- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, March 12, 20257:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 4:15 pmLocation / Room: Registration Desk / LobbyCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] AI Unleashed: Cybersecurity Strategies for an Autonomous Future - Part 1Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amArtificial Intelligence (AI) technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI-based applications (a classic example being a self-driving car) can make detailed recommendations to users and experts and act independently, replacing the need for human intelligence or intervention.
Recognizing the importance of technical standards in shaping development and use of AI, the U.S. President’s October 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (EO 14110) calls for “a coordinated effort… to drive the development and implementation of AI-related consensus standards, cooperation and coordination, and information sharing” internationally.
This PLUS Course focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity. Instructor Larry Wilson breaks down the course into four digestible lessons:
Lesson 1: What Is Artificial Intelligence: Includes an overview of Artificial Intelligence, how AI is used today (case studies), the current / future state of international AI standards.
Lesson 2: AI Security Threats: How threat actors are using AI to automate stages of the attack lifecycle, including reconnaissance, evasion, privilege escalation, lateral movement, and exploitation.
Lesson 3: AI Security Standards: (1) Secure Design – risks and threat modelling; (2) Secure Development – supply chain security, documentation, asset and technical debt management; (3) Secure Deployment – protecting infrastructure from compromise, threat or loss, incident management, and responsible release; and (4) Secure Operation and Maintenance – logging and monitoring, update management and information sharing.
Lesson 4: AI Risk Management Playbook: (1) Govern – policies, processes, procedures and practices across the organization related to the mapping, measuring and managing of AI risks are in place, transparent, and implemented effectively; (2) Map – context is measured and understood; (3) Measure – appropriate methods and metrics are identified and applied; (4) Manage – AI risks based on assessments and other analytical output from the Map and Measure functions are prioritized, responded to, and managed; (5) Roadmap – key activities for advancing the NIST Artificial Intelligence Risk Management Framework.
Upon completion of the class, attendees will have an up-to-date understanding of AI and its impact on cybersecurity. They will learn what actions organizations should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.
7:30 am[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 1vCISO, Cyber Risk Opportunities LLCRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amHave you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 4:15 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amAdvisory Council Roundtable Breakfast (VIP / Invite only)Registration Level:- VIP / Exclusive
8:00 am - 8:45 amModerated discussion for SecureWorld Advisory Council members. By invite only.
8:00 amAssociation Chapter MeetingsRegistration Level:- Open Sessions
8:00 am - 8:45 amParticipating professional associations and details to be announced.
8:00 amAre You in a Dysfunctional Relationship with the HR Department?Executive Director, National Cybersecurity AllianceRegistration Level:- Open Sessions
8:00 am - 8:45 amWhen HR and security teams understand their respective roles, value each other, and have an open, productive partnership, life is good. They can help each other be more effective and complement each other’s functions. Unfortunately, that symbiotic state can be hard to achieve. For security teams, HR folks can be hard to understand. Sometimes they seem like a great advocate for security, and at other times they can seem more like a blocker of our efforts to better secure the organization.
For HR professionals, dealing with the security team can be a challenge. For example, the security team might send out an emotionally-triggering simulated phish to everyone in the organization, causing numerous employee complaints that HR has to manage. So what can you do if you don’t have the best relationship with the HR team?
This talk, based on years of experience navigating the relationship between HR and security teams, will cover the issues that cause the biggest disconnects between HR and security. We’ll look at the issues from both sides and cover proposed solutions for each. Improving the relationships for both departments can lead to happier HR and security professionals who are more effective in their roles, and a company that’s better protected and prepared against cyber threats.
8:45 amNetworking BreakRegistration Level:- Open Sessions
8:45 am - 9:00 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
9:00 am[Opening Keynote] Cybercrime: Protecting Vulnerable Communities in New EnglandCIO & Commissioner, Department of Information Technology, State of New HamsphireCISO, State of ConnecticutCISO, State of New HamsphireRegistration Level:- Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterAs cybercrime evolves, vulnerable communities across New England face increasing risks, from phishing scams targeting seniors to ransomware attacks on small municipalities. This panel brings together CISOs and a CIO from New England states to discuss the unique challenges and strategies for safeguarding these communities. Our panelists share insights on regional collaboration, public-private partnerships, and proactive measures to strengthen cybersecurity resilience. Come ready to gain a deeper understanding of how state governments are working to protect their most at-risk populations and critical infrastructures.
9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:15 amWhat Are We Looking For? Navigating Cybersecurity PrioritiesCISO, Massachusetts Bay Transportation Authority (MBTA)Registration Level:- Conference Pass
10:15 am - 11:00 amThis session provides a unique perspective on how the CISO of the MBTA navigates cybersecurity challenges in critical infrastructure. Scott Margolis will delve into managing an ever-evolving threat landscape with constrained resources while prioritizing safety, operational resilience, and the secure, effective use of digital assets. Attendees will learn practical strategies for balancing risks and focusing efforts on actions that have the greatest impact on protecting vital operations and ensuring continuity.
10:15 am[Panel] Beyond the Single Point of FailureLessons from Recent Vendor Incidents and Strategies for ResilienceRegistration Level:- Conference Pass
10:15 am - 11:00 amRecent incidents involving major cybersecurity vendors like CrowdStrike and Microsoft have highlighted the critical issue of single-point failures in our digital defense ecosystems. This panel session delves into the aftermath of these events and explores the broader implications for organizational cybersecurity strategies. Our expert panel discusses:
- The dangers of over-reliance on single vendors: Exploring the risks associated with putting all your security eggs in one basket.
- Developing a multi-vendor strategy: Balancing the benefits of integrated solutions with the need for redundancy and resilience.
- Incident response planning: Preparing for vendor-related outages or failures as part of your overall cybersecurity strategy.
- Future outlook: How the industry might evolve to address these challenges.
Gain valuable insights into creating more resilient security architectures that can withstand vendor-specific incidents.
10:15 amStarting Your Zero Trust Journey on the Right FootRegistration Level:- Open Sessions
10:15 am - 11:00 amSession description to come.
10:15 amHarnessing Data Analytics for Robust Fraud Detection and PreventionRegistration Level:- Open Sessions
10:15 am - 11:00 amSession description to come.
11:00 amNetworking BreakRegistration Level:- Open Sessions
11:00 am - 11:10 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
11:10 amExploiting the Human Side: Phishing, Social Engineering, and Con ArtistsRegistration Level:- Conference Pass
11:10 am - 11:55 amSession description to come.
11:10 amCommunicating Effectively to the BoardRegistration Level:- Conference Pass
11:10 am - 11:55 amSession description to come.
11:10 amMicro Segmentation: What You Need to KnowRegistration Level:- Open Sessions
11:10 am - 11:55 amSession description to come.
11:10 am[Panel] The Evolving Cyber Threat Landscape: Tales of Villains, Heroes, and ResilienceDirector, Solutions Engineering, PenteraRegistration Level:- Open Sessions
11:10 am - 11:55 amToday’s professionals face challenges reminiscent of classic fairy tales: shadowy villains, unexpected allies, and battles for safety and survival. This panel will delve into the current threat landscape, from ransomware dragons to insider trolls. It will offer insights into the strategies and tools organizations need to craft their own happily ever after in cybersecurity.
12:00 pm[Lunch Keynote] Learning How to Story Tell to Move Cybersecurity ForwardRegistration Level:- Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterSession description to come.
12:00 pmAdvisory Council Roundtable Discussion (VIP / Invite only)A CISO's Guide to What Works in the Real World to Defeat RansomwareData-Driven Defense Evangelist, KnowBe4Registration Level:- VIP / Exclusive
12:00 pm - 12:45 pmModerated discussion for SecureWorld Advisory Council members. By invite only.
Ransomware attacks are causing significant financial and operational damage to organizations around the world. In this roundtable, we’ll look at tactics that have proven to defeat ransomware – and which have missed the mark.
This moderated interactive discussion tackles how to stop, detect, and mitigate ransomware. As leaders in the trenches, come ready to share and learn which steps you can take to transform security from a mere compliance exercise into a cornerstone of your company’s resilience and long-term success. Don’t miss this opportunity to have a peer-to-peer conversation on how to safeguard your organization from today’s most pervasive cyber threats.
Sponsored by:
12:45 pmNetworking BreakRegistration Level:- Open Sessions
12:45 pm - 1:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pmAI-Driven Cybersecurity: The Good, the Bad, and the UglyRegistration Level:- Conference Pass
1:15 pm - 2:00 pmSession description to come.
1:15 pmGet to Know, and Get Along with, Your General Counsel and CFORegistration Level:- Conference Pass
1:15 pm - 2:00 pmSession description to come.
1:15 pmBuilding a Strong Defense with PCI ComplianceRegistration Level:- Open Sessions
1:15 pm - 2:00 pmAs the cybersecurity landscape evolves, the associated PCI requirements supporting those security considerations are also changing. Is your organization well positioned to adapt to the updated guidance issued with version 4.0.1 and the upcoming implementation deadlines for the March 31, 2025, requirements? This presentation explores the essential quick wins for payment card security and PCI compliance related to the new version, 4.0.1, and how to best guard your cardholder data without committing the whole IT team defensive line to compliance-related tasks.
Key topics include:
- Rule Changes: Updates to PCI DSS in version 4.0.1
- Game Footage: Common High-Risk Misses
- Away Games: Future Dated (2025) Requirements
1:15 pm[Panel] Guardians of the Cyber Realm: Building Castles in the CloudVice President, Sales, ZluriRegistration Level:- Open Sessions
1:15 pm - 2:00 pmAs organizations migrate to the cloud, securing these virtual kingdoms requires a blend of innovation and vigilance. This panel will explore the challenges of cloud security, from defending against breaches to managing access, and how organizations can build cloud “castles” that are both robust and adaptable in the face of evolving threats.
2:00 pmNetworking BreakRegistration Level:- Open Sessions
2:00 pm - 2:10 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:10 pmCISO Liability: Digging into the Fallout After Major IncidentsRegistration Level:- Conference Pass
2:10 pm - 2:55 pmA new era of government criminal prosecution of C-suite executives began in 2022. That year, Uber’s former Chief Security Officer was convicted of criminal obstruction of justice for failing to disclose a breach to the FTC during an ongoing investigation. In 2023, the SEC brought criminal charges against SolarWinds’ CISO for fraud and internal control failures for allegedly misleading investors about the company’s cybersecurity practices. In July 2024, a federal judge tossed most, but not all, of the SEC’s charges against SolarWinds and its CISO. This session discusses the prosecutions of the Uber and SolarWinds CISOs and examines the contours of CISO personal liability following those landmark (and likely more to come) prosecutions.
2:10 pmManaging AI Platform Risk: How Security and Engineering Partner to Deliver Trusted ModelsRegistration Level:- Conference Pass
2:10 pm - 2:55 pmThis panel discusses why trust is so important to Salesforce and how we approach securing our Generative AI offerings for our customers. The panelists share best practices, tooling, and pitfalls to avoid along the way.
2:10 pmSecuring Success: The Impact of Networking, Education, and Certifications in CybersecurityRegistration Level:- Open Sessions
2:10 pm - 2:55 pmSession description to come.
2:10 pmHow to Build Trustworthy and Secure AI Systems: Key Frameworks & Vulnerabilities You Need to KnowRegistration Level:- Open Sessions
2:10 pm - 2:55 pmThe advancements of artificial intelligence (AI) have taken both popular culture and almost every industry by storm, due to the technology’s far-reaching abilities to augment human skills and bring safety and efficiency to several areas of our everyday lives. But these systems also bring with them a wealth of challenges, from ethics to security. We must be just as concerned about an organizations’ use of AI in critical workflows as we should be about LLMs disclosing sensitive data. How we evaluate these systems security, resilience, and robustness will be driven by well-established bedrock principles in both audit and assessments.
3:00 pmNetworking BreakRegistration Level:- Open Sessions
3:00 pm - 3:30 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
3:00 pmHappy HourRegistration Level:- Open Sessions
3:00 pm - 4:15 pmJoin your peers for conversation and complimentary beverages. This is a great opportunity to network with other security professionals from the area and discuss the hot topics from the day.
3:30 pm[Closing Keynote] The State of Cybersecurity in the RegionRegistration Level:- Open Sessions
3:30 pm - 4:15 pmSession description to come.
3:45 pm[PLUS Course] AI Unleashed: Cybersecurity Strategies for an Autonomous Future - Part 2Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmArtificial Intelligence (AI) technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI-based applications (a classic example being a self-driving car) can make detailed recommendations to users and experts and act independently, replacing the need for human intelligence or intervention.
Recognizing the importance of technical standards in shaping development and use of AI, the U.S. President’s October 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (EO 14110) calls for “a coordinated effort… to drive the development and implementation of AI-related consensus standards, cooperation and coordination, and information sharing” internationally.
This PLUS Course focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity. Instructor Larry Wilson breaks down the course into four digestible lessons:
Lesson 1: What Is Artificial Intelligence: Includes an overview of Artificial Intelligence, how AI is used today (case studies), the current / future state of international AI standards.
Lesson 2: AI Security Threats: How threat actors are using AI to automate stages of the attack lifecycle, including reconnaissance, evasion, privilege escalation, lateral movement, and exploitation.
Lesson 3: AI Security Standards: (1) Secure Design – risks and threat modelling; (2) Secure Development – supply chain security, documentation, asset and technical debt management; (3) Secure Deployment – protecting infrastructure from compromise, threat or loss, incident management, and responsible release; and (4) Secure Operation and Maintenance – logging and monitoring, update management and information sharing.
Lesson 4: AI Risk Management Playbook: (1) Govern – policies, processes, procedures and practices across the organization related to the mapping, measuring and managing of AI risks are in place, transparent, and implemented effectively; (2) Map – context is measured and understood; (3) Measure – appropriate methods and metrics are identified and applied; (4) Manage – AI risks based on assessments and other analytical output from the Map and Measure functions are prioritized, responded to, and managed; (5) Roadmap – key activities for advancing the NIST Artificial Intelligence Risk Management Framework.
Upon completion of the class, attendees will have an up-to-date understanding of AI and its impact on cybersecurity. They will learn what actions organizations should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.
3:45 pm[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 2vCISO, Cyber Risk Opportunities LLCRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmHave you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
- Thursday, March 13, 20257:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 4:15 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] AI Unleashed: Cybersecurity Strategies for an Autonomous Future - Part 3Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amArtificial Intelligence (AI) technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI-based applications (a classic example being a self-driving car) can make detailed recommendations to users and experts and act independently, replacing the need for human intelligence or intervention.
Recognizing the importance of technical standards in shaping development and use of AI, the U.S. President’s October 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (EO 14110) calls for “a coordinated effort… to drive the development and implementation of AI-related consensus standards, cooperation and coordination, and information sharing” internationally.
This PLUS Course focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity. Instructor Larry Wilson breaks down the course into four digestible lessons:
Lesson 1: What Is Artificial Intelligence: Includes an overview of Artificial Intelligence, how AI is used today (case studies), the current / future state of international AI standards.
Lesson 2: AI Security Threats: How threat actors are using AI to automate stages of the attack lifecycle, including reconnaissance, evasion, privilege escalation, lateral movement, and exploitation.
Lesson 3: AI Security Standards: (1) Secure Design – risks and threat modelling; (2) Secure Development – supply chain security, documentation, asset and technical debt management; (3) Secure Deployment – protecting infrastructure from compromise, threat or loss, incident management, and responsible release; and (4) Secure Operation and Maintenance – logging and monitoring, update management and information sharing.
Lesson 4: AI Risk Management Playbook: (1) Govern – policies, processes, procedures and practices across the organization related to the mapping, measuring and managing of AI risks are in place, transparent, and implemented effectively; (2) Map – context is measured and understood; (3) Measure – appropriate methods and metrics are identified and applied; (4) Manage – AI risks based on assessments and other analytical output from the Map and Measure functions are prioritized, responded to, and managed; (5) Roadmap – key activities for advancing the NIST Artificial Intelligence Risk Management Framework.
Upon completion of the class, attendees will have an up-to-date understanding of AI and its impact on cybersecurity. They will learn what actions organizations should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.
7:30 am[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 3vCISO, Cyber Risk Opportunities LLCRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amHave you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 4:15 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amAdvisory Council Roundtable Breakfast (VIP / Invite only)Registration Level:- VIP / Exclusive
8:00 am - 8:45 amModerated discussion for SecureWorld Advisory Council members. By invite only.
8:00 amAssociation Chapter MeetingsRegistration Level:- Open Sessions
8:00 am - 8:45 amParticipating professional associations and details to be announced.
8:00 amBenchmarking Your Cybersecurity FrameworkRegistration Level:- Open Sessions
8:00 am - 8:45 amMeasuring one’s cybersecurity framework against others in the same industry, or even outside of their vertical, can provide valuable insights into areas to improve or adjust.
8:45 amNetworking BreakRegistration Level:- Open Sessions
8:45 am - 9:00 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
9:00 am[Opening Keynote] How CISOs Can Elevate Influence and Become a Business DriverRegistration Level:- Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterFor today’s CISOs, it’s no longer enough to be just technical experts. This panel of top-level cybersecurity professionals representing the regions of Vancouver, B.C., Bozeman, and Seattle, breaks away from talking about the tired mantra of “speaking the language of the business” and instead dives into practical, real-world examples of how security leaders have successfully navigated the business landscape.
The discussion focuses on actionable strategies and tactics that have helped CISOs gain influence, secure funding, and elevate cybersecurity from a technical function to a critical business driver. Walk away with specific metrics, communication techniques, and actionable insights that have been proven to work in the real world—offering practical takeaways that can be implemented immediately. Get ready for a session that goes beyond the theory and delivers tangible answers to the challenges CISOs face today.
9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:15 amOwning Your Program by Reducing Cyber RiskOperating Partner | CISO, Welsh, Carson, Anderson & StoweRegistration Level:- Conference Pass
10:15 am - 11:00 amThere are hundreds of security vendors who can sell you their widget; will the tool insulate you from a data breach? Probably not! Get back to basics. Bill walks you through the non-negotiable items that you need in your program to ensure your cyber security program is going in the right direction.
10:15 amInvesting in Your Application Security ProgramsRegistration Level:- Conference Pass
10:15 am - 11:00 amSession description to come.
10:15 amBug Bounties: Tips from the TriagerRegistration Level:- Open Sessions
10:15 am - 11:00 amHear directly how someone who has spent years reviewing and prioritizing bug bounty program submissions approaches the task. In this talk, discover how to craft reports that stand out, ensuring your findings are presented for maximum impact and value. Discover the most common pitfalls to avoid, tips on how to structure your reports for clarity and precision, and hear highlights of the key elements triagers focus on to determine the severity and validity of vulnerabilities.
10:15 amTabletop Exercises: The Fun KindRegistration Level:- Open Sessions
10:15 am - 11:00 amTabletops are not new in incident response training. But oftentimes, they’re pretty dull or ridden with anxiety. But, what if we applied gamification and game-based learning techniques? By transforming tabletop exercises into interactive, engaging scenarios, with Dungeons & Dragons-style play, we can make them more memorable and effective!
This approach allows participants to practice critical skills, with a structure that encourages more balanced team involvement and participation, and dice-rolling to determine success and failure (that does a remarkable job in simulating a real-world experience). Enter HackBack Gaming! Why not build incident response “muscle” memory in a fun way? This session provides a foundation for you to start conducting exercises like this yourself right away.
11:00 amNetworking BreakRegistration Level:- Open Sessions
11:00 am - 11:10 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
11:10 amTracking the Massive Changes to Privacy Laws in the U.S.Registration Level:- Conference Pass
11:10 am - 11:55 amSession description to come.
11:10 amBuilding Trusted Partnerships to Enable Secure ProductsRegistration Level:- Conference Pass
11:10 am - 11:55 amIn today’s interconnected digital ecosystem, the security of any product is only as strong as its weakest link. This panel session explores the critical role of trusted partnerships in developing and maintaining secure products throughout their lifecycle.
Our distinguished panel delves into the challenges and opportunities of fostering collaborative relationships between vendors, suppliers, and customers to enhance product security. They examine how these partnerships can lead to more robust security measures, improved threat intelligence sharing, and faster response times to emerging vulnerabilities. Key topics include:
- Establishing trust in the supply chain
- Collaborative approaches to secure software development
- The role of transparency in building and maintaining trust
- Balancing intellectual property concerns with security needs
- Leveraging partnerships for more effective incident response
- Case studies of successful security-focused partnerships
11:10 amCyber Risk by the Numbers from a Cyber Insurance PerspectiveRegistration Level:- Open Sessions
11:10 am - 11:55 amYou’ve experienced a cyber incident. Does cyber insurance really pay? What’s actually a recoverable expense? How can insurance help? And when the insurance does pay, how do you balance the amount of insurance with cybersecurity priorities? In this session, we’ll evaluate the data and dig into recent real-world examples of how cyber insurance pays claims, what’s covered, the role of insurance in incident preparation and response, and how organizations are using analytics in decision-making.
11:10 am[Panel] The Quest for Cyber Resilience: Surviving the UnexpectedRegistration Level:- Open Sessions
11:10 am - 11:55 amThe quest for resilience is critical in the face of rising attacks, from ransomware to natural disasters. This panel will discuss how organizations can prepare for the worst, recover quickly, and learn from the past to ensure they are stronger for the battles ahead—turning every trial into a triumph in their cybersecurity story.
12:00 pm[Lunch Keynote] Behavioral Profiling: Know Thine EnemyCyber Behavioral Profiler, FBI (Ret.) and Modus CyberandiRegistration Level:- Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterUnderstanding your adversary is paramount. This keynote session delves into the dark arts of behavioral profiling, providing cybersecurity professionals with the tools to anticipate, analyze, and mitigate attacks. Learn how to:
- Profile Threat Actors: Identify the distinct behaviors, motivations, and tactics of different attacker groups, from script kiddies to sophisticated nation-state actors.
- Recognize Attack Patterns: Decipher the telltale signs of malicious activity by analyzing user behavior, network traffic, and system logs.
- Predict Future Attacks: Anticipate an attacker’s next move by understanding their goals, capabilities, and past behaviors.
- Strengthen Your Defenses: Develop proactive security measures and incident response strategies based on behavioral insights.
Cameron’s presentation is crucial for security analysts, incident responders, threat hunters, and anyone safeguarding digital assets.
12:00 pmAdvisory Council Roundtable Lunch (VIP / Invite Only)Registration Level:- VIP / Exclusive
12:00 pm - 12:45 pmModerated discussion for SecureWorld Advisory Council members. By invite only.
12:45 pmNetworking BreakRegistration Level:- Open Sessions
12:45 pm - 1:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pmChanging the Cultural Approach Toward Secure Code DevelopmentSr. Director, Cybersecurity, PCI Energy SolutionsRegistration Level:- Conference Pass
1:15 pm - 2:00 pmThe traditional way of repetitious secure code development training and pitching security by design and default is not working when we continually code scan and pen test and find code vulnerabilities due to a lack of adherence to coding standards and best practices.
Changing the enterprise approach towards secure code development through effective motivation and alignment on rewarding secure code development practices within the annual evaluation and bonus structure.
1:15 pmTabletop Exercises in Your PocketSr. Program Manager, MassCyberCenterResiliency Program Manager, MassCyberCenterRegistration Level:- Conference Pass
1:15 pm - 2:00 pmParticipate in the play-through of the CyberSecureDeck: Defend the Network Card Game, an interactive tabletop exercise card game, and learn how to identify, protect, respond, and recover from cyberattacks while creating a more cyber-aware culture. During the game, participants will be asked to assume a role in an organization impacted by a simulated cyberattack and discuss cyber incident response actions. Attendees will also be given a copy of the deck so they can facilitate simple tabletop exercises within their own organizations.
1:15 pmAddressing the Cybersecurity Skill Shortage Internally and ExternallyRegistration Level:- Open Sessions
1:15 pm - 2:00 pmThis presentation will cover accelerating skill development and cross-department collaboration efficiently and economically. Key takeaway: How to build a cyber guild and utilize it for expanded upskilling and role development.
1:15 pm[Panel] The Sorcerer’s Apprentice: Taming AI in CybersecurityHead of Trust and Security, ConveyorRegistration Level:- Open Sessions
1:15 pm - 2:00 pmAI can be both a powerful ally and a mischievous force if left unchecked. This panel will explore how organizations can harness the magic of AI for cybersecurity—automating defenses, detecting threats, and enhancing decision-making—while addressing the risks of bias, over-reliance, and adversarial AI. Use this transformative technology wisely to write your cybersecurity success story.
2:00 pmNetworking BreakRegistration Level:- Open Sessions
2:00 pm - 2:10 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:10 pmCognitive Computing in the New Age of AIRegistration Level:- Conference Pass
2:10 pm - 2:55 pmSession description to come.
2:10 pmIntegrating Transformative OT Cybersecurity ProgramsRegistration Level:- Conference Pass
2:10 pm - 2:55 pmSession description to come.
2:10 pmSocial Engineering: Training the Human FirewallRegistration Level:- Open Sessions
2:10 pm - 2:55 pmPhishing is one of the leading cyberattacks worldwide, resulting in numerous social engineering training exercises to train average users to defend against these attacks. This discussion focuses on research that took a pool of users with three different phishing campaigns. Each campaign progressively has a phish that should be more advanced to spot than the previous phish presented. The research shows the psychological reasoning behind why a user will interact with a phish, regardless of educational awareness. Results include why a 0% or 100% report rate is unrealistic and how to use phishing metrics to quantify risk in a business.
2:10 pmNavigating Third-Party Risk and Vendor ResilienceRegistration Level:- Open Sessions
2:10 pm - 2:55 pmIn today’s dynamic cyber risk landscape, risk managers must stay informed and adapt their strategies accordingly. Recent global cyber events have had a profound impact on critical functions across multiple sectors, underscoring the gravity of cyber events. Risk managers also face complexities from trends like reliance on third parties and evolving data protection laws.
To successfully navigate these challenges, risk managers are tasked with learning from significant cyber events, implementing best practices for managing third-party cyber risk, and staying updated on privacy regulations. This session assists risk managers in effectively mitigating cyber risks and safeguarding their organizations by discussing strategies for managing third-party cyber risk and providing updates on privacy regulations.
3:00 pmNetworking Break and Dash for PrizesRegistration Level:- Open Sessions
3:00 pm - 3:30 pmLocation / Room: Exhibitor HallVisit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.
Participating sponsors will announce their Dash for Prizes winners. Must be present to win.
3:45 pm[PLUS Course] AI Unleashed: Cybersecurity Strategies for an Autonomous Future - Part 4Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmArtificial Intelligence (AI) technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI-based applications (a classic example being a self-driving car) can make detailed recommendations to users and experts and act independently, replacing the need for human intelligence or intervention.
Recognizing the importance of technical standards in shaping development and use of AI, the U.S. President’s October 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (EO 14110) calls for “a coordinated effort… to drive the development and implementation of AI-related consensus standards, cooperation and coordination, and information sharing” internationally.
This PLUS Course focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity. Instructor Larry Wilson breaks down the course into four digestible lessons:
Lesson 1: What Is Artificial Intelligence: Includes an overview of Artificial Intelligence, how AI is used today (case studies), the current / future state of international AI standards.
Lesson 2: AI Security Threats: How threat actors are using AI to automate stages of the attack lifecycle, including reconnaissance, evasion, privilege escalation, lateral movement, and exploitation.
Lesson 3: AI Security Standards: (1) Secure Design – risks and threat modelling; (2) Secure Development – supply chain security, documentation, asset and technical debt management; (3) Secure Deployment – protecting infrastructure from compromise, threat or loss, incident management, and responsible release; and (4) Secure Operation and Maintenance – logging and monitoring, update management and information sharing.
Lesson 4: AI Risk Management Playbook: (1) Govern – policies, processes, procedures and practices across the organization related to the mapping, measuring and managing of AI risks are in place, transparent, and implemented effectively; (2) Map – context is measured and understood; (3) Measure – appropriate methods and metrics are identified and applied; (4) Manage – AI risks based on assessments and other analytical output from the Map and Measure functions are prioritized, responded to, and managed; (5) Roadmap – key activities for advancing the NIST Artificial Intelligence Risk Management Framework.
Upon completion of the class, attendees will have an up-to-date understanding of AI and its impact on cybersecurity. They will learn what actions organizations should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.
3:45 pm[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 4vCISO, Cyber Risk Opportunities LLCRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmHave you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
- 11:11 SystemsBooth: 570
11:11 Systems is a managed infrastructure solutions provider that empowers customers to modernize, protect, and manage mission-critical applications and data, leveraging 11:11’s resilient cloud platform.
- AccessIT GroupBooth: TBD
AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.
AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.
- AppOmniBooth: 300
AppOmni SaaS security helps security and IT teams protect and monitor their entire SaaS environment, from each vendor to every end-user
- BitdefenderBooth: 350
Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.
From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.
- Conveyor Inc.Booth: 280
Conveyor is the leading generative AI-powered platform that automates and scales the most tedious part of the sales process: customer security reviews. Trusted by the world’s top SaaS companies, Conveyor helps vendors build trust with customers while reducing the time spent on the mind-numbing task of sharing security information and answering security questionnaires by over 90%. Through the combination of its automated security questionnaire completion software and its trust portal, which allows documents and security information to be shared easily and securely, Conveyor ultimately helps vendors close sales faster. Conveyor’s lean team has deep and extensive collective experience in security and compliance.
- DelineaBooth: 135
Delinea is a leading provider of privileged access management (PAM) solutions that make security seamless for the modern, hybrid enterprise. Our solutions empower organizations to secure critical data, devices, code, and cloud infrastructure to help reduce risk, ensure compliance, and simplify security. Delinea removes complexity and defines the boundaries of access for thousands of customers worldwide. Our customers range from small businesses to the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies.
- Envision Technology AdvisorsBooth: 278
Envision Technology Advisors is a business and technology consultancy specializing in Digital Transformation, Cybersecurity, Business Continuity, Infrastructure Consulting, Web Design and Development, and much more. With offices in Rhode Island and the Boston area, Envision serves clients throughout New England and beyond.
- InfraGard BostonBooth: 295
InfraGard is a United States government (FBI) and private sector alliance. InfraGard Boston was developed by the Boston FBI office in 1998 to promote protection of critical information systems. InfraGard provides formal and informal channels for the exchange of information about infrastructure threats and vulnerabilities. The purpose of the synergistic exchange is to allow members to better protect themselves and their corporate interests while enhancing the ability of the United States government to provide national security.
- ISACA New England ChapterBooth: 105
The New England Chapter of ISACA® was founded in 1976. From the modest beginnings of its first meeting—which was held at Valle’s Steak House on Route 9 in Newton, Massachusetts—the chapter has grown to over 2000 members across four states (MA, NH, ME, VT).
The primary objective of the New England Chapter is to provide quality Information Systems audit and security-related education to support its members and their professional certifications.
- ISC2 Eastern MassachusettsBooth: 220
Advancing Information Security One Community at a Time
As anyone seriously involved in the information security profession can attest, peer networking is an invaluable resource. ISC2 Eastern Massachusetts Chapter provide members with the opportunity to build a local network of peers to share knowledge, exchange resources, collaborate on projects, and create new ways to earn CPE credits! - ISC2 Maine ChapterBooth: 220
The ISC2 Maine Chapter is a professional association authorized by the ISC2 the World’s Leading Cybersecurity Professional Organization created by ISC2 members and information security professionals living and working in Maine.
The ISC2 Maine Chapter is dedicated to providing education and regular meetings to help information security professionals in Maine. Our chapter benefits from a diverse membership that works in various organizations across important sectors such as healthcare, financial services, national defense, government, service providers, and many more.
- ISC2 Rhode IslandBooth: 159
The ISC2 Rhode Island Chapter is a professional association authorized by the ISC2 the World’s Leading Cybersecurity Professional Organization created by ISC2 members and information security professionals living and working in Rhode Island.
Our mission is to help further the profession and understanding of information security by providing professional growth to ISC2 members in Rhode Island in the form of educational presentations, live networking opportunities, and mentorship from our community of information security professionals and enthusiasts.
- ISSA New EnglandBooth: 440
The Information Systems Security Association (ISSA) is an international organization providing educational forums, publications, and peer interaction opportunities that enhance the knowledge, skills, and professional growth of its members’ information security professionals. The primary goal of ISSA is to promote management practices that will ensure availability, integrity, and confidentiality of organizational resources.
Since its inception in 1982, ISSA’s membership has grown to include more than 100 chapters around the world with members who represent a diverse collection of organizations, including major U.S. and international corporations, leading consulting firms, world-class educational institutions, and government agencies. From EDP audit and corporate security to contingency planning and disaster recovery, ISSA members are committed to protecting their organizations’ assets and resources.
Visit the National Headquarter’s website at www.issa.org.
- K LogixBooth: 640
K logix is the leading information security company. We provide security consulting, technology solutions, and integration services to enterprise companies. Our experienced team and our established process help enterprise customers make confident security decisions that impact their business goals.
- KnowBe4Booth: 100
We are a leader in the Gartner Magic Quadrant and the fastest-growing vendor in this space.
KnowBe4 is the world’s largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering.
The KnowBe4 platform is user-friendly and intuitive. It was built to scale for busy IT pros that have 16 other fires to put out. Our goal was to design the most powerful, yet easy-to-use platform available.
Customers of all sizes can get the KnowBe4 platform deployed into production twice as fast as our competitors. Our Customer Success team gets you going in no time, without the need for consulting hours.
- LightBeam.aiBooth: 125
LightBeam.ai, the zero trust data protection pioneer, converges and simplifies data security, privacy, and AI governance, so businesses can accelerate their growth in new markets with speed and confidence. Leveraging generative AI as a foundational technology, LightBeam ties together sensitive data cataloging, control, and compliance across structured, unstructured, and semi-structured data applications providing 360-visibility, risk remediation, and compliance with PCI, GLBA, GDPR, HIPAA among other regulations. Continuous monitoring with full data residency ensures ultimate zero-trust data protection. LightBeam is on a mission to create a secure privacy-first world.
- National Cybersecurity AllianceBooth: TBD
Our alliance stands for the safe and secure use of all technology. We encourage everyone to do their part to prevent digital wrongdoing of any kind. We build strong partnerships, educate and inspire all to take action to protect ourselves, our families, organizations and nations. Only together can we realize a more secure, interconnected world.
- New England Cyber Fraud Task Force (NECFTF)Booth: 295
The NECFTF is composed of officials from state and local law enforcement throughout Massachusetts, New Hampshire, Rhode Island, Vermont and Maine and is charged with preventing, detecting and mitigating complex cyber-crime threatening payment systems and critical infrastructure. The five task force officers represent the Concord Police Department, the Grafton County Sheriff’s Office, the Manchester Police Department and the Nashua Police Department.
- PenteraBooth: 290
Pentera is the category leader for Automated Security Validation, allowing every organization to test with ease the integrity of all cybersecurity layers, unfolding true, current security exposures at any moment, at any scale.
Thousands of security professionals and service providers around the world use Pentera to guide remediation and close security gaps before they are exploited.
- Rapid7Booth: 512
Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.
- SecuronixBooth: TBD
Securonix is redefining threat detection and response for today’s hybrid cloud, data-driven enterprise. Securonix Next-Gen SIEM and XDR are powered by the most advanced analytics and built on a scalable, flexible cloud native architecture. Securonix leverages behavioral analytics technology that pioneered the UEBA category to reduce noise, prioritize high fidelity alerts, and enable fast and precise response to insider and cyber threats.
- SilverfortBooth: 315
Silverfort protects enterprises from data breaches, cyber attacks and insider threats, by preventing credential compromise and misuse across the entire corporate network and cloud infrastructure. Silverfort leverages patent-pending technology to seamlessly harden the basic authentication and access mechanisms used by all client devices and services, instantly equipping them with the latest authentication and access protection technology without any change or integration.
- TaniumBooth: 515
Tanium defends every team, endpoint and workflow against the largest attack surface in history by delivering the industry’s first convergence of IT management and security operations with a single platform under a new category, Converged Endpoint Management (XEM).
The integrated offering links IT operations, security and risk teams from a single pane of glass to provide a shared source of truth, a unified set of controls, and a common taxonomy that brings together siloed teams for a shared purpose—to protect critical information and infrastructure.
For more information, visit: https://www.tanium.com.
- ThreatLockerBooth: 105
ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com
- VeritiBooth: 365
Veriti is a fast-growing security infrastructure innovator that helps organizations maximize their security posture while ensuring business uptime.
Integrated with the entire security stack, Veriti provides a consolidated management layer that continually and proactively monitors exposure to threats and provides actionable remediation paths for security gaps and high-risk vulnerabilities across the organization’s infrastructure and attack surface.
- WhisticBooth: 612
Whistic is a leading provider of proactive vendor security and an innovator in changing the way that companies publish and evaluate security posture to build trust. Whistic is the single source of trust for both buyers and sellers, helping companies speed up the pace of business. The Whistic Trust Catalog® now contains nearly 15,000 company profiles that can be assessed on-demand, and notable customers include Airbnb, Okta, Betterment, Vonage, Qualtrics, and other world-leading brands within healthcare, manufacturing, energy, and education.
- WiCyS Massachusetts AffiliateBooth: 195
The Massachusetts WiCyS Affiliate offers mentoring, learning, networking and career development to professionals at all stages of their cybersecurity careers, Whether you are a student just considering a career in cybersecurity or an experienced leader in the cybersecurity workforce, WiCyS provides tangible benefits and a supportive community of all genders. Our affiliate provides an online community for mentorship, networking, and collaboration as well as local meetups, community awareness programs, and support for other organizations with a common mission to bridge the Cybersecurity workforce gap while addressing diversity and inclusion of women and minorities.
- ZluriBooth: 285
Next-Gen Identity Governance & Administration platform for IT & Security teams to discover identities & applications, streamline access management, and automate access reviews in one single place
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Lisa PlaggemierExecutive Director, National Cybersecurity Alliance
Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.
- Denis GouletCIO & Commissioner, Department of Information Technology, State of New Hamsphire
- Gene MeltserCISO, State of Connecticut
- Ken WeeksCISO, State of New Hamsphire
Ken Weeks is the Chief Information Security Officer for the State of New Hampshire. He spent most of his adult life as a Naval Officer, Special Duty, Cryptology and Information Warfare, and retired as a CAPT (O6). Although most of his time was spent in the Pacific Theater, he also enjoyed several all-inclusive trips to Somalia, Iraq, and Afghanistan. After the Navy, he worked as an Executive Leader of Cyber Operations at the National Security Agency (NSA). Ken spent a couple years in the private sector as a Consultant with Booz Allen Hamilton and then moved to New Hampshire and back into public service. Since he always works in rooms with no windows and under artificial lights, he spends the rest of his time as an avid four seasons outdoor sportsman with his spouse, teenagers and two Irish Wolfhounds.
- Scott MargolisCISO, Massachusetts Bay Transportation Authority (MBTA)
Senior Information Technology/Security Executive with over 25 years of experience at premier institutions successfully building services and client relationships, developing methodologies, and integrating cross-functional skills. Specializes in information security and risk management, compliance, knowledge management, strategy, business continuity, and operational efficiency. Reputation for leading new initiatives focused on transforming operations, establishing partner/industry relationships, increasing revenue, and reducing cost and risk exposure. Proactive leader with intense focus on customers and beneficial outcomes.
- Panel Discussion
- Panel Discussion
- Thomas PoreDirector, Solutions Engineering, Pentera
Thomas Pore is the Director of Product Marketing at Pentera. He is a network security expert with a 20-year background utilizing NetFlow and packets for network detection & response (NDR), encrypted traffic analysis, ethical hacking, and incident response. His expertise is rooted in diverse experience with product marketing, product management, R&D, solution engineering, and incident response training. Thomas has led incident response training worldwide and has successfully uncovered the underpinnings of intricate infiltrations and advanced persistent threats. He has developed unparalleled insights through his hands-on experience in crisis response and live ransomware situations, becoming an advocate of better-protecting organizations through security control validation.
- Roger A. Grimes, ModeratorData-Driven Defense Evangelist, KnowBe4
Roger A. Grimes is a Data-Driven Defense Evangelist at KnowBe4. He is a 35-year plus computer security professional, author of 14 books and over 1,400 national magazine articles. He frequently consults with the world’s largest and smallest companies, and militaries, and he has seen what does and doesn’t work. He is the author of the Ransomware Protection Playbook (Wiley) .
Grimes was previously a weekly security columnist for InfoWorld and CSO magazines from 2005–2019. He regularly presents at national computer security conferences, and has been interviewed by national magazines and radio shows, including Newsweek magazine and NPR’s “All Things Considered.” Roger is known for his often contrarian, fact-filled viewpoints.
- Panel Discussion
- Konnor AndersenVice President, Sales, Zluri
Konnor is the Vice President of Worldwide Sales & Partnerships at Zluri, an identity security platform helping IT and security teams manage and secure SaaS applications. With nearly a decade in tech sales and leadership—from early-stage startups to $10B+ public companies—he brings extensive experience in scaling teams and driving growth. Konnor is passionate about building high-performing teams and shares insights on leadership and team building in today’s dynamic workplace.
- Happy Hour
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Bill BowmanOperating Partner | CISO, Welsh, Carson, Anderson & Stowe
Bill Bowman built the information security programs as the initial cybersecurity leader at Bright Horizons, Houghton Mifflin Harcourt, Eze Software, ZoomInfo, and Emburse. With over two decades of experience creating cybersecurity programs that meet rigorous certifications such as PCI, ISO 27001, ISO 27701, SOC 1, and SOC 2, he has consistently satisfied both client demands and regulatory requirements.
Bowman is passionate about data privacy, having established the Office of the Data Protection Officer at two organizations. His leadership has also contributed to the success of four companies that have exited private equity. Over the past 14 years, he has cultivated a strong network of security leaders, following his role as the founding President of the ISC2 Eastern Massachusetts chapter.
- Panel Discussion
- Cameron H. MalinCyber Behavioral Profiler, FBI (Ret.) and Modus Cyberandi
Cameron Malin, JD, CISSP, is the founder of Modus Cyberandi, a bespoke Cyber Behavioral Profiling consultancy specializing in the assessment of cyber threat actor decision making, adversary tradecraft, cyber deception, and cognitive vulnerabilities. As a retired Behavioral Profiler with the Federal Bureau of Investigation (FBI), he has more than 22 years of experience investigating, analyzing, and profiling cyber adversaries across the spectrum of criminal to national security attacks.
During his tenure in the FBI, he was the founder of both the FBI Behavioral Analysis Unit's (BAU) Cyber Behavioral Analysis Center (CBAC), the FBI BAU's methodology and application of science-based behavioral profiling and assessment to national security and criminal cyber offenders—and the BAU’s Deception and Influence Group (DIG), a uniquely trained and experienced cadre of Behavioral Profilers specialized in analyses and countermeasures to adversary cyber deception campaigns and influence operations.
He is a co-author of the authoritative cyber deception book, "Deception in the Digital Age: Exploiting and Defending Human Targets Through Computer-Mediated Communications" (published by Academic Press, an imprint of Elsevier, Inc.), and co-author of the Malware Forensics book series: "Malware Forensics: Investigating and Analyzing Malicious Code," "Malware Forensics Field Guide for Windows Systems," and "Malware
Forensics Field Guide for Linux Systems" (all published by Syngress, an imprint of Elsevier, Inc.). - Peter SamoraySr. Director, Cybersecurity, PCI Energy Solutions
Peter Samoray serves as a Senior Director of Cybersecurity at PCI Energy Solutions overseeing all aspects of strategic and operational security services. Peter comes from a very diverse security background with over 18 years of cybersecurity and technology experience across multiple industry sectors serving in various areas including operations, development, architecture, incident response, red/blue teams, and governance, risk & compliance roles. Peter has also served as a Data Protection Officer (DPO) at Relic Law PLLC for the last four years advising on cybersecurity and data privacy regulations to multiple clients.
Peter holds a Master’s Degree in Computer Information Systems from the University of Detroit Mercy, a Bachelor of Arts from Wayne State University, and a Certificate in Change Leadership from Cornell University. Peter has certifications for CISSP, CISM, CRISC, CISA, CIPP/US, CIPP/EU, and PMP.
- Max FathySr. Program Manager, MassCyberCenter
Max Fathy is responsible for supporting the MassCyberCenter’s workforce development efforts, including the Commonwealth Security Operations Center and Cyber Range Initiatives, the Cybersecurity Mentorship Program, and the Cybersecurity Training and Education Working Group, and building stronger relationships with the private sector cybersecurity community. Prior to joining the MassCyberCenter, Max worked as a Manager of Government Relations and Public Policy for ML Strategies, where he advised private sector companies across a range of industries on state and local public policy in Massachusetts. Max holds a Master of Arts in Law and Diplomacy with a focus on International Security and Technology Policy from the Fletcher School of Law and Diplomacy at Tufts University. During his studies at Fletcher, he served as a Rosenthal Fellow in the Office of the Under Secretary of Defense for Policy in the United States Department of Defense. He also received his B.A. in International Relations from Tufts.
- Meg SperanzaResiliency Program Manager, MassCyberCenter
Meg Speranza is responsible for improving the collaboration, transparency, and effectiveness of the Massachusetts cybersecurity ecosystem in order to foster ‘cyber resiliency’ across the Commonwealth of Massachusetts’ key institutions and systems, including municipalities, businesses, critical infrastructure, and non-profit organizations. Prior to joining the MassCyberCenter, Meg had a successful 25-year business career working for several global high-tech companies, owning and operating a small retail business, and overseeing educational fundraising before pursuing a career in cybersecurity. Meg holds a Master’s degree in Cybersecurity Policy and Governance from Boston College and a Bachelor’s of Science in Business Management from Babson College.
- Panel Discussion
- Joe VeroneauHead of Trust and Security, Conveyor
Joe is a risk management professional with experience across many security, risk and compliance domains. Past roles include advising on GRC software implementations at highly regulated customers and supporting data protection efforts at Aptible, a HITRUST Certified Platform-as-a-Service. Joe currently leads the Trust & Security function at Conveyor, an AI agent company automating the customer security review process and he regularly participates in and presents at regional and national ISACA events.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Hone your skills and connect with your regional peers in InfoSec.