HIPAA regulations rein in third-party data and push organizations into compliance.
- Master the NIST Cybersecurity Framework and use it to effectively manage your vendors’ security practices.
- Learn expert techniques for assessing, monitoring, and mitigating third-party risks before they invade your network.
- Discover collaboration strategies for wrangling vendors into a cohesive security ecosystem.
Leave with practical tools and actionable insights to keep your third-party risks under control and your HIPAA compliance on the straight and narrow.
1:15 pmMeasuring the Immeasurable: Business Risk Management and Risk QuantificationVP, Technology and Cybersecurity Audit & Advisory Services, ManulifeSr. Vice President, Information Security, SemrushRegistration Level:- Conference Pass
1:15 pm - 2:00 pmLocation / Room: 102Similarly to meteorologists trying to predict where the next hurricane will land, corporate executives (CEOs, CFOs, etc) are trying to predict their company profits. Instead of barometric pressure, temperature, and wind speed, they have to work with geopolitical turmoil, macroeconomic conditions, and consumer confidence. For weather professionals and executives, uncertainty is the biggest enemy, and any decrease in uncertainty translates into millions of dollars saved. Both groups try to collect as much information as possible, but at the end they still have to estimate. Unlike meteorologists, executives can influence their estimates, both by investing in better information-gathering capabilities and by investing in controls. ISO31000 created a new definition of risk as “the effect of uncertainty on objectives,” so what can we as risk and cybersecurity professionals do to help our executives guess better? Join this session to find out.
1:15 pm[Panel] Securing the Cloud Fortress: Revealing Defense Strategies for the CloudPrincipal Solutions Engineer, LaceworkDirector, Office of Cybersecurity Strategy, SysdigVice President, SavvyGeneral Manager, IT and Developer Solutions, CyberArkSenior Cloud Solutions Architect – Alliances, CrowdstrikeProfessor; Founder and Director, Master of Science in Cybersecurity Policy & Governance Program, Boston CollegeRegistration Level:- Open Sessions
1:15 pm - 2:00 pmLocation / Room: 103In the ever-expanding digital universe, the cloud has emerged as a powerful tool, enabling organizations to store data, access applications, and operate their businesses with unprecedented agility. However, this vast digital fortress, like any other, is not without its vulnerabilities. Join us as we delve into the realm of cloud security, exploring the hidden defenses employed by cybersecurity superheroes to safeguard the cloud and its inhabitants.
Our panel of cloud security experts shed light on the unique challenges and strategies involved in protecting cloud-based environments. They discuss the shared responsibility model, the role of cloud providers and customers, and the evolving tools and techniques employed to secure the cloud.
Our panel provides a comprehensive overview of cloud security, empowering attendees to understand the hidden defenses of the cloud and strengthen their cloud security posture. Learn how to identify and mitigate cloud-based threats, implement robust access controls, and effectively manage cloud security risks.
1:15 pmMind the Gap: Why Modern Vulnerability Management Demands More than Scan-and-PatchSr. Technical Director, Skybox SecurityRegistration Level:- Open Sessions
1:15 pm - 2:00 pmLocation / Room: 108Too many vulnerability management programs operate on incomplete or out-of-date scan data. What’s more, this data is rarely if ever correlated to the importance of the asset or its exposure to potential attack across the network.
To have a real impact on lowering your risk of cyberattack, a modern vulnerability management program needs to provide you with an up-to-the-minute view of all the vulnerabilities in the estate, immediate insights into those that matter to your organization, and how to remediate them. All without waiting for the next patch cycle.
In this session, you will learn:
- How the visibility of your assets, networks, business, and security data impacts vulnerability risk.
- What scanners miss in discovery and prioritization, and how to fill in the gaps.
- How to reduce the scan-and-patch lag from weeks to hours.
This session explores how modern vulnerability management helps you to centralize and analyze data from the entire attack surface, prioritize those threats that represent the highest risk to you, and act more quickly to remediate those vulnerabilities most likely to be used in a cyberattack.
2:00 pmNetworking BreakRegistration Level:- Open Sessions
2:00 pm - 2:10 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:10 pm[Panel] The History of Cyber Insurance and War Exclusions: Who Pays for State-Sponsored Cyber Attacks?Associate Professor, Computer Science; Engineering Director, The Fletcher School at Tufts UniversityMember, Data Privacy & Cybersecurity, Clark Hill LawDirector, Chief Client Officer, FINEX NA Cyber Security & Professional Risk, WTWRegistration Level:- Conference Pass
2:10 pm - 2:55 pmLocation / Room: 103NotPetya was described by the White House as “the most destructive and costly cyber-attack in history.” Five years later, many of the companies hit by the Russian cyber attack are still sorting out who will pay for the damages and, in particular, what portion their insurance will cover. Several insurers have denied NotPetya-related claims on the grounds that the cyber attack was a “warlike action” because it was perpetrated by the Russian government and therefore is excluded from most standard insurance policies. This has led to a series of legal disputes about what constitutes cyberwar and when cyber insurance carriers are obligated to pay for damages linked to state-sponsored attacks. This talk examines these disputes through the lens of the history of cyber insurance, tracing the emergence and continuing growth of the cyber insurance industry and describing how it has evolved in the first 20 of its existence, where it is headed, why online threats have been particularly challenging for many insurers to model, and what role policy-makers can and should play in helping the market stabilize and grow. It considers how carriers and policyholders are responding to the disputes over NotPetya in light of the current war between Russia and Ukraine and the uncertainty around whether insurance coverage would apply to state-sponsored cyber attacks that occurred in the context of a war involving the use of physical force.2:10 pmShifted Left: Moving from a Reactive to Proactive MindsetVP of Engineering, StackHawkRegistration Level:- Open Sessions
2:10 pm - 2:55 pmLocation / Room: 10820 years ago, Jeff Bezos shared an API mandate that required his employees to communicate via APIs. Fast forward to 2024, APIs are the primary way to build the applications we use daily. What’s still lagging, however, is the approach to ensuring these APIs are secure. This talk will lean into the shift-left movement, tracing its history from agile development and DevOps and how moving from a reactive to a proactive mindset is crucial to ensuring your data is protected.
2:10 pmHuman Machine Teaming: The Indispensable Human Element of CybersecurityField CTO, Americas, SentinelOneRegistration Level:- Open Sessions
2:10 pm - 2:55 pmLocation / Room: 109Artificial Intelligence is a pervasive part of our lives today and cybersecurity teams and adversaries alike have learned to harness the speed and power of machines to strengthen their capabilities. With machine learning becoming one of the most important defense tools, leaders must balance the overwhelming speed and accuracy advantage of AI with the need for measured and intuitive interactions with a real-world human element.
Join this session to discuss:
- What these trends mean for the hands-on practitioner
- How AI and Machine Learning will make humans more effective, not replace them
- When the velocity of innovation outpaces the capabilities of human intellect
- The role of automation in the effective practice of securing our digital world
2:10 pmISC2 Eastern Massachusetts Chapter Meeting - Open to all attendeesBeyond the Checkbox: The Art of Elevating Tabletop Exercises for Proactive DefenseSenior Manager, Wolf & Company, P.C.Registration Level:- Open Sessions
2:10 pm - 2:55 pmLocation / Room: Keynote TheaterIn today’s cybersecurity landscape, the need to adapt incident response strategies is more crucial than ever. This session explores the challenges of swiftly identifying and deploying resources amid the evolving threat landscape. We challenge the perception of tabletop exercises as mere compliance tasks, urging a shift towards recognizing them as proactive tools integral to organizational resilience.
Addressing the dynamic nature of cybersecurity, we emphasize the urgency of identifying potential gaps in a rapidly changing environment. Navigating the process of onboarding tools, we ensure alignment with your organization’s unique demands. By framing tabletop exercises as value-driven activities, participants will gain insights into transforming them from routine rituals into strategic assets.
The session concludes with a hands-on group exercise, enabling attendees to immediately implement discussed techniques upon returning to their organizations. Leave with a fresh perspective on incident response, ready to elevate tabletop exercises beyond regulatory checkboxes into powerful tools enhancing your cybersecurity posture.
Key Takeaways:
- Transform tabletop exercises from compliance rituals to strategic assets.
- Recognize the evolving threat landscape and adapt incident response accordingly.
- Implement practical techniques through a small group exercise for immediate organizational impact.
2:10 pm[Panel] Elevating Security Through Threat Intelligence, Cloud Resilience, and AI InnovationsSolutions Engineer, ClarotyEngineering Manager, OktaCo-Founder & CPO, Oasis SecurityHead of Services Strategy & GTM, ExtraHopSr. Security Consultant, AccessIT GroupvCISO, Cyber Risk Opportunities LLCRegistration Level:- Open Sessions
2:10 pm - 2:55 pmLocation / Room: 102Join us for an informative panel that delves into the strategic integration of threat intelligence, cloud resilience, and AI innovations, revealing the untold stories of unsung heroes in cybersecurity.
Discover how to optimize digital defenses and learn approaches to elevate your security leadership and your security posture. Don’t miss this opportunity to gain actionable knowledge that will empower you to stay ahead of the cybersecurity curve.
3:00 pmNetworking BreakRegistration Level:- Open Sessions
3:00 pm - 3:30 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
3:00 pmHappy HourSponsored by HashiCorpRegistration Level:- Open Sessions
3:00 pm - 4:15 pmLocation / Room: Exhibitor HallJoin your peers for conversation and complimentary beer, wine, and soda. This is a great opportunity to network and to discuss the hot topics from the day.
Generously sponsored by:
3:30 pm[Closing Keynote] CISO Insights: Ensuring Critical Infrastructure Safety at the MBTACISO, Massachusetts Bay Transportation Authority (MBTA)Registration Level:- Open Sessions
3:30 pm - 4:15 pmLocation / Room: Keynote TheaterThis keynote delves into the pivotal role of the CISO in safeguarding IT assets at the MBTA. Emphasis is placed on how cybersecurity efforts are intricately aligned with ensuring safety, reliability, and operational resilience. Scott sheds light on the strategies employed to protect this crucial public transit system, with a focus on practical solutions and their application in real-world scenarios. Gain a comprehensive understanding of the implementation of cybersecurity strategies within a complex transit infrastructure. Scott provides actionable insights and valuable knowledge for professionals responsible for the protection of both digital and physical dimensions of critical systems.
3:45 pm[PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 2Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmLocation / Room: 105Today’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.
This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:
- How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
- How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
- How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
- How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
- How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.
The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.
3:45 pm[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 2vCISO, Cyber Risk Opportunities LLCRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmLocation / Room: 104Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
- Thursday, March 14, 20247:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 4:15 pmLocation / Room: Registration Desk / LobbyCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 3Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amLocation / Room: 105Today’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.
This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:
- How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
- How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
- How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
- How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
- How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.
The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.
7:30 am[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 3vCISO, Cyber Risk Opportunities LLCRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amLocation / Room: 104Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 4:30 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amAdvisory Council Roundtable Breakfast – (VIP / Invite only)AI: Is It Just Another Overrated Techbro Heist?CISO, Steward Health CareRegistration Level:- VIP / Exclusive
8:00 am - 8:45 amLocation / Room: 101Artificial intelligence has been heralded as a transformative technology across industries, but has it lived up to the hype in cybersecurity? In this lively roundtable discussion for Advisory Council members and VIPs, come ready to debate the pros, cons, and limitations of AI-driven cyber defenses. Let’s analyze real-world examples of AI failures and successes in combating malware, insider threats, fraud, and more. Is AI advancing cybersecurity or is it just a glorified buzzword? How can we overcome data quality, bias, and transparency challenges? What guardrails are needed to ensure AI is designed and deployed ethically? Bring your critical perspectives as we closely examine if AI is fulfilling its cybersecurity promise or just industry hype.This roundtable discussion is for our Advisory Council members only.8:00 amWiCyS Massachusetts Affiliate Meeting: Get Fueled Up with Women in CyberSecurityOpen to All AttendeesRegistration Level:- Open Sessions
8:00 am - 8:45 amLocation / Room: 108Fill your cup and prepare for Day 2 of SecureWorld Boston by joining Women in CyberSecurity for a meetup with WiCyS Executive Director Lynn Dohm. The ever-evolving landscape of cybersecurity continues to have significant demands on the workforce. Learn more about the WiCyS mission to recruit, retain, and advance women in cybersecurity, along with the local affiliate events and opportunities. Come network, enjoy morning beverages, and grab some WiCyS swag.8:00 amInfraGard Boston Members Alliance Meeting [Open to All Attendees]The Opportunities and Challenges of AI in CybersecurityField CTO – Security Solutions, Sumo LogicRegistration Level:- Open Sessions
8:00 am - 8:45 amLocation / Room: 109In today’s rapidly evolving landscape of cybersecurity, the integration of artificial intelligence (AI) presents both unprecedented opportunities and complex challenges. Understanding the implications of AI in modern defense strategies is paramount for organizations seeking to safeguard their digital assets against emerging threats. With the proliferation of AI-enabled adversaries, traditional defense mechanisms are no longer sufficient. To effectively defend against these sophisticated threats, organizations must equip their security teams with the knowledge and tools necessary to adapt and evolve.Key topics covered in this fireside chat with an InfraGard board member:- Developing an AI-centric defense strategy: Learn how to integrate AI-driven technologies into existing security frameworks to enhance detection and response capabilities.
- Building resilient defense mechanisms: Gain practical skills in deploying AI-powered solutions to proactively identify and neutralize threats before they escalate.
- Adapting to the evolving threat landscape: Stay ahead of emerging threats by continuously updating and refining your AI strategy to align with evolving cyber threats.
8:45 amNetworking BreakRegistration Level:- Open Sessions
8:45 am - 9:00 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
9:00 am[Opening Keynote] Converge 2024: Outcome-Driven Cybersecurity TransformationCNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLCFounding Partner, CYFORIX (Former CISO & Sr. Executive at Keurig Dr Pepper, Comcast, HD Supply, and GE)Sr. Vice President, Information Security, SemrushRegistration Level:- Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterThe cybersecurity landscape is no longer defined by APTs and static defenses; it’s a dynamic battlefield where agility, strategic insights and creative risk reduction executed with technical veracity drive differentiating outcomes. Our co-presenters provide differentiating insights at the intersection of national defense, global security trends, and cybersecurity risk management.
This session helps you reimagine your security posture and provides you with a battle plan to protect your organizational assets. Col. Leighton and VJ delve into the defining trends of cybersecurity transformation, including using AI to shift from detection to prediction; addressing the evolving human factor risk with advanced security training and creating a culture of security; embracing integration and breaking down siloed data and disparate tools; and building future-proof defenses with automation and threat intelligence platforms.
9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:15 am[Panel] Stories from the Front Lines of the Ransomware Pandemic in HealthcareCISO, Keck Medicine of USCDirector, IT Security, Plymouth Rock AssuranceCISO, Mass General BrighamCISO, Steward Health CareFounder, Armstrong Risk Management LLCRegistration Level:- Conference Pass
10:15 am - 11:00 amLocation / Room: 103Our panelists draw on the lessons learned from hundreds of ransomware incidents at hospitals – and there’s no sign of incidents slowing down. The panelists take attendees on a historical journey that includes a variety of strange scenarios — ransomware combined with insider threat; the EHR is not encrypted but the hospital is still down; the decryption keys worked but the data is still unusable.The session uncovers topics, including:- Adopting a whole-organization approach to ransomware preparedness
- Asking the question, to pay or not to pay?
- What constitutes a data breach?
- How has ransomware evolved, and what can we expect next?
10:15 amThe Convergence of AI and Privacy: Data Protection Challenges and OpportunitiesBISO, Omnicom GroupRegistration Level:- Conference Pass
10:15 am - 11:00 amLocation / Room: 102The integration of Artificial Intelligence (AI) into cybersecurity practices has opened new frontiers, bringing forth both challenges and opportunities in the realm of data protection and privacy. This session delves into the intricate convergence of AI and privacy, unraveling the complexities and exploring innovative solutions. Our speaker shares insights into the data protection challenges posed by AI applications, the ethical considerations surrounding AI-driven cybersecurity, and the opportunities for enhancing privacy through responsible AI practices.10:15 amDevSecOps Magic: Communications, Processes and VisibilitySolutions Architect, SeemplicityRegistration Level:- Open Sessions
10:15 am - 11:00 amLocation / Room: 108For DevSecOps success, it’s not enough to deploy the latest automated security testing tools — software composition analysis (SCA), cloud native application protection platform (CNAPP), CSPM, and CWPP, CIEM, etc.
An August 2023 SANS DevSecOps survey reported that automated application testing grew by 52% between 2022 and 2023, yet organizations reported that tools like these were seen as less useful than in 2022. How is that possible?
Great DevSecOps requires a foundation of solid testing data plus good communications and consistent processes. Join Seemplicity as we share our insights from the SANS survey, connect that to Gartner’s Continuous Exposure Threat Management (CTEM) and talk about a foundation for successful DevSecOps.
10:15 amPCI DSS v4.0 is Here…Now What? – Ask the ExpertDirector of Governance & Compliance, Risk Advisory Services, AccessIT GroupRegistration Level:- Open Sessions
10:15 am - 11:00 amLocation / Room: 109March is upon us and so is the looming PCI DSS 4.0 compliance deadline. In just a few short weeks, the previous PCI Data Security Standard (version 3.2.1) will be officially retired and a multitude of new requirements of PCI DSS 4.0 will need to be implemented. Do you have questions regarding the transition to PCI DSS v4.0? Get all your PCI compliance questions answered in this open forum discussion and get ahead of the curve. Come armed with your PCI questions, learn about the new requirements, and what specific steps to take now to prepare.11:00 amNetworking BreakRegistration Level:- Open Sessions
11:00 am - 11:10 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
11:10 am[Panel] Promoting Security Awareness and Combatting Vulnerabilities in 2024VP, Cybersecurity & Program Management, PBSVP, IT & Cybersecurity, Inari AgricultureInformation Security Director, Paul, Weiss, Rifkind, Wharton & Garrison LLPVP, Sr. Manager - Cyber Oversight, Citizens Financial Group Inc.Registration Level:- Conference Pass
11:10 am - 11:55 amLocation / Room: 102The cybersecurity landscape is not getting any easier, so it’s a no-brainer that security awareness training needs constant reinvention to combat evolving threats. Additionally, legacy systems whisper vulnerabilities from the shadows. Join this dynamic panel discussion as we navigate the crossroads of these critical challenges.
Dive deep into:
- Beyond Basic Training: Rethinking security awareness to foster a culture of vigilance, engage employees at all levels, and combat phishing, social engineering, and other prevalent threats.
- Taming the Vulnerabilities: From patching to proactive threat hunting, explore best practices for managing vulnerabilities in complex environments, including the often-neglected realm of legacy systems.
- Bringing Up the Rear: The Legacy Conundrum: Learn innovative strategies for integrating old systems into your modern security architecture, mitigating vulnerabilities without disrupting critical operations.
- Remediation Realities: When the alarm bells ring, what’s next? Delve into incident response best practices, effective communication strategies, and post-breach recovery tactics.
11:10 amMoving from CISO to CIRO: A Journey into the BoardroomCISO & Data Privacy Officer, EmburseRegistration Level:- Conference Pass
11:10 am - 11:55 amLocation / Room: 109Chief Information Security Officers are asking to report directly to the board. Before we can report to the board, we need to be able to articulate risks, not just cyber risks, but business risks, geopolitical risks, industry risks, regulatory risks, and more. This talk positions the security leader to use risks as the foundation of the InfoSec program to help mature the role from CISO to CIRO.11:10 am[Panel] The Secret Potential of AI and ML: Empowering Cyber Superheroes with Artificial IntelligenceDirector, Solutions Engineering and Alliances, AutomoxGlobal VP of Solutions Engineering, HuntersField CTO, SnykManager, North American Sales Engineering, KiteworksSr. Director, Product Management, Information Protection, ProofpointDirector, Information Security, Hypertherm AssociatesRegistration Level:- Open Sessions
11:10 am - 11:55 amLocation / Room: 103Artificial intelligence (AI) and machine learning (ML) have emerged as powerful tools for cybersecurity professionals, offering the potential to revolutionize how organizations and individuals detect, analyze, and respond to cyber threats. Join us as we delve into the world of AI- and ML-powered cybersecurity, exploring the hidden potential of these technologies and their ability to transform cybersecurity superheroes into formidable defenders of the digital realm.
Our panel of experts unravel the intricate world of AI and ML in cybersecurity, shedding light on the latest advancements, emerging applications, and the challenges involved in harnessing the power of these technologies effectively. They discuss the use of AI in threat detection and analysis, ML-powered threat prediction, and the potential of AI-driven automated response capabilities.
Our panel provides a comprehensive overview of AI and ML in cybersecurity, empowering attendees to understand the hidden potential of these technologies and explore how they can be leveraged to enhance their organization’s cybersecurity posture. Learn how to identify and implement AI and ML solutions, overcome the challenges of data privacy and ethics, and embrace the future of AI-powered cybersecurity.
11:10 amDeriving Insight from Threat Actor InfrastructureChief Evangelist, Team CymruRegistration Level:- Open Sessions
11:10 am - 11:55 amLocation / Room: 108From proactively hunting for unknown attacker infrastructure, to placing the exploitation of vulnerabilities on a timeline often obscured by large spikes in activity. This talk will explore ways in which we can enrich our understanding of the threat landscape beyond that which is shared in threat feeds and reports.
12:00 pm[Lunch Keynote] Fireside Chat: Transitioning from CISO to CIO: What Changes?CIO, Morgan, Lewis & Bockius LLPAssociate CISO, St. Luke's University Health NetworkRegistration Level:- Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterA talk with Steve Naphy, CIO of Morgan Lewis, a Philadelphia-based law firm working with clients ranging from established, global Fortune 100 companies to enterprising startups. Steve talks about his move from head of InfoSec to Chief Information Officer.12:00 pmAdvisory Council Lunch Roundtable – (VIP / Invite Only)Your Security Resilience: Do You Know, or Do You Guess?VP, Security Solutions, KeysightRegistration Level:- VIP / Exclusive
12:00 pm - 12:45 pmLocation / Room: 101When you’re making a key security decision, whether it’s firewall vendor selection, daily verification of ransomware defenses, or assurance of the performance and security of apps in a cloud migration, how do you ensure compliance with your business goals and security objectives? Do you rely on vendor reputation, the expertise of your team, analyst recommendations, or proactive testing? And are you ever surprised to find that real-world performance doesn’t match your expectations? Join this peer-to-peer conversation and come ready to share in this closed-door session.
Moderated discussion for SecureWorld Advisory Council members. By invite only.
12:45 pmNetworking BreakRegistration Level:- Open Sessions
12:45 pm - 1:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pmBalancing Act: Data, AI and Cybersecurity GovernanceCybersecurity Advisor (CSA), Integrated Operations Division | Region 1, CISARegistration Level:- Conference Pass
1:15 pm - 2:00 pmLocation / Room: 109Join a thoughtful discussion on balancing AI innovation, ethical data use, efficient data governance and secure cyber governance practices. Gain insights on the risks, challenges and responsibilities of managing AI technologies with ethical and regulatory frameworks while exploring the integration with cybersecurity.
1:15 pm[Panel] Navigating the Regulatory Landscape: Impact of New SEC Regulations on Cybersecurity LeadershipCIO & CISO, BTE PartnersPartner, K&L Gates LLPCISO, Putnam InvestmentsSecurity Program Manager, Office of the Secretary, Commonwealth of MassachusettsRegistration Level:- Conference Pass
1:15 pm - 2:00 pmLocation / Room: 102The introduction of new SEC regulations has reshaped the terrain for CISOs. This panel session brings together seasoned cybersecurity leaders to dissect the intricacies of these new regulatory measures and delve into their profound effects on CISOs and their teams. Topics to cover include compliance challenges, reporting and transparency, resource allocation, collaboration with legal and compliance teams, impact on incident response, and strategic planning for resilience. Gain actionable insights to steer your cybersecurity strategy in compliance with the new SEC regulations.
1:15 pm[Panel] Beyond the Shadows: Anticipating Tomorrow's Cyber ThreatsPublic Sector CTO, LookoutCEO, Envision Technology AdvisorsVP, Solution Architecture, HalcyonSr. Director, Systems Engineering – New England, FortinetAutomotive Solutions Director, Sec eDGERegistration Level:- Open Sessions
1:15 pm - 2:00 pmLocation / Room: 103In the dynamic realm of cybersecurity, the battle between defenders and digital villains is an ongoing saga. This forward-looking session will explore the evolution of cyber threats, forecasting the next wave of challenges that organizations and individuals may face. We aim to unmask the upcoming generation of digital villains, examining their sophisticated tactics and exploiting vulnerabilities that may become prevalent in the future.
Our distinguished panel of cybersecurity experts will dissect the motivations driving these threats, from the ever-adapting strategies of profit-driven cybercriminals to the evolving techniques employed by state-sponsored actors wielding cyberweapons. As we peer into the future, we will also address the role of emerging technologies in reshaping the threat landscape, providing insights that empower organizations to proactively defend against tomorrow’s cyber challenges.
Join us in this exploration of the unseen, as we strive to anticipate and understand the threats that lie beyond the shadows of the current cybersecurity landscape.
1:15 pmPublic Cloud Storage: Where Automation and Employees Take the StageSecurity Architect, HubSpotDirector, Security Transformation, NetskopeSr. Security Engineer, HubSpotRegistration Level:- Open Sessions
1:15 pm - 2:00 pmLocation / Room: 108Securing your sensitive info in the cloud doesn’t have to be a brain-buster. Figuring out where to kick things off, especially with cloud storage that’s been hanging around for a while, might seem like a wild ride. But fear not! We’re here to jazz it up and show you how HubSpot spiced things up with some snazzy automation and a user-friendly vibe, making our data protection game strong without throwing any curveballs at end users.
2:00 pmNetworking BreakRegistration Level:- Open Sessions
2:00 pm - 2:10 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:10 pmThe Transformation of Security Awareness and Professional TrainingFulbright Scholar, MSISPM Student, Carnegie Mellon UniversityFulbright Scholar, MSISPM Student, Carnegie Mellon UniversityRegistration Level:- Conference Pass
2:10 pm - 2:55 pmLocation / Room: 108Two graduate students from Carnegie Mellon University, with a combined 20 years of cybersecurity industry experience in the public and private sectors, share insights into the evolving landscape of security awareness and professional training. Gain a comprehensive understanding of the decade-long evolution of a vital risk management tool: the education of employees around cybersecurity via professional training programs.The co-presenters share the basics of security awareness training and dive into useful pieces of successful programs, including interactive activities such as gamification, continuous learning platforms, using dashboards to measure success (or failures), using AI, integrating security systems into the fabric of every organization, and more. Here what has worked, what hasn’t, and where security awareness and professional training are headed in an ever-changing cybersecurity landscape.2:10 pmLegal and Regulatory Risk: Challenges and Solutions for InfoSec LeadersFirst Vice President & Senior Consultant, Alliant InsuranceRegistration Level:- Conference Pass
2:10 pm - 2:55 pmLocation / Room: 103Information Security leaders are facing unprecedented challenges in managing core information assets and data alongside responding to increasing legal, regulatory, and insurance risks. This presentation outlines some of the core challenges facing leaders in these areas. Come ready to hear practical recommendations to ensure that leaders understand, manage, and respond to these risks while achieving broader security and organizational objectives.2:10 pmManaging SaaS Identity RiskCEO & Co-Founder, Grip SecurityRegistration Level:- Open Sessions
2:10 pm - 2:55 pmLocation / Room: 109Grip is an identity-based solution for discovering shadow SaaS services and user-SaaS relationships, identifying risk based on your organizations use of SaaS and governing access to unfederated SaaS applications.
3:00 pmNetworking Break and Dash for PrizesRegistration Level:- Open Sessions
3:00 pm - 3:30 pmLocation / Room: Exhibitor HallParticipating sponsors will announce their Dash for Prizes winners. Must be present to win.
Scan your badge at the Registration Desk to receive your CPE Certificate after Dash for Prizes.
3:45 pm[PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 4Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmLocation / Room: 105Today’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.
This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:
- How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
- How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
- How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
- How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
- How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.
The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.
3:45 pm[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 4vCISO, Cyber Risk Opportunities LLCRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmLocation / Room: 104Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
- AccessIT GroupBooth: 400
AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.
AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.
- AkeylessBooth: 450
Akeyless Security is the company behind Akeyless Platform, the leading Vaultless Secrets Management platform designed to protect credentials, certificates and keys across multi-cloud and DevOps Environments.
- Arctic Wolf NetworksBooth: 175
Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOC™ service is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting, and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit https://www.arcticwolf.com.
- Astrix SecurityBooth: 305
Astrix is the leader in securing non-human identities (API keys, service accounts, Access tokens,…), and extending identity security to machines. An RSA 2023 Innovation Sandbox finalist and a 2023 Gartner Cool Vendor for Identity First Security. We’ve raised $40M in total funding from the world’s top investors (CRV and Bessemer Venture Capital) tochange how apps connect to enterprises. We’re on a mission to allow businesses to leverage third-party apps and generative AI tools without compromising security, and we’re trusted by leading enterprises such as Priceline, Figma, Workato, and Agoda.
- Atlantic Data SecurityBooth: 325
Since 1993, Atlantic has been representing industry leading security products to help get customers to an acceptable level of IT security risk. Atlantic works extensively with both large enterprises and SMB markets, understanding their business goals before any solution is recommended. Atlantic’s strict focus ensures that customers receive the highest level of both service and support.
- AutomoxBooth: 400
Automox tackles one of today’s biggest cybersecurity challenges: misconfigured and out-of-date systems that can easily be exploited. Legacy tools simply cannot remediate known vulnerabilities as efficiently as modern IT demands. Automox is rewriting those rules with a cloud-native endpoint hardening platform that delivers unprecedented speed, simplicity, and automation—whether it is on-prem, in the cloud, or on the move.
- AxoniusBooth: 115
Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy with solutions for both cyber asset attack surface management (CAASM) and SaaS management.
- BeyondTrustBooth: 325
BeyondTrust is the worldwide leader in Privileged Access Management (PAM), empowering organizations to secure and manage their entire universe of privileges. Our integrated products and platform offer the industry’s most advanced PAM solution, enabling organizations to quickly shrink their attack surface across traditional, cloud and hybrid environments.
The BeyondTrust Universal Privilege Management approach secures and protects privileges across passwords, endpoints, and access, giving organizations the visibility and control they need to reduce risk, achieve compliance, and boost operational performance. We are trusted by 20,000 customers, including 78 of the Fortune 100, and a global partner network.
- BIO-keyBooth: 267
BIO-key is a trusted provider of Identity and Access Management (IAM) and Identity-Bound Biometric solutions that offer an easy and secure way to authenticate the identity of employees, customers, and suppliers while managing their access across devices and applications.
Over 1,000 global customers, including AT&T, the federal government, and 200+ higher education institutions trust BIO-key PortalGuard IDaaS, an award-winning IAM platform, to reduce password-related help desk calls by up to 95%, eliminate passwords, secure remote access, prevent phishing attacks, and improve productivity for the IT team. PortalGuard provides the simplicity and flexibility required to secure the modern digital experience with options for single sign-on, self-service password reset, and over 16 multi-factor authentication methods, and is the only IAM platform to offer Identity-Bound Biometrics.
As a global leader in biometrics, BIO-key is the only provider of an IAM platform with integrated Identity-Bound Biometrics (IBB). IBB is the only authentication method that permanently binds a biometric to the user’s digital identity, to provide the highest level of integrity – in other words to be sure that it is you authenticating, not an unauthorized user, or hacker, only you.
BIO-key has provided IBB software and hardware solutions for enterprise use cases, first as an industry leader with biometric fingerprint authentication software and fingerprint scanners, to now being the only vendor to offer a mobile application that uses a palm scan to authenticate the user, BIO-key MobileAuth with PalmPositive.
Backed by decades of expertise, BIO-key has a proven track record of successful IAM project delivery and strong customer relationships.
- BitSightBooth: 294
BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog, or follow @BitSight on X.
- BlackBerry CybersecurityBooth: 155
BlackBerry Cybersecurity is a leader in endpoint security, endpoint management, encryption, and embedded systems, protecting enterprises and governments around the world. Our end-to-end approach is deeply rooted in Cylance® AI and machine learning, providing continuous preventative protection, detection, and instant response. We extend protection for your organization against current and future cyberthreats by combining network and endpoint telemetry and by delivering innovative solutions in the areas of cybersecurity, safety, and data privacy.
- BlumiraBooth: 435
Blumira’s cloud SIEM platform offers both automated threat detection and response, enabling organizations of any size to more efficiently defend against cybersecurity threats in near real-time. It eases the burden of alert fatigue, complexity of log management and lack of IT visibility.
Blumira’s cloud SIEM can be deployed in hours with broad integration coverage across cloud, endpoint protection, firewall and identity providers including Azure, Office 365, G Suite, Crowdstrike, Okta, Palo Alto, Cisco FTD and many others.
- Bright SecurityBooth: 337
A powerful application & API security testing platform that security teams trust and developers love.
We integrate into your CI/CD pipeline and enable you to run DAST scans with every build. Identify a broad set of known (7,000+ payloads) and unknown (0-day) security vulnerabilities. Scan multiple protocols across Web, mobile & APIs. Built for developers with zero false positives and clear remediation instructions.
- Bugcrowd Inc.Booth: 238
By combining the world’s most experienced team of bounty experts and the market’s only enterprise-grade bug bounty platform, Bugcrowd connects organizations to a global crowd of trusted security researchers to identify vulnerabilities—before the adversaries do.
- CardinalOpsBooth: 125
CardinalOps delivers AI-powered detection content and metrics to ensure your SOC is protected from the MITRE ATT&CK techniques most relevant to your organization’s adversaries, infrastructure, and business priorities.
Leveraging proprietary analytics and API-driven automation, the platform continuously delivers new use cases enabling your SOC team to stay ahead of constant change in the attack surface and threat landscape – plus continuously identify and remediate broken rules and misconfigured log sources – so you can close the riskiest detection gaps that leave your organization exposed.
Founded in early 2020, CardinalOps is led by serial entrepreneurs whose previous companies were acquired by Palo Alto Networks, HP, Microsoft Security, IBM Security, and others. The company’s advisory board includes Dr. Anton Chuvakin, recognized SIEM expert and Head of Security Solution Strategy at Google (formerly Gartner Research VP); Dan Burns, former Optiv CEO and founder of Accuvant; and Randy Watkins, CTO of Critical Start.
- Cato NetworksBooth: 285
Cato Networks pioneered the convergence of networking and security into the cloud. Aligned with Gartner’s Secure Access Service Edge (SASE) and Security Service Edge (SSE) frameworks, Cato’s vision is to deliver a next generation secure network architecture that eliminates the complexity, costs, and risks associated with legacy IT approaches based on disjointed point solutions. With Cato, organizations securely and optimally connect any user to any application anywhere on the globe. Our cloud-native architecture enables Cato to rapidly deploy new capabilities and maintain optimum security posture, without any effort from the IT teams. With Cato, your IT organization and your business are ready for whatever comes next. For more information, visit https://www.catonetworks.com.
- Check Point Software TechnologiesBooth: 470
Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.
- ClarotyBooth: 293
Claroty empowers organizations to secure cyber-physical systems across industrial (OT), healthcare (IoMT), and enterprise (IoT) environments: the Extended Internet of Things (XIoT). The company’s unified platform integrates with customers’ existing infrastructure to provide a full range of controls for visibility, risk and vulnerability management, threat detection, and secure remote access. Backed by the world’s largest investment firms and industrial automation vendors, Claroty is deployed by hundreds of organizations at thousands of sites globally. The company is headquartered in New York City and has a presence in Europe, Asia-Pacific, and Latin America.
- CrowdStrikeBooth: 300
CrowdStrike sets the standard for cybersecurity in the cloud era. The CrowdStrike Falcon® platform protects and enables the people, processes, and technologies that drive modern enterprise, delivering superior protection, better performance, reduced complexity, and immediate time-to-value. CrowdStrike secures the most critical areas of enterprise risk—endpoints and cloud workloads, identity, and data—to keep organizations ahead of today’s adversaries and stop breaches.
- CyberArk SoftwareBooth: 335
CyberArk (NASDAQ: CYBR) is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including 50 percent of the Fortune 500, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.
- CyCognitoBooth: 190
CyCognito empowers companies to take full control over their attack surface by uncovering and eliminating the critical security risks they didn’t even know existed. Welcome to the Shadow Risk Revolution.
- D3 SecurityBooth: 185
D3 is building up MSSPs and SecOps teams by offering the most innovative, most reliable security automation platform — no matter the stack or scale required.
- Dazz Inc.Booth: 462
Dazz delivers unified remediation for fast-moving security and development teams. We plug into the tools that find code flaws and infrastructure vulnerabilities, cut through the noise, prioritize the vulnerabilities that matter, and deliver a one-click fix to code owners in a developer-friendly way. We fit into engineering teams’ existing workflow, massively streamline process, and meaningfully cut time-to-remediate.
- Egress Software TechnologiesBooth: 338
Egress Software Technologies Ltd is a UK-based software company. It provides a range of data security services designed to protect shared information throughout its lifecycle, offering on-demand security for organisations and individuals sharing confidential information electronically.
- Envision Technology AdvisorsBooth: 215
Envision Technology Advisors is a business and technology consultancy specializing in Digital Transformation, Cybersecurity, Business Continuity, Infrastructure Consulting, Web Design and Development, and much more. With offices in Rhode Island and the Boston area, Envision serves clients throughout New England and beyond.
- eShareBooth: 290
Helping organizations increase their productivity, operate more efficiently, and create optimal employee and client engagement through the power of frictionless and transparent collaboration.
We leverage your existing investments in Google and Microsoft without you needing to purchase a myriad of point solutions and in the process provide the following:
· Frictionless guardrails that will not get in the way of workflow.
· Unparalleled visibility into how your employees, customers and partners are using your content.
· Seamless authentication
· Use of your corporate branding to prevent returned, blocked or unsent files. - ExtraHopBooth: 400
ExtraHop is a force multiplier for IT teams struggling with increasing complexity. With the ExtraHop platform, organizations can regain control over the security and performance of their applications and infrastructure, and capitalize on their data analytics opportunity to improve business operations and results. Learn more at www.extrahop.com
- ForcepointBooth: 145
Forcepoint is transforming cybersecurity by focusing on what matters most: people’s behavior as they interact with critical data and systems. Forcepoint behavior-based solutions adapt to risk in real time and are delivered via a converged security platform, protecting the human point for thousands of enterprise and government customers. Our solutions include Cloud Security, Network Security, Data & Insider Threat Security.
- Ping IdentityBooth: 390
Ping Identity delivers intelligent identity solutions for the enterprise. We enable companies to achieve Zero Trust identity-defined security and more personalized, streamlined user experiences.
- FortinetBooth: 433
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.
- FortraBooth: 325
HelpSystems has long been known for helping organizations become more secure and autonomous. However, over the years, our customers have shared with us that it has gotten harder and harder to protect their data. As technology plays an increasingly important role in the way organizations operate, cyberthreats are evolving to become more powerful than ever before. If there’s one thing we’ve learned from being in an industry where the only constant is change, it’s that being adaptable is the best way to grow in the right direction. So we’ve listened to our customers’ concerns, problem-solved, and delivered with impressive results. Consequently, we’re a different company today — one that is tackling cybersecurity head-on.
That’s why HelpSystems is now Fortra, your cybersecurity ally. We’re bringing the same people-first support and best-in-class portfolio that you’ve come to expect from HelpSystems, only now we’re unified through the mission of providing solutions to organizations’ seemingly unsolvable cybersecurity problems. We offer leading solutions like data security, infrastructure protection, managed services, and threat research and intelligence. Throughout every step of our customers’ journeys, our experts are determined to help increase security maturity while decreasing the operational burden that comes with it. Because our team puts the same level of care into protecting our customers’ peace of mind as their precious data.
We’re driven by the belief that nothing is unsolvable.
We’re tenacious in our pursuit of a better future for cybersecurity.
We are Fortra. - GigamonBooth: 325
Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com.
- Google CloudBooth: 330
Google Cloud Security provides organizations with leading infrastructure, platform capabilities and industry solutions to help them solve their most critical business problems. Google Cloud Security helps customers protect their global operations with solutions such as zero trust security, application and data protection, fraud prevention, and threat detection and response.
- Grip SecurityBooth: 275
Grip brings the industry’s most comprehensive visibility across all enterprise SaaS applications–known or unknown for apps, users, and their basic interactions with extreme accuracy to minimize false positives. Armed with deep visibility, Grip secures all SaaS application access regardless of device or location as well as mapping data flows to enforce security policies and prevent data loss across the entire SaaS portfolio.
- Halcyon, IncBooth: 388
Halcyon is a cybersecurity company building products that stop ransomware from impacting enterprise customers. Halcyon’s core platform offers layered ransomware protection that combines pre-execution detection, behavioral modeling, deception techniques and, if all else fails, resiliency, recovery and isolation of impacted nodes. To learn more and get a demo, contact us today.
- HashiCorpBooth: 315
At HashiCorp, we believe infrastructure enables innovation, and we are helping organizations to operate that infrastructure in the cloud. Our suite of multi-cloud infrastructure automation products—all with open source projects at their core—underpin the most important applications for the largest enterprises in the world. As part of the once-in-a-generation shift to the cloud, organizations of all sizes, from well-known brands to ambitious start-ups, rely on our solutions to provision, secure, connect, and run their business-critical applications so they can deliver essential services, communications tools, and entertainment platforms worldwide.
- Horizon3.aiBooth: 212
Horizon3.ai’s mission is to help you find and fix attack vectors before attackers can exploit them. NodeZero, our autonomous penetration testing solution, enables organizations to continuously assess the security posture of their enterprise, including external, identity, on-prem, IoT, and cloud attack surfaces.
Like APTs, ransomware, and other threat actors, our algorithms discover and fingerprint your attack surface, identifying the ways exploitable vulnerabilities, misconfigurations, harvested credentials, and dangerous product defaults can be chained together to facilitate a compromise.
NodeZero is a true self-service SaaS offering that is safe to run in production and requires no persistent or credentialed agents. You will see your enterprise through the eyes of the attacker, identify your ineffective security controls, and ensure your limited resources are spent fixing problems that can actually be exploited.
- HPE Aruba NetworkingBooth: 340
At Aruba, a Hewlett Packard Enterprise company, we believe the most dynamic customer experiences happen at the Edge—an office, a hospital, a school, or at home. It’s anyplace work gets done and data is generated by users, devices, and things across your network. Our mission is to help customers capitalize on these opportunities by providing secure edge-to-cloud networking solutions. We use AI-based machine learning to deliver simpler, faster, and more automated networks that analyze data to help businesses thrive.
- HUB TechBooth: 150
HUB Tech partners with its clients becoming part of their support team. We work beside you to ensure you have a strategy that allows you to transform your Information infrastructure to keep up with the needs of your organization and your users. We have developed proprietary tools and strategies that have enabled us to lower cost and increase the quality of service to our client base, especially to state agencies, municipalities and school districts, where cost is a deciding factor in everyday decision making.
Our mission is simple – to take full ownership for all that we do, to protect those who trust in us, and to make lifelong clients from every customer contact.
- HuntersBooth: 270Hunters SOC Platform transforms security ops with AI and automation, providing a superior alternative to traditional SIEM systems. It streamlines threat detection and auto-investigation, empowering analysts with deeper insights and efficiency.
- InfobloxBooth: 475
Infoblox delivers modern, cloud-first networking and security experiences that are simple, automated, scalable and reliable. The company is the market leader with over 12,000 customers worldwide, including over 70 percent of the Fortune 500. The company’s portfolio of SaaS, data center, and hybrid offerings for DHCP, DNS, IPAM and security solutions enable organizations to leverage the advantages of on-premises and cloud-first architectures. The combination of NIOS, BloxOne DDI, BloxOne Threat Defense and threat intelligence services provide a robust foundation for connecting and securing the modern enterprise.
- InfraGard BostonBooth: 295
InfraGard is a United States government (FBI) and private sector alliance. InfraGard Boston was developed by the Boston FBI office in 1998 to promote protection of critical information systems. InfraGard provides formal and informal channels for the exchange of information about infrastructure threats and vulnerabilities. The purpose of the synergistic exchange is to allow members to better protect themselves and their corporate interests while enhancing the ability of the United States government to provide national security.
- InvictiBooth: 420
Invicti Security is transforming the way web applications are secured. An AppSec leader for more than 15 years, Invicti enables organizations in every industry to continuously scan and secure all of their web applications and APIs at the speed of innovation. Invicti provides a comprehensive view of an organization’s entire web application portfolio, and powerful automation and integrations enable customers to achieve broad coverage of even thousands of applications. Invicti is headquartered in Austin, Texas, and serves more than 3,500 organizations of all sizes all over the world.
- ISACA New England ChapterBooth: 105
The New England Chapter of ISACA® was founded in 1976. From the modest beginnings of its first meeting—which was held at Valle’s Steak House on Route 9 in Newton, Massachusetts—the chapter has grown to over 2000 members across four states (MA, NH, ME, VT).
The primary objective of the New England Chapter is to provide quality Information Systems audit and security-related education to support its members and their professional certifications.
- ISC2 Eastern MassachusettsBooth: 220
Advancing Information Security One Community at a Time
As anyone seriously involved in the information security profession can attest, peer networking is an invaluable resource. ISC2 Eastern Massachusetts Chapter provide members with the opportunity to build a local network of peers to share knowledge, exchange resources, collaborate on projects, and create new ways to earn CPE credits! - ISC2 Maine ChapterBooth: 220
The ISC2 Maine Chapter is a professional association authorized by the ISC2 the World’s Leading Cybersecurity Professional Organization created by ISC2 members and information security professionals living and working in Maine.
The ISC2 Maine Chapter is dedicated to providing education and regular meetings to help information security professionals in Maine. Our chapter benefits from a diverse membership that works in various organizations across important sectors such as healthcare, financial services, national defense, government, service providers, and many more.
- ISC2 Rhode IslandBooth: 159
The ISC2 Rhode Island Chapter is a professional association authorized by the ISC2 the World’s Leading Cybersecurity Professional Organization created by ISC2 members and information security professionals living and working in Rhode Island.
Our mission is to help further the profession and understanding of information security by providing professional growth to ISC2 members in Rhode Island in the form of educational presentations, live networking opportunities, and mentorship from our community of information security professionals and enthusiasts.
- ISSA New EnglandBooth: 440
The Information Systems Security Association (ISSA) is an international organization providing educational forums, publications, and peer interaction opportunities that enhance the knowledge, skills, and professional growth of its members’ information security professionals. The primary goal of ISSA is to promote management practices that will ensure availability, integrity, and confidentiality of organizational resources.
Since its inception in 1982, ISSA’s membership has grown to include more than 100 chapters around the world with members who represent a diverse collection of organizations, including major U.S. and international corporations, leading consulting firms, world-class educational institutions, and government agencies. From EDP audit and corporate security to contingency planning and disaster recovery, ISSA members are committed to protecting their organizations’ assets and resources.
Visit the National Headquarter’s website at www.issa.org.
- K LogixBooth: 165
K logix is the leading information security company. We provide security consulting, technology solutions, and integration services to enterprise companies. Our experienced team and our established process help enterprise customers make confident security decisions that impact their business goals.
- KeyfactorBooth: 230
Keyfactor brings digital trust to the hyper-connected world with identity-first security for every machine and human. By simplifying PKI, automating certificate lifecycle management, and securing every device, workload, and thing, Keyfactor helps organizations move fast to establish digital trust at scale—and then maintain it. In a zero-trust world, every machine needs an identity and every identity must be managed. For more, visit keyfactor.com or follow @keyfactor.
- KeysightBooth: 480
Keysight’s portfolio of network security solutions simulate threats, eliminate blind spots, taking control of a rapidly-changing attack surface. Be a hero, not a headline, by proving your network is secure simulating attacks, exposing gaps early, and course correct with step-by-step fixes; protecting users and applications with increased the efficiency, performance, and reliability of your security systems; patrolling every packet eliminating vulnerable blind spots and decrypt threats hiding in SSL traffic; and practice your cyber skills enhancing your security and attack response skills against real-world threats.
- KiteworksBooth: 400
Kiteworks’ mission is to empower organizations to effectively manage risk in every send, share, receive, and save of sensitive content. To this end, we created a platform that delivers content governance, compliance, and protection to customers. The platform unifies, tracks, controls and secures sensitive content moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all sensitive content communications.
- LaceworkBooth: 205
Lacework automates security across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), providing a comprehensive view of risks across cloud workloads and containers. Lacework’s unified cloud security platform provides unprecedented visibility, automates intrusion detection, delivers one-click investigation, and simplifies cloud compliance.
- LogRhythmBooth: 492
LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.
- LookoutBooth: 485
Lookout is a cybersecurity company that makes it possible for individuals and enterprises to be both mobile and secure. With 100 million mobile sensors fueling a dataset of virtually all the mobile code in the world, the Lookout Security Cloud can identify connections that would otherwise go unseen—predicting and stopping mobile attacks before they do harm.
- National Cybersecurity AllianceBooth: TBD
Our alliance stands for the safe and secure use of all technology. We encourage everyone to do their part to prevent digital wrongdoing of any kind. We build strong partnerships, educate and inspire all to take action to protect ourselves, our families, organizations and nations. Only together can we realize a more secure, interconnected world.
- NetAlly, LLCBooth: 173
Since 1993, we have been the #1 ally of network professionals worldwide. We began by making the world’s first handheld network analyzer, and have continued as industry pacesetters ever since, first as Fluke Networks® then NetScout®. Now, as an independent company, NetAlly continues to set the standard for portable network testing. We are a company founded by engineers, passionate about innovation, and motivated by one purpose: to create the best test equipment possible, designed with your success in mind. Period.
Our leading edge tools work hard to get the job done fast by…
• Simplifying the complexities of networks
• Providing instant visibility for efficient problem solving
• Enabling seamless collaboration between site personnel and remote experts.Your organization relies on you to keep their networks running. And just like you, we are reliable, practical, no-nonsense experts. We are your behind the scenes partner.
We are NetAlly.
- NetskopeBooth: 400
The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.
- New England Cyber Fraud Task Force (NECFTF)Booth: 295
The NECFTF is composed of officials from state and local law enforcement throughout Massachusetts, New Hampshire, Rhode Island, Vermont and Maine and is charged with preventing, detecting and mitigating complex cyber-crime threatening payment systems and critical infrastructure. The five task force officers represent the Concord Police Department, the Grafton County Sheriff’s Office, the Manchester Police Department and the Nashua Police Department.
- OasisBooth: 210
Oasis Security is the leading provider of Non-Human Identity Management (NHIM) solutions. NHI Management is a huge and unresolved security weakness that is constantly exploited by malicious cyber attackers. By enabling control over Non-Human Identities, we bridge the gap between devops/R&D and security ensuring our customers elevate their security posture while maintaining highly efficient operations.
- OktaBooth: 120
Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.
- OptivBooth: 280
Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.
- Panther LabsBooth: 385
Panther Labs was founded by a team of veteran security practitioners who faced the challenges of security operations at scale and set out to build a platform to solve them. The result is Panther, a refreshingly practical platform for threat detection and response powered by a highly scalable security data lake and detection-as-code.
- Picus SecurityBooth: 268
Picus Security is the pioneer of Breach and Attack Simulation (BAS). The Picus Complete Security Control Validation Platform is trusted by leading organizations worldwide to continuously validate the effectiveness of security controls against cyber-attacks and supply actionable mitigation insights to optimize them.
Picus has offices in North America, Europe and APAC and is supported by a global network of channel and alliance partners. The company is dedicated to helping security professionals become more threat-centric and via its Purple Academy offers free online training to share the latest offensive and defensive cybersecurity strategies.
- PonduranceBooth: 325
Pondurance delivers world-class Managed Detection & Response (MDR), Incident Response (IR), Vulnerability Management, and Advisory Services to industries facing today’s most pressing and dynamic cybersecurity challenges. Our U.S. based Security Operations Center (SOC) offers personal, proactive, and around-the-clock cybersecurity to protect the human experience. We take a risk-based approach to cybersecurity; so you know you are protecting your most valuable assets and reducing your cyber risk.
Our mission is to ensure that every organization is able to detect and respond to cyber threats—regardless of size, industry or current in-house capabilities. We believe AI and automation alone aren’t enough, you need ingenious human experience because attackers aren’t machines, they are people. We combine our advanced platform with decades of human intelligence to speed detection and response and contain cybersecurity threats quickly to ultimately decrease risk to your mission.
- ProofpointBooth: 180
Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.
Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.
- Qwiet AIBooth: 213
Qwiet AI provides SBOMs with the click of a button, so you can focus on producing secure code quickly and accurately. Save time manually tracking down libraries and keeping track in spreadsheets.
- RADICLBooth: 122
RADICL provides SMBs serving America’s Defense Industrial Base (DIB) and critical infrastructure Xtended Threat Protection (XTP). RADICL’s purpose-built and proprietary XTP™ platform delivers SMBs deep-spectrum™ threat protection and compliance management that is quick, easy, and affordable. The RADICL XTP™ Platform powers an AI-augmented virtual Security Operations Center (vSOC) that delivers heavily automated and expert-driven threat monitoring, threat hunting, incident response, vulnerability management, security awareness training, and managed compliance adherence. RADICL enables SMBs in the DIB to spend more time running a profitable business to support our country and less time worrying about security and compliance.
- RadwareBooth: 490
Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.
- Rapid7Booth: 445
Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.
- Robert HalfBooth: 100
Robert Half, the world’s first and largest specialized talent solutions firm, connects opportunities at great companies with highly skilled job seekers. We offer contract, temporary and permanent placement solutions for roles in finance and accounting, technology, marketing and creative, legal, and administrative and customer support. Named to Fortune’s World’s Most Admired Companies and 100 Best Companies to Work For® lists and a Forbes Best Employer for Diversity, Robert Half is the parent company of Protiviti®. Robert Half is traded on the New York Stock Exchange (symbol: RHI) and is a member of the S&P 500 index.
- RSA a Dell Technologies CompanyBooth: 325
RSA Business-Driven Security™ solutions provide organizations with a unified approach to managing digital risk that hinges on integrated visibility, automated insights and coordinated actions. With solutions for rapid detection and response, user access control, consumer fraud protection, and integrated risk management, RSA customers can thrive and continuously adapt to transformational change.
- Savvy SecurityBooth: 265
Savvy automatically discovers and remediates your most toxic combinations of SaaS identity risk. It also allows you to guide users at scale towards proper security hygiene using just-in-time security guardrails.
- SecurityScorecardBooth: 400
SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their third-parties through continuous, non-intrusive monitoring. SecurityScorecard’s proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Application Security, Malware, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Information.
- Security CompassBooth: 200
Security Compass, the Security by Design Company, is a leading provider of cybersecurity solutions, enabling organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows. Its developer-centric threat modeling offering, SD Elements, and Application Security Training solutions help organizations release secure and compliant software to market quickly and cost effectively.
Security Compass is the trusted solution provider to leading financial and technology organizations, the U.S. Department of Defense, government agencies, and renowned global brands across multiple industries. The company is headquartered in Toronto, with offices in the U.S. and UK. For more information, please visit www.securitycompass.com
- SeemplicityBooth: 460
Seemplicity offers a risk reduction and productivity platform that streamlines the way security teams manage risk reduction. By orchestrating, automating, and consolidating all remediation activities into a single workspace, Seemplicity is revolutionizing the way security teams drive and scale risk reduction efforts across organizations.Seemplicity streamlines and collaboratively transforms the remediation process for developers, DevOps, and IT across the organization, assisting them in achieving complete operational resilience and establishing a truly scalable security program.
- SentinelOneBooth: 425
SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.
- SentraBooth: 245
Sentra’s multi-cloud data security platform, discovers, classifies, and prioritizes the most business-critical data security risks for organizations, enabling more effective, faster remediation and compliance adherence.
Specializing in Data Security Posture Management (DSPM), Sentra ensures that the correct security posture moves with sensitive cloud data.
By automatically detecting vulnerabilities, misconfigurations, over-permissions, unauthorized access, data duplication, and more – Sentra empowers data handlers to work freely and safely with public cloud data, while leveraging rich insights to drive business growth and innovation. - SilverfortBooth: 235
Silverfort protects enterprises from data breaches, cyber attacks and insider threats, by preventing credential compromise and misuse across the entire corporate network and cloud infrastructure. Silverfort leverages patent-pending technology to seamlessly harden the basic authentication and access mechanisms used by all client devices and services, instantly equipping them with the latest authentication and access protection technology without any change or integration.
- Skybox SecurityBooth: 415
Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.
- SnykBooth: 255
Snyk is a developer-first security company that helps organizations use open source and stay secure. Snyk is the only solution that seamlessly and proactively finds and fixes vulnerabilities and license violations in open source dependencies and container images. Founded in 2015, Snyk is based in London, England.
- SophosBooth: 172
Sophos delivers superior cybersecurity outcomes by providing cybersecurity as a service to protect companies of all sizes from the most advanced cyberthreats. Our cybersecurity products and services include managed detection and response (MDR), firewall, email, endpoint (XDR), and cloud native security protection. Sophos products and services defend against ransomware, phishing, malware, and more. They connect through the cloud-based Sophos Central management console and are powered by Sophos X-Ops, our cross-domain threat intelligence unit. We provide fully managed security solutions so you can manage your cybersecurity directly with our security operations platform. Or, you can supplement your in-house team with Sophos’ products and services.
- StackHawkBooth: 465
StackHawk makes it simple for developers to find, triage, and fix application security bugs. Scan your application for AppSec bugs in the code your team wrote, triage and fix with provided documentation, and automate in your pipeline to prevent future bugs from hitting prod.
- Sumo LogicBooth: 400
Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world.
- SysdigBooth: 260
The Sysdig Secure DevOps Platform provides security to confidently run containers, Kubernetes and cloud services. Only Sysdig has the deep visibility needed to see all threats, vulnerabilities and suspicious activity. With Sysdig you can secure the build pipeline, detect and respond to runtime threats, continuously validate compliance, and monitor and troubleshoot cloud infrastructure and services.
Sysdig is a SaaS platform, built on an open source stack that includes Falco and sysdig OSS, the open standards for runtime threat detection and response. Hundreds of organizations rely on Sysdig to secure containers, Kubernetes and cloud services.
- SyxsenseBooth: 410
Syxsense is the world’s first software vendor providing cloud-based, automated endpoint and vulnerability management solutions that streamline IT and security operations. With our advanced platform, businesses gain complete visibility and control over their infrastructure, reducing IT risks and optimizing operational efficiency. Our real-time alerts, risk-based vulnerability prioritization, pre-built remediations, and intuitive automation and orchestration engine enable organizations to focus on their core business goals—confident in the knowledge that their enterprise is secure, compliant, and running smoothly. Rely on Syxsense to safeguard your IT infrastructure, so you can concentrate on what you do best—driving your business forward.
- TaniumBooth: 345
Tanium defends every team, endpoint and workflow against the largest attack surface in history by delivering the industry’s first convergence of IT management and security operations with a single platform under a new category, Converged Endpoint Management (XEM).
The integrated offering links IT operations, security and risk teams from a single pane of glass to provide a shared source of truth, a unified set of controls, and a common taxonomy that brings together siloed teams for a shared purpose—to protect critical information and infrastructure.
For more information, visit: https://www.tanium.com.
- Team CymruBooth: 430
Team Cymru’s mission is to save and improve human lives. We are unrivalled across three disciplines; digital business risk platforms, free to use community services and support services to over 143 Government CSIRT teams.
Our business risk and threat intelligence platforms empower global organizations with unmatched Threat Reconnaissance and Attack Surface Management capabilities to meet the challenges of today’s cyber threats.
Community Services equip those who run the internet to defend it from criminals who wish to disrupt and cause harm, and CSIRT enables Governments the tools to outmaneuver nation state threat actors.
Since 2005, our reputation remains unchallenged.
- ThalesBooth: 310
As the global leader in cloud and data protection, we help the most trusted brands and largest organizations in the world protect their most sensitive data and software, secure the cloud and achieve compliance through our industry-leading data encryption, access management, and software licensing solutions.
- ThreatLockerBooth: 250
ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com
- TigeraBooth: 110
Tigera provides the industry’s only active security platform with full-stack observability for containers and Kubernetes. We are also the creator and maintainer of Calico Open Source, the most widely used container networking and security solution. Calico software powers more than 100M containers across 2M nodes in 166 countries, and is supported across all major cloud providers and Kubernetes distributions.
- TinesBooth: 225
Founded in 2018 in Dublin by experienced security engineers, Tines makes enterprise automation simple.
Security and operations teams are too often stuck doing manual, repetitive tasks, and we want to change that. Tines is an automation platform designed to allow anyone to automate any manual task, regardless of complexity. No apps, plugins, or custom code required.
With 1,000+ template options for common security actions, Tines is power and simplicity through direct integration with your existing tools.
- TowerwallBooth: 130
Towerwall, a highly focused and specialized woman-owned cybersecurity company, has helped scores of companies safeguard their data and leverage their investment in IT with advanced cybersecurity technology solutions and services. Our experience in all facets of cybersecurity coupled with serving in the CIO/CISO/ISO roles provides a first-hand understanding of the security challenges companies face daily. We have built a solution set ranging from setting up a formal ISMP to cybersecurity policies for addressing GRC, immediate mitigation, vulnerability management, IRP/DR/BCP and vCISO.
- TrueFortBooth: 389
TrueFort® Platform puts you in control of lateral movement across the data center and cloud, protecting service accounts and against zero-day threats. The TrueFort Cloud extends protection beyond network activity by shutting down the abuse of service accounts. Founded by former IT executives from Bank of America and Goldman Sachs, leading global enterprises trust TrueFort to deliver unmatched application environment discovery and microsegmentation for accounts and activity.
- TufinBooth: 325
As the market leader of award-winning Security Policy Orchestration solutions, Tufin provides enterprises with the ability to streamline the management of security policies across complex, heterogeneous environments. With more than 2,000 customers, Tufin automatically designs, provisions, analyzes and audits network security configuration changes – from the application layer down to the network layer – accurately and securely. It assures business continuity with a tight security posture, rapid service delivery and regulatory compliance across physical, private, public and hybrid cloud environments.
- VaronisBooth: 170
Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.
- VeritiBooth: 380
Veriti is a fast-growing security infrastructure innovator that helps organizations maximize their security posture while ensuring business uptime.
Integrated with the entire security stack, Veriti provides a consolidated management layer that continually and proactively monitors exposure to threats and provides actionable remediation paths for security gaps and high-risk vulnerabilities across the organization’s infrastructure and attack surface.
- VezaBooth: 325
Veza is the authorization platform for data. Designed for hybrid, multi-cloud environments, Veza enables organizations to easily understand, manage and control who can and should take what action on what data. We empower customers to leverage the power of authorization for an identity-first approach to security, addressing critical business needs tied to managing access governance, data lake security, cloud entitlements, privileged access, and more. Global enterprises like Blackstone, ASAPP, Barracuda Networks, Choice Hotels, and a number of Fortune 500 and emerging organizations trust Veza to secure their enterprise data. Founded in 2020, Veza is headquartered in Los Gatos, California and is funded by Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures.
- WEIBooth: 237
Why WEI? We go further.
At WEI, we’re passionate about solving your technology problems and helping you drive your desired business outcomes. We believe in challenging the status quo and thinking differently. There are a lot of companies that can take today’s technology and create a great IT solution for you. But we do more. We go further. And we have the customer, vendor and industry awards to prove it. WEI is a premier technology partner, who always puts our customers first while providing the most innovative solutions for over 29 years.
- WiCyS Massachusetts AffiliateBooth: 195
The Massachusetts WiCyS Affiliate offers mentoring, learning, networking and career development to professionals at all stages of their cybersecurity careers, Whether you are a student just considering a career in cybersecurity or an experienced leader in the cybersecurity workforce, WiCyS provides tangible benefits and a supportive community of all genders. Our affiliate provides an online community for mentorship, networking, and collaboration as well as local meetups, community awareness programs, and support for other organizations with a common mission to bridge the Cybersecurity workforce gap while addressing diversity and inclusion of women and minorities.
- XM CyberBooth: 325
XM Cyber is a leading Continuous Exposure Management company that transforms the way organizations approach cyber risk, enabling security teams to prevent more attacks with 75% less remediation effort. Its XM Attack Graph Analysis™ capability discovers CVEs, misconfigurations, and identity issues across on-premise and all major cloud environments. It analyzes how attackers can chain exposures together to reach critical assets, identifies key “choke points”, and provides remediation guidance. Founded by top executives from the Israeli cyber intelligence community, XM Cyber has offices in North America, Europe, Asia, and Israel.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Henryk CiejekVP, Information Security, PayScale, Inc.
Henryk has actively been part of the technology space for over 25 years. He has worked at various companies ranging from start-ups to established global Fortune organizations. Throughout his career, he's worn many hats and titles, focusing on his passion for cybersecurity, business goals, and program building. Having been the first security leader in many of his roles, Henryk understands the challenges of urgent bootstrapping. He has created an approach and track record based on collaboration, risk management, and perspective. In his current role, Henryk oversees the security program for multiple platforms that help support the compensation analysis and planning needs for over 10,000 companies.
- Krista ArndtAssociate CISO, St. Luke's University Health Network
Krista Arndt is the Associate CISO at SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day to day operational effectiveness. Krista has been working in information security in various capacities for more than 15 years. In her previous roles, Krista assisted with developing and leading security programs in national healthcare, crypto, finance, and the Department of Defense. She currently holds her CISM and CRISC certifications and NHRA competition driver's license.
Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council, and is Marketing Committee Chair for Women in CyberSecurity (WiCyS) Delaware Valley Affiliate. Through this service, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.
When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.
- Brian McGowan, CISMVP, Global Security & Privacy, SharkNinja
Brian currently leads the cybersecurity and privacy program as Vice President, Global Security & Privacy at SharkNinja, a relentless innovator and global leader in the housewares industry. Previously, he served as head of IT security & compliance at Hasbro, where for seven years he led the maturity of a global cybersecurity program designed to meet everchanging cyber risk of a company that evolved from a toy manufacturer to a global entertainment company serving the film, unscripted TV, and online gaming industries. Prior to Hasbro, he served as Director of IT Compliance for Upromise, the Boston-based pioneer of loyalty and 529 college savings programs, where he led development of the company's PCI and SOX compliance programs.
Brian established himself as a leader in cybersecurity, privacy, and compliance program development. His career path differs from many IT professionals; he started his professional career in technology sales with Cabletron Systems in the mid-90s where he was first exposed to information technology and shifted to a career in IT operations in 2001. He was drawn to the structure of process and controls, which led to a role in IT security & compliance in 2005.
Brian has a passion for developing teams with a focus on individual team member success and career growth. He attributes relationship and team-building skills developed early in his career as a sales professional as keys to his program development and leadership success.
Education:
BS, Management Science, Bridgewater State University
Executive Leadership Professional Coach Program, AIIR Professional Consulting
Executive Leadership Certificate, Business Engagement & the Information Security Professional, Tuck School of Business
Executive Leadership Certificate, Harvard Leadership Management Program - Roy WattanasinResearch Security Officer, Massachusetts Institute of Technology
Roy Wattanasin is an information security professional. He is an avid speaker providing thought leadership at many conferences and webinars. Roy enjoys incident response and building security programs. He is involved with many computer security groups including the Boston Application Security Conference (BASC), OWASP Boston and other local associations. Roy is a member of multiple advisory groups, including SecureWorld Boston. He was previously an adjunct instructor at Brandeis University as part of the Health and Medical Informatics program. He is the co-founder of the decade-old program.
- Chris UssermanChief Technologist, Infoblox
Chris Usserman is the Chief Technologist with Infoblox Federal. Chris has over 33 years’ experience in the U.S. Intelligence Community helping clients understand and incorporate cyber business intelligence to improve cyber security programs. With a focus on the U.S. Government and public sector, Chris brings a public/private perspective to enhance the security posture of multiple sectors and communities of interest. Chris regularly speaks at domestic and international conferences on building more effective and mature cyber security programs. Prior to Infoblox, Chris served in several leadership roles, including Senior Director, Applied Intelligence and Director, Government Programs at iSIGHT Partners (now Mandiant Threat Intelligence). Chris was also a Lead Research Scientist (Cyber Ops) at Lockheed Martin’s Advanced Technology Laboratories and served 14 years in the U.S. Air Force.
- Graham BrooksLead Solutions Architect, Syxsense
Graham is a Pre-Sales Manager at Syxsense and has been working in the IT and Security industries for the last seven years. Before working at Syxsense, he was an IT Analyst for a major DOE and DOD Security manufacturing company. He currently holds the RHCE and Security Plus certifications.
- Stanley HammondSr. Security Engineer, Cape Cod Healthcare
Stanley Hammond has been in the IT field for the past 20 years and in the information security since 2006. He is currently a Senior Security Engineer in the healthcare field in Massachusetts. Throughout his career he has worked for non-profits, non-government organizations, higher education, and both public and private sector organizations. He is currently working in multiple areas including security awareness, incident response and proactive maintenance. He holds several industry recognized certifications including CISSP, CISM, CISA, HCISPP and CDPSE.
- Sean DonlonSr. Special Agent, U.S. Secret Service – Burlington, VT
A 22-year veteran of the United States Secret Service, Senior Special Agent Sean Donlon currently manages the Burlington office, overseeing investigations of cyber and financial crimes in the state of Vermont. Prior to his post in Vermont, Senior Special Agent Donlon served as an assistant attaché for the Secret Service in the United States embassy in Rome, Italy, where he was responsible for liaising with foreign law enforcement in over 60 countries, including those in Southern Europe, West Africa and the entirety of the Middle East. While there, he coordinated with the Polizia di Stato, Italy’s state police, in managing the European Cyber Fraud Task Force.
SSA Donlon began his law enforcement career with the Secret Service in Los Angeles, where he received training as a network intrusion specialist, responding to computer-related incidents throughout Southern California and serving as the deputy squad leader for the Los Angeles Cyber Fraud Task Force. In the years that followed, SSA Donlon continued to pursue training in a variety of cyber crime-fighting specialties before becoming a certified instructor at the James J. Rowley Training Center, the Service’s training academy.
- Travis KaylorSr. Special Agent, Boston Field Office, U.S. Secret Service
Senior Special Agent Travis Kaylor has spent the last 22 years in a variety of roles both domestic and abroad, focused on the dual mission of the United States Secret Service across both protection and investigations. He began his career as a Uniformed Division Officer assigned to the White House Branch and later as a Special Agent in the Washington Field Office. He was assigned to the New York Field Office where he led multi-agency fraud investigations, followed by an assignment to Former President William Clinton's protection detail. Currently, SSA Kaylor is assigned to the Boston Field Office and is a leader of the New England Cyber Fraud Task Force where he pursues complex, transnational cybercrime investigations involving foreign targets perpetrating cyber-attacks including ransomware, business email compromises, and network intrusions. During this tenure, SSA Kaylor represented the USSS as the Liaison Officer assigned to Europol's European Cybercrime Centre, Joint Cybercrime Action Task Force (J-CAT). In this role, he coordinated the most significant USSS-led cybercrime investigations within Europol, and worked collaboratively with more than 20 member countries on transnational cybercrime investigations.
SSA Kaylor is certified in Digital Forensics Incident Response - Network Intrusion (DFIR-NI), which manages the incident response capabilities of the USSS to cyber incidents. DFIR-NI provides investigative resources, cyber training, and operational resources to identify, mitigate, deconflict and facilitate the remediation of network intrusions, unauthorized access, malicious hacking, and other cyber based incidents. This includes intrusions into the financial sector, attacks against commercial enterprises, and violations of federal law.
SSA Kaylor is a graduate of Marist College in Poughkeepsie, New York and is pursuing a master’s degree at Boston College in their Cybersecurity Policy and Governance program.
- Peter LaRocheNetwork Intrusion Forensic Analyst, U.S. Secret Service – Manchester, NH
Peter LaRoche has served as a Network Intrusion Forensic Analyst (NIFA) with the US Secret Service out of the Manchester Resident Office since September 25, 2023. As a NIFA, Mr. LaRoche is responsible for providing expert guidance to the Secret Service as well as federal, state, and local partners in network and digital forensics. This includes the investigation of cyber related crimes such as network intrusions, ransomware, business email compromises, cryptocurrency related scams, the imaging and processing digital media, and conducting computer forensics examinations in support of criminal investigations.
NIFA LaRoche has over 20 years of law enforcement experience. He began as a Patrol Officer with the Nashua NH Police Department in 2003 and served as a member of the department’s Accident Reconstruction Unit, Unmanned Aerial Systems (UAS) Unit, and Computer Forensics Unit from which he retired as a Detective in 2023. In addition to his role as a Digital Forensics Examiner with the Nashua Police Department, he was also a Forensic Examiner for the NH Internet Crimes Against Children (ICAC) Task Force, Federally Deputized Task Force Officer with the United States Secret Service (USSS), and member of the New England Cyber Fraud Task Force (NECFTF). He is recognized as an expert in digital forensics in multiple legal jurisdictions in New Hampshire.
NIFA LaRoche holds numerous certifications related to digital forensics and network intrusion investigations and has attended well over 1000 hours of training in the field. He is a graduate of Skidmore College in Saratoga Springs, New York.
- Scott Margolis, ModeratorCISO, Massachusetts Bay Transportation Authority (MBTA)
Senior Information Technology/Security Executive with over 25 years of experience at premier institutions successfully building services and client relationships, developing methodologies, and integrating cross-functional skills. Specializes in information security and risk management, compliance, knowledge management, strategy, business continuity, and operational efficiency. Reputation for leading new initiatives focused on transforming operations, establishing partner/industry relationships, increasing revenue, and reducing cost and risk exposure. Proactive leader with intense focus on customers and beneficial outcomes.
- Oren KorenCo-Founder & CPO, Veriti
Oren Koren is the Co-Founder and Chief Product Officer of Veriti. Oren brings 19 years of experience in cybersecurity, advanced threat analysis, and product management,. Prior to founding Veriti, Oren was a Senior Product Manager at Check Point Software Technologies, where he led AI-based innovations and advanced data analytics projects redefining threat hunting and SIEM applications. Before Check Point, Oren served for 14 years at the prestigious 8200 unit and was responsible for different cybersecurity activities and research. Oren won the Israeli Security Award and 3 MOD awards for cutting-edge innovations in cyber security.
- Idan GourCo-Founder & CTO, Astrix Security
Idan Gour is the CTO and co-founder of Astrix Security, a leading enterprise solution securing app-to-app interconnectivity. Having served as a leader in the elite class of the Israeli Military Intelligence Unit 8200, his hands-on offensive and defensive cyber experience affords him a unique attacker point of view. Previously, Gour also led software development at Deep Instinct, a deep-learning AI cybersecurity company.
- Tim GalloHead of Global Solutions Architects, Google Threat Intelligence
Tim Gallo is the Head of Global Solutions Architects at Google, he specializes in Cyber Threat Intelligence and Risk everything from Intelligence Operations and Cyber Threat Profile development to risk based analytic approaches to Security Operations. He Joined Google Cloud through the acquisition of Mandiant by Google in 2022, he had spent 5 years at Mandiant prior to the acquisition in a variety of field facing roles covering the aforementioned topics. Before joining Mandiant, Tim leveraged his over 20 years’ experience in information security and intelligence operations to aid in the development and deployment of a number of solutions. Including building client and organizational expertise in Intelligence Led Security and Business Operations. This included the development and product management of some of the first cyber intelligence solutions ever brought to market. These solutions have included threat and vulnerability management tools, IOC prediction algorithms, intelligence services, and strategic intelligence consulting. Today he spends his days helping clients understand the importance of Intelligence as a guiding principle for building out effective security processes and operations and helping clients and vendors find ways to leverage technologies responsibly to build their cyber defense centers and security operations practices. Every once in a while he can be found out in the desert, sometimes on his Harley with a flamethrower, sometimes with just a flamethrower
- Dana TannattSr. Sales Engineer, Thales
Dana Tannatt graduated from Norwich University with a master’s degree in information security and assurance. He is also a member of the Upsilon Pi Epsilon honor society for Computing and Information Disciplines. He has been a Security and Privacy software specialist for more than 18 years. He has extensive experience with Identity Access Governance and Data Security. He is now at Thales as one of their premiere Data and Application Security Specialists.
- Ashley-Yvonne HowardSr. Cloud Security Strategist, Panther
Ashley-Yvonne Howard is an experienced cloud security strategist with a master's degree in Cybersecurity from the University of Denver, complementing her undergraduate degrees in German Language and Literature & Film Studies, which reflects her unique fusion of art and science. With a career marked by unwavering determination and adaptability, she has thrived in various technical roles at General Motors, LogRhythm, AttackIQ and Expel within the cybersecurity field, spanning red, blue, and purple team domains.
- Frederick Webster, CISM, ModeratorInformation Security Officer, Blue Cross & Blue Shield of Rhode Island
Frederick Webster leads Blue Cross & Blue Shield of Rhode Island’s cybersecurity program as their Information Security Officer. He has over 15 years of experience in the IT and Information Security fields with a background in Security Operations, Business Continuity and Information Assurance. He has experience in Healthcare, Retail Pharmacy, Pharmacy Benefits Management, and MSSP industries. Frederick is a credentialed ISACA CISM with a BS. in Management of Information Systems and an MBA.
- Mark OstrowskiHead of Engineering, East US, Check Point Software Technologies
Mark Ostrowski is the Head of Engineering for the East region of US at Check Point Software Technologies. Mark has over 25 years’ experience in IT security and has helped design and support some of the largest security environments in the country. As an evangelist and member of the Office of the CTO at Check Point Software, Mark provides thought leadership for the IT security industry, outlining the current threat landscape and helping organizations understand how they can proactively mitigate and manage risk in our world of digital transformation. Mark actively contributes to national and local media discussing cybersecurity and its effects in business and at home on media outlets such as the Today Show on NBC, Good Morning America on ABC, and the Wall Street Journal.
- Adam MeyersSVP, Counter Adversary Operations, CrowdStrike
As CrowdStrike’s Senior Vice President of Counter Adversary Operations, Adam Meyers leads the Threat Intelligence line of business for the company. Meyers directs a geographically dispersed team of cyber threat experts tracking criminal, state-sponsored, and nationalist cyber adversary groups across the globe and producing actionable intelligence to protect customers. He oversees the development and deployment of AI, machine learning, reverse engineering, natural language processing, and other technologies to detect suspicious and malicious cyber behavior and stop increasingly sophisticated adversaries. Meyers’ work in combining human intelligence and intelligence derived from technology continues to transform cybersecurity.
Meyers works closely with other departments within CrowdStrike to ensure the smooth and speedy integration of intelligence into CrowdStrike’s entire lineup of products and services. His team brings unprecedented insights into the activities of cyber threat actors, providing strategic and technical guidance to Fortune 100 businesses, major financial institutions, key government agencies, and other CrowdStrike customers. SC Magazine recently honored CrowdStrike’s record of achievement under Meyers with the 2019 Trust Award for Best Threat Intelligence Technology. Almost every week you will see Myers commenting on recent cyber threats and cyber attacks in leading broadcast, print, and online media.
Adam earned a Bachelor of Arts degree from the George Washington University where he studied Political Science, and Computer Science.
- Dan Murphy, ModeratorChief Architect, Invicti
Dan Murphy has 20+ years of experience in the cybersecurity space, specializing in web security, distributed systems, and software architecture. As a Chief Architect at Invicti, his focus is on ensuring that Invicti products across the entire organization work together to provide a scalable, performant, and secure dynamic analysis experience.
- Jon FredricksonVP, CISO, Surgery Partners, Inc.
Jon Fredrickson is Vice President & Chief Information Security Officer for Surgery Partners. Prior to Surgery Partners, Jon has held various leadership & CISO positions across healthcare in both the provider and payor markets. Jon has developed a pragmatic approach to implementing cyber security solutions and assisting his organizations in properly measuring and managing cyber risk. He graduated from the University of Rhode Island with a B. A. in Economics. Jon is a member of the Association for Executives in Healthcare Information Security, the Healthcare Sector Coordinating Council (HSCC) and is a Certified Information Security Manager.
- Brendan CampbellVP, Technology and Cybersecurity Audit & Advisory Services, Manulife
- Dmitriy SokolovskiySr. Vice President, Information Security, Semrush
Dmitriy is currently a Senior Vice President, Information Security at SEMrush. From 1999 to 2007 Dmitriy had first-hand experience with servers, networks and datacenters, and NOCs and SOCs as he worked and consulted for defense contractors, public and private financial and medical companies, and non-profits. Between 2007 and 2018, Dmitriy spent 11 years at CyberArk software, helping them go public as he was building and managing a cyber-security professional services team, personally participating in incident response and remediation for some of the largest breaches in US history, and then serving as a Cloud Security Architect for SaaS products utilizing CSA CCM and CIS CSC. In 2018, and until summer of 2023, Dmitriy helped Avid Technology, a pioneer and a leader in the movie and music industry since 1987, to establish its information security and product security functions.
Dmitriy holds Boardroom Qualified Technical Expert (QTE) certification from the Digital Directors Network (DDN) and serves on Advisory Boards for multiple information security start-ups, such as Oort (acquired by Cisco), The Cybernest, Exium, SaaSLicense (acquired by IBM), and advises venture capital, and private equity firms. He is a member of the GIAC Advisory Board, holds the GISF, GCED and CISSP certifications, and served as a SANS Mentor for all three.
- Patrick HaleyPrincipal Solutions Engineer, Lacework
Pat is a Principal Solutions Engineer for Lacework and has been with the company for 3.5 years. He spent the previous ~10 years working for Boston based Cyber Security companies in similar roles and prior to that focused on implementation and consulting work for data automation workflows. Having been in security for the past 10 years and seeing the power of data and automation throughout his career, Pat is excited to be with Lacework and helping his customers solve the variety of complex problems that come with securing public cloud environments.
- Anna BelakDirector, Office of Cybersecurity Strategy, Sysdig
Anna has 10 years of experience researching and advising organizations on cloud adoption with a focus on security best practices. As a Gartner Analyst, Anna spent six years helping more than 500 enterprises with vulnerability management, security monitoring, and DevSecOps initiatives. Anna's research and talks have been used to transform organizations' IT strategies and her research agenda helped to shape markets. Anna is the Director of Thought Leadership at Sysdig, using her deep understanding of the security industry to help IT professionals succeed in their cloud-native journey.
Anna holds a PhD in Materials Engineering from the University of Michigan, where she developed computational methods to study solar cells and rechargeable batteries.
- Debra BrownVice President, Savvy
Debra Brown brings over 25 years of experience in cybersecurity. Starting her career at Xerox and then honing her experience in high-growth startups like Ping Identity and Chainalysis, Debra excels in introducing innovative security technologies to the market. Her dedication extends beyond her professional sphere as she is also a passionate learner, book lover, and a devoted mother and wife in a loving, blended family.
- Rob SolomonSenior Cloud Solutions Architect – Alliances, Crowdstrike
Prior to his current role at CrowdStrike, Rob Solomon was a Senior Solutions Architect in the ISV segment at AWS, helping software companies migrate and modernize on AWS to accelerate their pace of innovation and operational efficiency. From past roles in SaaS operations and during his time at AWS, Rob experienced first-hand the challenges of implementing and managing cybersecurity in a fast-paced environment. As a Senior Cloud Solution Architect for the AWS alliance at CrowdStrike, Rob advocates for a comprehensive, results-oriented approach that helps customers focus on delivering business value instead of trying to untangle the complexities of hybrid cloud security. Rob enjoys spending time with family in coastal Maine, hiking and working on home improvement projects.
- Kevin Powers, J.D., ModeratorProfessor; Founder and Director, Master of Science in Cybersecurity Policy & Governance Program, Boston College
Kevin is the founder and director of the Master of Science in Cybersecurity Policy and Governance Program at Boston College, and an Assistant Professor of the Practice at Boston College Law School and in Boston College’s Carroll School of Management’s Business Law and Society Department. Along with his teaching at Boston College, Kevin is a Cybersecurity Research Affiliate at the MIT Sloan School of Management, and he has taught courses at the U.S. Naval Academy, where he was also the Deputy General Counsel to the Superintendent.
With over 20 years of combined cybersecurity, data privacy, business, law enforcement, military, national security, higher education, and teaching experience, he has worked as an analyst and an attorney for the U.S. Department of Justice, U.S. Navy, U.S. Department of Defense, law firms in Boston and Washington, D.C., and as the general counsel for an international software company based in Seattle, Washington. Kevin also is an expert witness and consultant with the Analysis Group and serves as a Director for the Board of Reading Cooperative Bank, a Trustee for the Board of Boston College High School, an Advisory Board Member for HYCU, Inc. and CyberSaint Security, and as a Member of the Boston College Law School Business Advisory Council. From 2016-2017, he was the Panel Lead for the Collegiate Working Group for the U.S. Department of Homeland Security's National Initiative for Cybersecurity Education (NICE). Kevin regularly provides expert commentary regarding cybersecurity and national security concerns for varying local, national, and international media outlets.
- Dr. Howard GoodmanSr. Technical Director, Skybox Security
Howard Goodman, with a distinguished career spanning two decades, has emerged as a pivotal figure in cybersecurity, seamlessly integrating strategic planning with hands-on cybersecurity applications across numerous sectors. His significant contributions to organizations like Skybox Security highlight his prowess in navigating through the intricate realms of cybersecurity. A U.S. Navy veteran and holder of a Ph.D. in Cyber Operations, specializing in meticulously formulating and implementing security strategies.
Throughout his journey, he has consistently demonstrated a steadfast ability to deliver tangible results, adeptly crafting strategies while precisely evaluating the risks, issues, and benefits of long-term initiatives. His unique talent lies in skillfully communicating complex technical concepts to both senior executives and non-technical stakeholders, ensuring a thorough understanding of the projects and strategies under his leadership. Dr. Goodman's trajectory in the field reveals a leader who not only navigates through the complexities of the digital and cybersecurity domain but also stands as a reliable guide, ensuring strategic and secure operations in all his endeavors.
- Josephine WolffAssociate Professor, Computer Science; Engineering Director, The Fletcher School at Tufts University
Josephine Wolff is an associate professor of cybersecurity policy at The Fletcher School at Tufts University. Her research interests include liability for cybersecurity incidents, international Internet governance, cyber-insurance, cybersecurity workforce development, and the economics of information security. Her first book "You'll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches" was published by MIT Press in 2018 and her second book "Cyberinsurance Policy: Rethinking Risk in an Age of Ransomware, Computer Fraud, Data Breaches, and Cyberattacks" came out from MIT Press in 2022. Her writing on cybersecurity has also appeared in Slate, the New York Times, the Wall Street Journal, the Financial Times, The Washington Post, The Atlantic, and Wired.
- Myriah V. Jaworski, Esq., CIPP/US, CIPP/EMember, Data Privacy & Cybersecurity, Clark Hill Law
Myriah Jaworski is a Member, Data Privacy and Cybersecurity, at Clark Hill Law. She represents clients in data breach actions, technology disputes, and in the defense of consumer class actions and related regulatory investigations stemming from alleged privacy torts and violations of the TCPA, BIPA, IRPA, and other state and federal privacy laws. Myriah also works with clients to devise and implement privacy and security compliance programs and to evaluate and implement new technologies, including enterprise-wide AI and machine learning tools. She is also been recognized as a Super Lawyer® for her Civil Litigation practice in 2018, 2019, 2020, and 2021.
- Rob BarberiDirector, Chief Client Officer, FINEX NA Cyber Security & Professional Risk, WTW
- Dan HopkinsVP of Engineering, StackHawk
Dan Hopkins, VP of Engineering at StackHawk, has been a software engineer for 20 years, working at high-growth startups such as VictorOps and LivingSocial and large high-tech companies such as Splunk. For the last ten years, he has focused on building tools for progressive engineering teams adopting DevOps and DevSecOps practices.
- Dave GoldField CTO, Americas, SentinelOne
Dave has more than 15 years experience in enterprise information security and brings a strong track record of innovation and customer focus to SentinelOne. Prior to SentinelOne, he was the VP of Product and VP of Solutions Architecture at ProtectWise and helped launch and build the company from stealth to a successful exit to Verizon. Dave helped define the network detection and response market and has helped many organizations develop detection and response strategies and to embrace cloud delivered technologies. He has also led Firewall Product Management at McAfee and has held various roles in sales engineering, product management and support at Websense, Intel, McAfee and Secure Computing.
- Sean Goodwin, Guest SpeakerSenior Manager, Wolf & Company, P.C.
Sean is a Senior Manager in Wolf’s DenSecure group. His role entails developing security reviews and managing projects, including security reviews, penetration tests, social engineering, and threat emulation. Sean has over ten years of experience in consulting and has worked extensively in the financial, healthcare, education, and software sectors.
Sean is also Wolf’s Lead QSA responsible for carrying out PCI DSS audits and mentoring Associate QSAs.
- John NewsomeSolutions Engineer, Claroty
John is a 30-year industry veteran in IT and cybersecurity and has worked for some of the most recognizable brands in cybersecurity such as Palo Alto Networks, Cisco Systems, Blue Coat (now Symantec), and Websense (now Forcepoint). John has been a guest speaker and panelist at numerous industry events and tradeshows and has served as a subject matter expert in advanced threat detection and remediation techniques.
- Jake ThomasEngineering Manager, Okta
Jake currently manages the Data Foundations team at Okta after transitioning from Principal Engineer on Okta's Defensive Cyber Operations team. He previously led data platform teams at Shopify and CarGurus, has taught various O'Reilly courses, and regularly contributes to data-oriented OSS projects.
- Amit ZimermanCo-Founder & CPO, Oasis Security
Amit Zimerman, Co-Founder and Chief Product Officer at Oasis, is a seasoned leader with a diverse technical and product background. Before co-founding Oasis, he played pivotal roles at CyberMDX, and Microsoft, bringing a wealth of product and security expertise. Amit also had significant contributions during his seven-year tenure in Israeli Military Intelligence forces as a leader of some of the high profile cyber projects at the time.
- Kip Boyle, ModeratorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Happy Hour
- Scott MargolisCISO, Massachusetts Bay Transportation Authority (MBTA)
Senior Information Technology/Security Executive with over 25 years of experience at premier institutions successfully building services and client relationships, developing methodologies, and integrating cross-functional skills. Specializes in information security and risk management, compliance, knowledge management, strategy, business continuity, and operational efficiency. Reputation for leading new initiatives focused on transforming operations, establishing partner/industry relationships, increasing revenue, and reducing cost and risk exposure. Proactive leader with intense focus on customers and beneficial outcomes.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Esmond Kane, ModeratorCISO, Steward Health Care
Esmond Kane brings more than two decades of expertise as a distinguished leader in information security, safeguarding vital sectors. With a rich leadership background at prestigious institutions like Harvard University, Mass General Brigham, and Steward Health Care, he also serves on the advisory boards of multiple companies, providing valuable insights on cyber matters. Kane excels as a trusted consultant to top executives and founders, ensuring secure IT operations, regulatory compliance, and resilient design. His stellar track record is a testament to his recognized authority in the field.
- Chas Clawson, Guest SpeakerField CTO – Security Solutions, Sumo Logic
- Col. Cedric LeightonCNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC
Cedric Leighton is a CNN Military Analyst and a retired United States Air Force Colonel. On CNN, he has provided incisive commentaries on the Israel-Hamas War, the War in Ukraine, the U.S. withdrawal from Afghanistan, and numerous other conflicts around the world. His analysis has been seen by millions of viewers around the world and provided much needed context to some of the most pressing national security issues of our time. As a U.S. Air Force officer, Colonel Leighton served at U.S. Special Operations Command, the Joint Staff, and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star. After serving 26 years as a U.S. Air Force Intelligence Officer, Col. Leighton founded a strategic risk consultancy and became the co-founder of CYFORIX, where he advises multinational businesses on developing better cyber strategies designed to reduce risk and unpredictability.
- VJ ViswanathanFounding Partner, CYFORIX (Former CISO & Sr. Executive at Keurig Dr Pepper, Comcast, HD Supply, and GE)
VJ Viswanathan is a seasoned technology executive recognized and awarded for innovation, business capability transformation, and thoughtful mentorship. Most recently, VJ is the founding partner at CYFORIX, a global cybersecurity research, advisory, and strategic consulting firm delivering solutions to public and private sectors. He also serves as the CEO at TORQE, a specialized advisory firm focused on analytics, automation, and convergent technologies. VJ is the co-host of ELEVATEINTEL, a podcast series at the nexus of technology, social, and defense.
With more than 25 years of pioneering enterprise technology, cybersecurity, privacy, and compliance & risk management experience, VJ has a detailed track record of designing, implementing, and leading highly successful programs, products, and services at multinational Fortune 100 brands spanning CPG, telecom, media, supply chain, healthcare, and finance segments. As a strategic thought leader, VJ has delivered the first of its kind "Supply Chain Security" & “Omni-channel Risk Management” frameworks. As a published author and featured keynote speaker at global industry events, he approaches disruptive digital paradigms with innovation, creativity, and active collaboration with his key industry peers, researchers, national & international law enforcement, and defense groups.
VJ is an active mentor at various incubators and accelerators groups, serves as an advisory board member for growth stage companies. As a strategic adviser to VC & PE firms, he specializes in developing market analysis, competitive product road maps, and guides in opportunity mapping. As a board member and subject matter advisor to CEOs and corporate directors, VJ evaluates and audits enterprise technology and cybersecurity programs for veracity and operational effectiveness.
VJ is passionate about animal rights and giving back to the technology and security industry. He has created a rescue and foster care group for large breed dogs. He is actively engaged with academic institutions and purpose-driven professional groups like Minorities in Cyber Security, where he serves as a board member and chair of mentorship programs to develop the next generation talent through coaching and facilitating scholarships for technology and cybersecurity education.
- Dmitriy Sokolovskiy, ModeratorSr. Vice President, Information Security, Semrush
From 1999 to 2007, Dmitriy had first-hand experience with servers, networks and datacenters, and NOCs and SOCs as he worked and consulted for defense contractors, public and private financial and medical companies, and non-profits. Between 2007 and 2018, Dmitriy spent 11 years at CyberArk software, helping them go public as he was building and managing a cyber-security professional services team, personally participating in incident response and remediation for some of the largest breaches in US history, and then serving as a Cloud Security Architect for SaaS products utilizing CSA CCM and CIS CSC. Dmitriy holds Boardroom Qualified Technical Expert (QTE) certification from the Digital Directors Network (DDN) and serves on Advisory Boards for multiple information security start-ups, such as Oort, Exium, SaaSLicense (acquired by Apptio), and advises venture capital, and private equity firms. He is a SANS Mentor, a member of the GIAC Advisory Board and holds the GISF, GCED and CISSP certifications.
- Brian CayerCISO, Keck Medicine of USC
- John FanaraDirector, IT Security, Plymouth Rock Assurance
John Fanara is the Director of IT Security at Plymouth Rock Assurance, a leading auto and home insurer in the Northeast. Before joining Plymouth Rock, John served as CISO at the Risk Management Foundation of the Harvard Medical Institutions (CRICO). John has been overseeing Security and IT Infrastructure teams for over 22 years and has a passion for maturing security programs. John is a Certified Information Systems Security Professional (CISSP).
- Dave HeaneyCISO, Mass General Brigham
- Esmond KaneCISO, Steward Health Care
Esmond Kane brings more than two decades of expertise as a distinguished leader in information security, safeguarding vital sectors. With a rich leadership background at prestigious institutions like Harvard University, Mass General Brigham, and Steward Health Care, he also serves on the advisory boards of multiple companies, providing valuable insights on cyber matters. Kane excels as a trusted consultant to top executives and founders, ensuring secure IT operations, regulatory compliance, and resilient design. His stellar track record is a testament to his recognized authority in the field.
- Justin Armstrong, ModeratorFounder, Armstrong Risk Management LLC
Justin Armstrong is a security, privacy, and regulatory compliance consultant with over 25 years of experience in the Healthcare Industry. He worked as a vCISO at FractionalCISO, managed security at Healthcare Cybersecurity startup Tausight, and led Product Security at MEDITECH, a top three Electronic Health Record vendor. He has engaged with Hospitals in nearly 100 ransomware incidents.
Recently he founded Armstrong Risk Management to provide guidance on security, privacy, and regulatory compliance to companies large and small.
He holds the CISSP and HCISPP certifications and obtained his Masters in Cybersecurity Leadership at Brandeis University.
- Fabio MartinsBISO, Omnicom Group
- Chad BarrDirector of Governance & Compliance, Risk Advisory Services, AccessIT Group
Chad Barr is a seasoned leader in the field of information security, currently serving as the Director of Governance, Risk and Compliance (GRC) within the Risk Advisory Service practice at AccessIT Group (AITG). With a proven track record of success, Chad brings a wealth of experience to AccessIT Group.
As a visionary leader in the realm of cybersecurity, Chad has honed his skills across multiple disciplines, including security engineering, project management, risk management, and compliance. His extensive background underscores his ability to guide organizations toward robust and resilient security postures.
- Jimmy BenoitVP, Cybersecurity & Program Management, PBS
- Ben HowardVP, IT & Cybersecurity, Inari Agriculture
Ben originally asked ChatGPT to write his bio, but felt it was self-aggrandizing, pompous, and unbearably long. After many efforts to tell ChatGPT to tone it down a bit, he gave up and wrote it himself. Ben is a Cybersecurity and IT leader with over 25 years of experience. He specializes in rapidly maturing cybersecurity programs from scratch, aka getting bored with mature programs and starting over somewhere new. The result is a wide variety of experiences across industries in both public and private sectors. Ben has a passion for teaching that extends beyond standard security awareness training. In the "before times", Ben was a SCUBA instructor and taught Microsoft technical certifications. He is a board member of a local charity supporting elementary school aged children, of which he has three.
- William KyrouzInformation Security Director, Paul, Weiss, Rifkind, Wharton & Garrison LLP
William (Bill) Kyrouz is Information Security Director at Paul Weiss, one of America’s most prestigious law firms. Bill has worked in the legal industry for about twenty years, with a four year stint in Higher Education Technology , and has served in dedicated Information Security roles for the last 12. Prior to Information Security he worked predominately in the realm of network management.
Bill has worked to stimulate the sharing of threat intelligence and security best practices within and across industries. In 2018 he was awarded the inaugural Security Professional of the Year Award from the International Legal Technology Association.
- Diana Riley, ModeratorVP, Sr. Manager - Cyber Oversight, Citizens Financial Group Inc.
Diana knows what is required to develop and enhance an information security program. She specializes in gathering evidence, preparing for and conducting information security audits, and due diligence visits. Additionally, she is an expert in assisting small to mid-size companies in presenting their information security posture to potential business partners and clients, guiding them through the complex and sometimes daunting process of answering vendor security/posture questionnaires, developing a compliant information security program, and remaining compliant with ever-evolving client demands.
Diana has a Bachelor of Arts degree in English Literature from the University of Massachusetts and a Master’s in Information Systems from Northeastern University. She currently sits on the board of directors for the Boston Chapter of InfraGard. She holds several information security (CISSP/ISSAP & C|CISO), data privacy (CIPM, CIPP/E, CIPT), and cyber security law (GLEG) professional certificates.Diana is originally from the island of Barbados in the West Indies. In her free time, she enjoys reading, star gazing, traveling, and, most of all, gardening.
- Bill BowmanCISO & Data Privacy Officer, Emburse
Bill Bowman has been the first CISO at five different organizations over the last 20 years. He has been in Educational Technology, Financial Technology, and B2B Growth companies. He was the founding President for the (ISC)2 Eastern Massachusetts organization 10 years ago. Bill lives in Framingham with his wife and five children.
As CISO, Mr. Bowman is responsible for managing the global responsibilities associated with Information Security, Physical Security, Privacy, Disaster Recovery, Business Continuity, Incident Response, and Insurance. Mr. Bowman has successfully implemented PCI-DSS, SOC 1, SOC 2, ISO 27001, ISO 27701, ISO 27017, and ISO 27018. Specialties: Executive Core Qualifications: Leading Change, Leading People, Results Driven (Metrics), Risk based decision making, Business/Industry Acumen, Building Coalitions. Management development, Talent development Technical Qualifications: Information Security, IT & business risk, IT governance & compliance (SOX 404), Regulatory compliance (GDPR), DR/BC, Mobility, Networking, Cloud security, Cloud privacy, Application vulnerability management, and other technical and non-technical related items.
- Katherine ChipdeyDirector, Solutions Engineering and Alliances, Automox
Katherine Chipdey has spent her career in Cybersecurity, consulting on how to simplify our understanding of the threat landscape and building programs for thousands of customers around EDR, SOAR, and MDR. At Automox, she helped build out the Solutions Engineer Team, where she focused on automating IT operations, reducing risk, and bridging that gap between security and IT for prospects and customers alike. Katherine now manages the technical channel relationships, enabling other IT and Security experts on how to use Automox in order to help their customers meet business needs and critical security goals like never before. Katherine has most enjoyed the opportunity to use her background and experiences in the the field to meet security/ IT teams, and enable them to be as successful as possible with their initiatives. Where a relationship can be made, she will try, as those meaningful interactions and the growth, learning, and connection they bring are invaluable to her. Outside of work, she could spend forever talking about her travels, archery, and pups.
- Ian ForrestGlobal VP of Solutions Engineering, Hunters
As the Global VP of Solutions Engineering at Hunters, Ian brings two decades of technology experience, specializing in application and database security, SOC operations, and SOAR. With a background in leading industry players, Ian’s contributions include several patents in the SOAR space, showcasing a sustained commitment to advancing cybersecurity solutions.
- Clinton HergetField CTO, Snyk
Clinton Herget is Field CTO at Snyk, the leader in Developer Security, where he focuses on crafting and evangelizing our strategic vision for the evolution of DevSecOps. A seasoned technologist, Clinton spent his 20-year career prior to Snyk as a web software developer, DevOps consultant, cloud solutions architect, and engineering director. Clinton is passionate about empowering software engineers to do their best work in the chaotic cloud-native world, and is a frequent conference speaker, developer advocate, and technical thought leader.
- Cátia PereiraManager, North American Sales Engineering, Kiteworks
Helping CISOs achieve complete visibility of the sensitive content across the enterprise network, and recognize and mitigate risk associated with that content.
- Aruna SreeramSr. Director, Product Management, Information Protection, Proofpoint
Aruna leads the Enterprise DLP and Insider Threat Management solutions at Proofpoint and joined the company in 2019 through the acquisition of ObserveIT. She has 20+ years’ experience in leading cybersecurity product and strategy at several organizations including Leidos, RSA, and Axeda (PTC). She is currently working within her organization and with customers on using AI/ML for Proofpoint’s suite of Information Protection solutions.
- James Thompson, ModeratorDirector, Information Security, Hypertherm Associates
James brings more than 20 years of experience in Information Technology including seven years in cybersecurity within the manufacturing vertical. He has a passion for team development and attributes his program’s success to relationship and team building skills developed earlier in his career. He started his career in higher education and has since shifted to private sector organizations and holds several industry certifications including CISSP, CISA, PMP and PCIP.
A motivated builder and problem solver who loves working with others to create the solutions that drive innovation, optimization, and change.
- David MonnierChief Evangelist, Team Cymru
David has been with Team Cymru since 2007. Prior, he served in the U.S. Marine Corps as a Non-Commissioned Officer. He then worked at Indiana University where he helped to build some of the most powerful computational systems of their day. He transitioned to cybersecurity and helped launch the Research and Education Networking ISAC. At Team Cymru, he has been an engineering leader, a Community Services team member, and a security analyst. David led efforts to secure the firm's intelligence infrastructure and established processes the firm relies on today. Currently, David assists CSIRT teams worldwide and fosters data sharing partnerships.
- Steve NaphyCIO, Morgan, Lewis & Bockius LLP
Steve Naphy serves as Morgan Lewis's Chief Information Officer. In his role, Steve concentrates on leveraging data analytics and process to drive efficiency and effectiveness in both business operations and the delivery of legal services. He has over 20 years of experience working in information technology (IT), including previously running information security at the firm for six years. Prior to joining Morgan Lewis, Steve held significant InfoSec roles in the retail and distribution industry. He holds an M.S. in information systems from Widener University and a B.S. from Drexel University.
- Krista Arndt, ModeratorAssociate CISO, St. Luke's University Health Network
Krista Arndt is the Associate CISO at SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day to day operational effectiveness. Krista has been working in information security in various capacities for more than 15 years. In her previous roles, Krista assisted with developing and leading security programs in national healthcare, crypto, finance, and the Department of Defense. She currently holds her CISM and CRISC certifications and NHRA competition driver's license.
Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council, and is Marketing Committee Chair for Women in CyberSecurity (WiCyS) Delaware Valley Affiliate. Through this service, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.
When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.
- Monsurat OttunCybersecurity Advisor (CSA), Integrated Operations Division | Region 1, CISA
- Sue BergamoCIO & CISO, BTE Partners
A global CIO & CISO, Sue brings broad technology and operational experience to help companies secure and grow through innovation, and optimization in cloud, on-prem environments and acquisition. She’s held strategic positions at Microsoft, ActiveCampaign, Precisely, Episerver, Aramark, and CVS Pharmacy. Sue is the author of "So, You Want to be a CISO?" and is a sought-after speaker, investor, executive advisor and a multiple industry award winner in cybersecurity.
- Julie RizzoPartner, K&L Gates LLP
Julie Rizzo is a partner in the firm's Capital Markets practice group. Julie has substantial experience representing companies in a variety of capital markets and corporate governance matters. She focuses her practice on advising clients on SEC reporting and disclosure issues, stock exchange compliance, and environmental, social and governance (ESG) matters. She also regularly assists clients on a variety of capital market transactions.
Julie’s prior professional experience brings a unique perspective to clients. By spending over six years in an in-house role at a large, New York Stock Exchange listed technology company, Julie has an understanding of the inner workings of corporate legal departments and the need for in-house legal teams to be able to provide business-focused legal advice. Additionally, Julie has gained a deep understanding of the regulatory process after spending five years in the Division of Corporation Finance at the U.S. Securities and Exchange Commission, which allows her to advise clients on disclosure and compliance matters through a sharper, regulatory focused lens.
- Gregory WilsonCISO, Putnam Investments
- Mike Ste Marie, ModeratorSecurity Program Manager, Office of the Secretary, Commonwealth of Massachusetts
Mike has over 17 years of experience in the Information Security field, working in multiple industries around the Boston area. He has helped build and improve information security programs, deploy and manage awareness training to over 1,000 staff members, as well audit networks against the CIS Controls. He holds the CISSP certification, has a Masters in Information Assurance from Norwich University and has been a long time member of the Secureworld Boston Advisory Council.
- Jim CoylePublic Sector CTO, Lookout
Jim Coyle is the U.S. public sector CTO at Lookout Security, utilizing his 20+ years of knowledge and expertise to help close the security gap many government agencies and organizations face today. A cybersecurity industry thought leader exploring geo-political cyber related issues, the latest threats and defense strategies, as well as industry trends providing insights through his career. Jim is currently responsible for leading the charge to redesign and revolutionize cybersecurity programs of customers to battle today's threats.
- Todd KnappCEO, Envision Technology Advisors
Todd has been providing IT services nationally for over 25 years and draws inspiration and insight from participation in a wide range of executive boards and industry associations. He has an extensive background in strategic planning and implementation of business technology solutions, and founded his firm Envision Technology Advisors. As a presenter, Todd speaks throughout the country on a variety of technology and business topics including: Modern Workplace, Digital Transformation, Cybersecurity, and Evolving Digital Culture to fit the Modern Workforce.
In his free time, Todd works with several non-profits and is also an avid sailor, wood worker, and scuba diver.
- Tommy PerniciaroVP, Solution Architecture, Halcyon
Tommy Perniciaro is a highly experienced cybersecurity professional with over 20 years of experience in protecting critical network assets and data against cyber threats. Tommy has extensive experience with security technologies, including DDoS mitigation, intrusion detection and prevention systems, firewalls, SIEMs, and vulnerability scanners. In addition to cybersecurity expertise, Tommy has a strong background in network infrastructure design, implementation, and management. Tommy has a deep understanding of complex network topologies, protocols, and technologies, including switches, routers, firewalls, load balancers, and VPNs.
- Brian SchwarzkopfSr. Director, Systems Engineering – New England, Fortinet
Brian Schwarzkopf is the Senior Director of Engineering for New England Enterprise at Fortinet. As an active leader in Fortinet’s wider engineering team, Brian and his team help organizations achieve their cybersecurity objectives with solutions for tooling, staffing and processes that enable greater security effectiveness. Whether in areas of automation and orchestration, evolving SOC teams in active threat hunting, and heightening overall visibility, Brian and the Fortinet team are oftentimes helping customers achieve a deeper convergence of networking and security, as organizations look to take advantage of next generation platform solutions from a leading and mature cybersecurity vendor.
- Chad Childers, ModeratorAutomotive Solutions Director, Sec eDGE
Internationally recognized security thought leader. Expert on Threat Modeling, IoT Security, Threat Analysis and Risk Assessment (TARA), Cryptography, Application Security, and Agile Development Security.
Chad is a voting member of SAE Vehicle Cybersecurity Committee TEVEES18A that shapes the future of automotive security and leading a TARA standardization sub-committee.
- Nick DudaSecurity Architect, HubSpot
With over 25 years of experience in the cybersecurity industry, he has dedicated a decade to HubSpot, concentrating on safeguarding the corporate environment through the deployment of various cutting-edge security tools. Nick holds multiple vendor certifications, including Netskopes NSCO&A and NSCI&I. As a client of various security vendors, Nick swiftly becomes a subject matter expert in their tools. He takes the lead in organizing communities and webinars, and also holds positions on advisory boards.
- Michael FergusonDirector, Security Transformation, Netskope
Michael Ferguson is the Global Director for Security Transformation at Netskope. He is a highly customer-focused security professional, having worked in the cyber security industry for over 15 years across the Asia Pacific Region. Michael has been CISSP certified for over 7 years, speaking at various industry events (e.g. Gartner, AusCert, and AISA) on Data Loss Prevention, Zero Trust and Cloud Security Initiatives. Michael has extensive web, data and cloud security experience, specializing in running DLP, Zero Trust and Insider Threat programs.
- Jared LeeSr. Security Engineer, HubSpot
With nearly 10 years at HubSpot, Jared leads automation initiatives within the Corporate Security team, elevating security measures to new levels. With extensive experience in the cybersecurity field, he is dedicated to building automated solutions to safeguard HubSpot's environment, driven by a passion for detection and incident response.
- Delgerbayar LochinFulbright Scholar, MSISPM Student, Carnegie Mellon University
Delgerbayar Lochin is a Fulbright Scholar and 2nd-year master’s student in the Information Security Policy and Management program at Carnegie Mellon University. Preceding his degree pursuit at CMU, he accumulated 8 years of experience in both private and public sectors. During this time, he held key roles such as Team Leader at the Cybersecurity Center of the Mongolian Armed Forces and Information and Communications Technology Officer at the National Security Council of Mongolia. Notably, while serving in the Armed Forces, Delgerbayar was deployed to Afghanistan under the NATO-led Resolute Support mission as a National Liaison Officer for the Mongolian Contingent.
In addition to his rich blend of education and experience, Delgerbayar is a Certified Information Systems Security Professional (CISSP).
- Mendsaikhan AmarjargalFulbright Scholar, MSISPM Student, Carnegie Mellon University
Mendsaikhan Amarjargal, a Fulbright Scholar and a GXPN certificate holder (1103), is pursuing his graduate studies in Information Security Policy and Management at Carnegie Mellon University. Before embarking on his academic journey, Amarjargal amassed nine years of industry experience, during which he worked from an Information Security Analyst to the Chief Information Security Officer in one of Mongolia’s largest private sector companies. His commitment to the field extended beyond his professional obligations, as he served a seven-year tenure as a volunteer and later a board member for the Mongolian Computer Emergency Response Team and Coordination Center, an NGO NPO, where he also worked as a co-host for organizing cybersecurity conferences and ethical hacking competitions.
- Dominic KellerFirst Vice President & Senior Consultant, Alliant Insurance
Dominic Keller has global experience across the cybersecurity, law and risk management fields. Dominic has worked as an attorney in Australia and California, a cyber risk consultant, and a cyber insurance broker with domestic and international companies across many industries. He holds the CISSP certification and has studied Corporate Strategy at the Chicago Booth School of Business.
Dominic has worked extensively with organizations in developing cyber risk management strategies incorporating cybersecurity, legal, insurance, and business goals. He has advised Boards, C-suites, and organizational leaders in implementing effective cyber risk governance approaches, and is a regular speaker at conferences and industry events.
- Lior YaariCEO & Co-Founder, Grip Security
Lior has vast experience in cybersecurity having worked as a practitioner, investor, and entrepreneur, providing him with a deep understanding of identifying key innovations and the business dynamics of building successful companies. Prior to Grip, Lior was CTO for YL Ventures and a member of the YL Ventures Insiders Network, and served as a training commander for the Israeli Intelligence Corps, Unit 8200.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes