- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, June 5, 20249:00 am[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0vCISO, Cyber Risk Opportunities LLCRegistration Level:
- SecureWorld Plus
9:00 am - 3:00 pmLocation / Room: 25Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
- Thursday, June 6, 20247:30 amRegistration openRegistration Level:
- Open Sessions
7:30 am - 4:15 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 4:30 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amRisk Management in the Age of AICTO, Cook County Clerk's OfficeRegistration Level:- Open Sessions
8:00 am - 8:45 amLocation / Room: 27This session is a combination of presentation with interactive dialogue to examine how AI affects the risk management practices of organizations. Be ready to discuss different aspects of AI vulnerability including model drift, “hallucinations,” and privacy concerns of using public LLM models versus private internal LLM models. It covers the differences between generative AI and analytical AI using examples of use cases for each. Attendees are encouraged to bring their own examples of either planned or implemented solutions to showcase how various risk factors were identified and mitigated.
Key take-away:
The audience will come away with a better understanding of the added complexity of risk management resulting from the introduction of AI into business operations.8:00 amAdvisory Council Roundtable Breakfast (VIP / Invite only)The Surprising List of CISO Top ConcernsVP, Information Security / CISO, TAG - The Aspen GroupRegistration Level:- VIP / Exclusive
8:00 am - 8:45 amLocation / Room: 30Taking a cross-section of recent surveys (ISC2 , Dark Reading, PwC), arguably the top CISO concerns—not “priorities” but “concerns”—are third-party security risks, data manipulation, and burnout. Together, these represent the true CISO-level risks, compared to what’s in the news on a daily basis: AI, ransomware, supply chain and insider risks, cyber warfare, nation-state actors, etc. In this private, closed-door discussion, we challenge whether these three concerns are a correct and complete list, and discuss how/why they differ from those other top CISO priorities. The goal is to walk away with a new-look “to-do list” for your job versus the one with which you walked in.
This roundtable discussion is for our Advisory Council members only.
8:45 amNetworking BreakRegistration Level:- Open Sessions
8:45 am - 9:00 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
9:00 am[Opening Keynote] Cyber Behavioral Profiling: Assessing Cyber Threat ActorsCyber Behavioral Profiler, FBI (Ret.) and Modus CyberandiRegistration Level:- Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterThis keynote introduces participants to the innovative Pathway to Cyber Attack™ model, designed to assess the distinct steps and behaviors that cyber threat actors engage in leading up to their execution of a cyber attack. Cameron Malin provides a unique window into cyber behavioral profiling—the application of traditional criminal behavioral profiling to cyber adversaries. Learn how to map the trajectory of potential cyber threats and consider mitigation strategies based on human behavior.Malin covers how to:-
Understand Cyber Threat Actor Behaviors: Learn the psychological and technical factors along attackers’ Pathway to Cyber Attack™.
-
Utilize the Pathway to Cyber Attack™ Model: Gain proficiency in applying this model to analyze the sequence of cyber threat actor decisions and actions leading up to a cyber attack.
-
Understand the value of augmenting Cyber Threat Intelligence with Behavioral Threat Intelligence: Learn how understanding cyber adversary behavior enhances the richness of cyber threat intelligence.
9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:15 amThe Drama of AI Responsibility: Where Do You Fit In?CISO & CPO, University of Illinois at ChicagoRegistration Level:- Conference Pass
10:15 am - 11:00 amLocation / Room: 27In this presentation, attendees will learn about where AI responsibilities should reside and who gets to make the decision on who is responsible for AI. We will explore various AI responsibility use cases, what determinants drive the adoption of AI, and understand if AI is just another function or if it is a philosophical debate. Furthermore, we will discuss who should be responsible when AI misbehaves and if a governance framework with special attention to AI ethical concerns may prevent unintended biases and algorithmic drift in AI models.
10:15 amAugment Mitigation Design with Generative AIvCISO, Cyber Risk Opportunities LLCRegistration Level:- Conference Pass
10:15 am - 11:00 amLocation / Room: 26We recently tested this thesis: We can use generative artificial intelligence with a freely available large language model to assist a cybersecurity analyst with creating mitigations, which will be higher quality and require less time to specify than without AI augmentation. In this session, I’ll describe how we tested this thesis, the results, and what we decided to do.
10:15 amAre You in a Dysfunctional Relationship with the HR Department?Executive Director, National Cybersecurity AllianceRegistration Level:- Open Sessions
10:15 am - 11:00 amLocation / Room: 25When HR and security teams understand their respective roles, value each other, and have an open, productive partnership, life is good. They can help each other be more effective and complement each other’s functions. Unfortunately, that symbiotic state can be hard to achieve. For security teams, HR folks can be hard to understand. Sometimes they seem like a great advocate for security, and at other times they can seem more like a blocker of our efforts to better secure the organization.
For HR professionals, dealing with the security team can be a challenge. For example, the security team might send out an emotionally-triggering simulated phish to everyone in the organization, causing numerous employee complaints that HR has to manage. So what can you do if you don’t have the best relationship with the HR team?
This talk, based on years of experience navigating the relationship between HR and security teams, will cover the issues that cause the biggest disconnects between HR and security. We’ll look at the issues from both sides and cover proposed solutions for each. Improving the relationships for both departments can lead to happier HR and security professionals who are more effective in their roles, and a company that’s better protected and prepared against cyber threats.
11:00 amNetworking BreakRegistration Level:- Open Sessions
11:00 am - 11:10 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
11:10 amSocial Engineering: Training the Human FirewallTeam Leader of Information Security, GarminRegistration Level:- Conference Pass
11:10 am - 11:55 amLocation / Room: 25Phishing is one of the leading cyberattacks worldwide, resulting in numerous social engineering training exercises to train average users to defend against these attacks. This discussion focuses on research that took a pool of users with three different phishing campaigns. Each campaign progressively has a phish that should be more advanced to spot than the previous phish presented. The research shows the psychological reasoning behind why a user will interact with a phish, regardless of educational awareness. Results include why a 0% or 100% report rate is unrealistic and how to use phishing metrics to quantify risk in a business.
11:10 amDeepfakes: The New Frontier in Cybersecurity or Just Hype?VP & CISO, DeVry UniversityRegistration Level:- Conference Pass
11:10 am - 11:55 amLocation / Room: 26Deepfakes leverage AI and machine learning to create hyper-realistic fake videos, images, and audio that can deceive even the most discerning eye and ear.
Imagine a scenario where a convincingly real video of your CEO announcing a major policy shift goes viral, but it’s all a hoax created by deepfake technology. Or consider the implications of a deepfake voice phishing attack on your financial department. These are not just hypotheticals, but real threats that enterprises must prepare for.
As we move forward, understanding the potential risks and developing strategies to detect and combat deepfakes will be crucial for maintaining trust, integrity, and security in the digital landscape. Let’s dive in and discuss whether this is just fodder for celebrities or if enterprise organizations need to be prepared, as well.
11:10 am[Panel] Unveiling the Threat Landscape and Unmasking Digital VillainsPrincipal Solutions Architect, LaceworkPublic Sector CTO, LookoutCISO, Contrast SecurityCo-Founder & CEO, Zafran SecurityPrincipal Security Architect, Cummins Inc.Registration Level:- Open Sessions
11:10 am - 11:55 amLocation / Room: 27In the shadows of our digital world, a clandestine battle is waged against our data, systems, and infrastructure. These hidden threats, much like the villains of comic books, lurk in the shadows, seeking to exploit vulnerabilities and disrupt our digital lives. Join us as we delve into the ever-evolving threat landscape, unmasking the villains of the digital realm and exploring their nefarious tactics.
Our panel of cybersecurity experts unravel the intricate world of cyber threats, shedding light on the latest trends, emerging attack vectors, and the expanding arsenal of malicious tools employed by cyber adversaries. Learn the motivations behind these threats, from profit-driven cybercriminals to state-sponsored actors wielding cyberweapons.
Our panel provides a comprehensive overview of the current threat landscape.
12:00 pm[Lunch Keynote] Fast-Track Funding of Your Cyber Initiatives by Focusing on Cyber ResilienceGlobal CISO, Ingredion IncorporatedRegistration Level:- Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterCyber resilience has increased in priority as technology reliance deepens and cyberattacks become more sophisticated. Cyber leaders spend countless hours trying to bolster their cyber strategy and constantly hit hurdles when it comes to funding those initiatives. This session will delve into what cyber resilience really means and explore practical approaches to leverage resilience to accelerate funding.
12:00 pmAdvisory Council Lunch Roundtable (VIP / Invite Only)Breaches: Accepting the Risk of When Not IfVP & Chief Security Officer, Claro HealthcareRegistration Level:- VIP / Exclusive
12:00 pm - 12:45 pmLocation / Room: 30CISOs are surrounded by risk and charged with minimizing it as much as possible. Join this closed-door session for Advisory Council members and invited guests to discuss:
- How do you deal with the risk?
- What considerations do you take into account?
- What do you tell management?
- What support do you need or expect from them?
12:45 pmNetworking BreakRegistration Level:- Open Sessions
12:45 pm - 1:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pmGovern All the Things!IT Governance Manager, Mutual of OmahaRegistration Level:- Conference Pass
1:15 pm - 2:00 pmLocation / Room: 26What is governance? We talk about it all the time, but if someone asked you what governance really means, what it does, and why it’s important, what would you say?
In this session, we’re going to break down some of the basics of IT governance and why it’s important for the entire organization, not just in information security. We’ll also discuss how governance intersects with risk and compliance, along with actionable advice on maturing governance practices within your organization.
1:15 pmSafeguarding Your Organization's Digital Presence Against Advanced Cyber ThreatsTEDx and Cybersecurity Technology SpeakerRegistration Level:- Conference Pass
1:15 pm - 2:00 pmLocation / Room: 25As guardians of your organization’s cybersecurity strategy, the responsibility to fortify social media accounts and websites against evolving cyber threats rests squarely on the shoulders of cybersecurity leaders. Join us for an exclusive session designed to equip you with the insights and strategies necessary to secure digital platforms effectively.1:15 pm[Panel] Elevating Security Through Threat Intelligence, Cloud Resilience, and AI InnovationsPrincipal Security Consultant - Hybrid Cloud, StratascaleSr. Director, Global Security Specialists, ElasticCo-Founder & CPO, VeritiManager, Solutions Engineering, SnykVP & Chief Security Officer, Zebra TechnologiesRegistration Level:- Open Sessions
1:15 pm - 2:00 pmLocation / Room: 27Join us for an informative panel that delves into the strategic integration of threat intelligence, cloud resilience, and AI innovations, revealing the untold stories of unsung heroes in cybersecurity.
Discover how to optimize digital defenses and learn approaches to elevate your security leadership and your security posture. Don’t miss this opportunity to gain actionable knowledge that will empower you to stay ahead of the cybersecurity curve.
2:00 pmNetworking BreakRegistration Level:- Open Sessions
2:00 pm - 2:10 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:10 pmGrowing a Security Champions Program into a Security PowerhousePrinciple Technical Security Engineer, YahooRegistration Level:- Conference Pass
2:10 pm - 2:55 pmLocation / Room: 27Get ready to discover the transformative power of a security champion program called “Deputy Paranoids,” adopted by Yahoo to safeguard its sensitive information. Initially started by a small group of passionate security engineers, this program has evolved into a company-wide powerhouse that uses sound methodology and empirical science to produce data-driven results.
The program’s success has been nothing short of remarkable. Engineers who participate in it have become known as security influencers, deeply embedded within their teams and aligned with Yahoo’s collaborative culture. These influencers have fostered trust and ownership across the organization by engaging the security team early in the development stage, using security tools, and remitting issues.
But the program’s real strength lies in its ability to adapt, evolve, and weather the storms of change, much like a giant redwood tree. The data-driven results of the “Deputy Paranoids” program serve as a testament to the power of aligning with nature’s wisdom, positively impacting the organization’s security landscape.
2:10 pmHow to Protect Yourself as a Security LeaderSr. Attorney, Clark Hill PLCRegistration Level:- Conference Pass
2:10 pm - 2:55 pmLocation / Room: 26Given the prosecution of Joe Sullivan (former CSO of Uber) and the charges against Timothy Brown (former CISO of SolarWinds), what steps can a CISO or other security leader take to protect him or herself? Are there lessons to be learned from these cases, or do they herald an “open season” on security leaders? Do the new SEC incident reporting requirements help or hurt security leaders and personal liability moving forward? What are reasonable best practices that can be applied during the incident response process that can limit your personal liability?
Key take-away:
How do I as a security leader limit my legal exposure during the incident response process?2:10 pmIlluminating the Dark Risk Universe: A New Frontier in Third-Party SecuritySr. Strategic Advisor & vCISO, Sentinel TechnologiesRegistration Level:- Open Sessions
2:10 pm - 2:55 pmLocation / Room: 25The modern enterprise exists within a vast cosmos of interconnected third-party relationships—suppliers, vendors, partners, and more. Yet this indispensable ecosystem also represents a rapidly expanding attack surface rife with often unaddressed cyber risks. Far too many organizations still rely on checklist security assessments providing only a fragmented snapshot-in-time of third-party risk posture. This illuminating session sheds light on the dark universe of third-party security threats lurking beyond the corporate perimeter. Get ready to:
- Explore the real-world cyber risk impacts of complex, opaque supply chain relationships through analysis of recent high-profile breaches.
- Gain insights into emerging AI/ML techniques for continuously monitoring third parties at scale across public, deep/dark web sources.
- Learn a novel risk quantification framework for performing objective criticality assessments of all third-party partners.
- Understand key regulatory trends around third-party cyber risk governance, including SEC-proposed rules.
3:00 pmNetworking Break and Dash for PrizesRegistration Level:- Open Sessions
3:00 pm - 3:30 pmLocation / Room: Exhibitor HallVisit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.
Participating sponsors will announce their Dash for Prizes winners. Must be present to win.
3:00 pmHappy HourRegistration Level:- Open Sessions
3:00 pm - 3:45 pmLocation / Room: Exhibitor HallJoin your peers for conversation and complimentary beverages. This is a great opportunity to network with other security professionals from the area and discuss the hot topics from the day.
3:30 pm[Closing Keynote] Why the Business Still Believes CISOs and Their Teams Are Too TechieCISO, The Kraft Heinz CompanyCISO, JBT CorporationVP & Chief Security Officer, Zebra TechnologiesExecutive Director, National Cybersecurity AllianceRegistration Level:- Open Sessions
3:30 pm - 4:15 pmLocation / Room: Keynote TheaterDespite the increasing prominence of cybersecurity in today’s business landscape, many organizations still struggle to bridge the gap between their security teams and the broader enterprise. CISOs and their teams are often perceived as too “techie”—speaking in jargon and failing to effectively communicate risk in business terms that resonate with executive leadership and stakeholders across the company.
In this insightful session, our panel of seasoned cybersecurity leaders explore the root causes behind this persistent divide and its detrimental impact on an organization’s ability to manage cyber risk holistically. They examine:
- The “language barrier” between security and business professionals
- Cultural differences and misaligned incentives between IT and business units
- Lack of business acumen and leadership skills in traditional security roles
- Challenges in quantifying and translating cyber risk into financial/operational impacts
- Overemphasis on technical controls at the expense of business context
- AccessIT Group + Check PointBooth: 320
AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.
AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.
- Arctic Wolf NetworksBooth: 350
Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOC™ service is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting, and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit https://www.arcticwolf.com.
- AxoniusBooth: 150
Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy with solutions for both cyber asset attack surface management (CAASM) and SaaS management.
- Contrast SecurityBooth: 240
Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast’s patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.
- ElasticsearchBooth: 340
At Elastic, we help organizations, their employees, and their customers accelerate the results that matter.
With solutions in Enterprise Search, Observability, and Security, we help enhance customer and employee search experiences, keep mission-critical applications running smoothly, and protect against cyber threats. Delivered wherever data lives, in one cloud, across many clouds, or on-prem, Elastic enables more than 50% of the Fortune 500, and 17,000+ customers including Netflix, Uber, Slack, and Microsoft, to achieve new levels of success at scale and on a single platform. Learn more at elastic.co.
- InfraGard ChicagoBooth: 370
All InfraGard participants are committed to the proposition that a robust exchange of information about threats to and actual attacks on these critical infrastructures is an important element for successful infrastructure protection efforts. This chapter is governed by our local bylaws.
The goal of InfraGard is to enable the flow of information so that the owners and operators of infrastructure assets can better protect themselves and so that the United States government can better discharge its law enforcement and national security responsibilities.
- ISACA Chicago ChapterBooth: 110
Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the metro Chicago area.
Chapter meetings are generally held the third Thursday of each month at The Conference Center at One North Wacker (1 N. Wacker Drive, 2nd Floor, Chicago, Illinois 60606)
Please check our web site from time to time for the most up-to-date listing of chapter related events and training opportunities.
- ISSA Chicago ChapterBooth: 360
The Chicago Chapter of the Information Systems Security Association (ISSA) has a mission to offer a stimulating combination of discussion forums, hands-on learning, CISSP certification training, conferences, and other events which are designed to enhance understanding and awareness of information security issues for information security professionals.
Whether you are exploring a career in cybersecurity, honing your technical expertise or an established security executive, the ISSA offers you a network of 10,000 colleagues worldwide to support you in managing technology risk and protecting critical information and infrastructure. Enhance your professional stature, expand your peer network and achieve your personal career goals. Your local chapter and ISSA International will provide you with a wealth of resources to keep you current with industry trends and developments in our ever-evolving field.
- KeystrikeBooth: 140
Keystrike secures remote connections. Our technology ensures that commands made by an employee were _physically_ made on their computer, rather than by a remote attacker. Our patented technology traps even the most sophisticated attackers on a workstation without letting them advance their goals. Let us know if you’d like a demo!
- LaceworkBooth: 275
Lacework automates security across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), providing a comprehensive view of risks across cloud workloads and containers. Lacework’s unified cloud security platform provides unprecedented visibility, automates intrusion detection, delivers one-click investigation, and simplifies cloud compliance.
- LookoutBooth: 230
Lookout is a cybersecurity company that makes it possible for individuals and enterprises to be both mobile and secure. With 100 million mobile sensors fueling a dataset of virtually all the mobile code in the world, the Lookout Security Cloud can identify connections that would otherwise go unseen—predicting and stopping mobile attacks before they do harm.
- National Cybersecurity AllianceBooth: 130
Our alliance stands for the safe and secure use of all technology. We encourage everyone to do their part to prevent digital wrongdoing of any kind. We build strong partnerships, educate and inspire all to take action to protect ourselves, our families, organizations and nations. Only together can we realize a more secure, interconnected world.
- Rapid7Booth: 310
Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.
- Robert HalfBooth: 100
Robert Half, the world’s first and largest specialized talent solutions firm, connects opportunities at great companies with highly skilled job seekers. We offer contract, temporary and permanent placement solutions for roles in finance and accounting, technology, marketing and creative, legal, and administrative and customer support. Named to Fortune’s World’s Most Admired Companies and 100 Best Companies to Work For® lists and a Forbes Best Employer for Diversity, Robert Half is the parent company of Protiviti®. Robert Half is traded on the New York Stock Exchange (symbol: RHI) and is a member of the S&P 500 index.
- SnykBooth: 210
Snyk is a developer-first security company that helps organizations use open source and stay secure. Snyk is the only solution that seamlessly and proactively finds and fixes vulnerabilities and license violations in open source dependencies and container images. Founded in 2015, Snyk is based in London, England.
- StratascaleBooth: 170
As a digital and cyber security services company, Stratascale exists to help the Fortune 1000 transform the way they use technology to advance the business, generate revenue, and respond quickly to market demands. Our purpose is to help clients realize their vision and create value, faster. We call it Digital Agility.
From attack surface control to modern vulnerability management, stop by our booth to see how we’re shaping the future of digital business and a more secure world.
- SynopsysBooth: 300
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
- SyxsenseBooth: 250
Syxsense is the world’s first software vendor providing cloud-based, automated endpoint and vulnerability management solutions that streamline IT and security operations. With our advanced platform, businesses gain complete visibility and control over their infrastructure, reducing IT risks and optimizing operational efficiency. Our real-time alerts, risk-based vulnerability prioritization, pre-built remediations, and intuitive automation and orchestration engine enable organizations to focus on their core business goals—confident in the knowledge that their enterprise is secure, compliant, and running smoothly. Rely on Syxsense to safeguard your IT infrastructure, so you can concentrate on what you do best—driving your business forward.
- TevoraBooth: 160
Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats. For more information visit https://www.tevora.com.com/.
- ThreatLockerBooth: 270
ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com
- TinesBooth: 390
Founded in 2018 in Dublin by experienced security engineers, Tines makes enterprise automation simple.
Security and operations teams are too often stuck doing manual, repetitive tasks, and we want to change that. Tines is an automation platform designed to allow anyone to automate any manual task, regardless of complexity. No apps, plugins, or custom code required.
With 1,000+ template options for common security actions, Tines is power and simplicity through direct integration with your existing tools.
- VeritiBooth: 330
Veriti is a fast-growing security infrastructure innovator that helps organizations maximize their security posture while ensuring business uptime.
Integrated with the entire security stack, Veriti provides a consolidated management layer that continually and proactively monitors exposure to threats and provides actionable remediation paths for security gaps and high-risk vulnerabilities across the organization’s infrastructure and attack surface.
- Zafran SecurityBooth: 260
Zafran optimizes your existing security controls to automatically reveal and mitigate risk exposure beyond legacy patching.
- WiCyS Chicago AffiliateBooth: 220
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Kevin McDermottCTO, Cook County Clerk's Office
Mr. McDermott has more than 35 years of management and consulting experience in the IT field, with broad background in government, banking, and financial services, as well as experience in healthcare, higher education, the convention and trade show industry, and the not-for-profit world. Mr. McDermott holds an MBA degree from the University of California, Berkeley, and a BA from Northwestern University.
- Gary Patterson, ModeratorVP, Information Security / CISO, TAG - The Aspen Group
- Cameron H. MalinCyber Behavioral Profiler, FBI (Ret.) and Modus Cyberandi
Cameron Malin, JD, CISSP, is the founder of Modus Cyberandi, a bespoke Cyber Behavioral Profiling consultancy specializing in the assessment of cyber threat actor decision making, adversary tradecraft, cyber deception, and cognitive vulnerabilities. As a retired Behavioral Profiler with the Federal Bureau of Investigation (FBI), he has more than 22 years of experience investigating, analyzing, and profiling cyber adversaries across the spectrum of criminal to national security attacks.
During his tenure in the FBI, he was the founder of both the FBI Behavioral Analysis Unit's (BAU) Cyber Behavioral Analysis Center (CBAC), the FBI BAU's methodology and application of science-based behavioral profiling and assessment to national security and criminal cyber offenders—and the BAU’s Deception and Influence Group (DIG), a uniquely trained and experienced cadre of Behavioral Profilers specialized in analyses and countermeasures to adversary cyber deception campaigns and influence operations.
He is a co-author of the authoritative cyber deception book, "Deception in the Digital Age: Exploiting and Defending Human Targets Through Computer-Mediated Communications" (published by Academic Press, an imprint of Elsevier, Inc.), and co-author of the Malware Forensics book series: "Malware Forensics: Investigating and Analyzing Malicious Code," "Malware Forensics Field Guide for Windows Systems," and "Malware
Forensics Field Guide for Linux Systems" (all published by Syngress, an imprint of Elsevier, Inc.). - Shefali MookencherryCISO & CPO, University of Illinois at Chicago
Shefali is a seasoned professional with expertise in information security, privacy, higher education, HIPAA, research, healthcare policy and strategy, promoting Interoperability (PI), and compliance. With 20+ years of cybersecurity, privacy, and higher education experience—including 30+ years of healthcare experience. She is acknowledged as a cybersecurity and privacy subject matter expert (SME) and highly sought after for thought leadership opportunities. Shefali also has a keen interest in the adoption of innovative technology and provides leadership, consultation, coordination, and integration of information processes with enterprise-wide information technology and information security and privacy strategies.
- Kip BoylevCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Lisa PlaggemierExecutive Director, National Cybersecurity Alliance
Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.
- Reanna SchultzTeam Leader of Information Security, Garmin
Reanna Schultz is from Kansas City, MO, and attended the University of Central Missouri (UCM). She graduated in 2018 with her Bachelor of Science in Cybersecurity: Secure Software Development and in 2020 for Master of Science in Cybersecurity: Information Assurance. While being in the industry, Reanna has been exposed to numerous SANS hosted classes. Reanna volunteers as a National Cyber League coach and provides her industry expertise by doing guest speaker talks for numerous colleges and high schools across the Midwest to STEM students. Reanna currently works as a Team Lead at Garmin and directly reports out of their SOC.
- Dr. Fred KwongVP & CISO, DeVry University
Dr. Fred Kwong has been in the information security and technology field for the past 20 years in working in education, financial, telecommunication, healthcare, and insurance sectors. He is an award-winning thought leader in security and currently works at DeVry University where he currently serves as the VP and Chief Information Security Officer. He is a member of several advisory boards and is a frequent speaker at national security forums on cyber security and information technology and is often asked to consult on matters of security and leadership
Fred also serves as an adjunct faculty member at Roosevelt and Benedictine Universities. He received his Bachelor of Arts in psychology and professional communications, Master of Business Administration in management information systems from Roosevelt University, and holds his Doctorate in organization development from Benedictine University. Fred has earned several certifications including the CISSP, CISA, CISM, CDPE, PCIP, PMP and ITILv3f.
- Carlos BacquetPrincipal Solutions Architect, Lacework
Carlos Bacquet is a Principal Solutions Architect at Lacework where he solves Cloud Security problems for enterprise customers in the Toronto region. Before joining Lacework Carlos spent the last 15 years working on network management and security applications in the Telecommunications, Cable and Streaming Media industries. Carlos holds a Bachelor of Computer Science and a Master in Computer Science with focus on machine Learning applied to Security applications. His areas of expertise include Kubernetes security and machine learning security applications applied to cloud infrastructure.
- Jim CoylePublic Sector CTO, Lookout
Jim Coyle is the U.S. public sector CTO at Lookout Security, utilizing his 20+ years of knowledge and expertise to help close the security gap many government agencies and organizations face today. A cybersecurity industry thought leader exploring geo-political cyber related issues, the latest threats and defense strategies, as well as industry trends providing insights through his career. Jim is currently responsible for leading the charge to redesign and revolutionize cybersecurity programs of customers to battle today's threats.
- David LindnerCISO, Contrast Security
David Lindner is an experienced application security professional with over 20 years in cybersecurity. In addition to serving as the chief information security officer, David leads the Contrast Labs team that is focused on analyzing threat intelligence to help enterprise clients develop more proactive approaches to their application security programs. Throughout his career, David has worked within multiple disciplines in the security field—from application development, to network architecture design and support, to IT security and consulting, to security training, and application security. Over the past decade, David has specialized in all things related to mobile applications and securing them. He has worked with many clients across industry sectors, including financial, government, automobile, healthcare, and retail. David is an active participant in numerous bug bounty programs.
- Sankarasubramaniam Chockalingam, ModeratorPrincipal Security Architect, Cummins Inc.
- Kenneth TownsendGlobal CISO, Ingredion Incorporated
Kenneth Townsend is a proven results-oriented CISO with a successful track record of delivering business value by leveraging technology and leading transformational cybersecurity strategies. Kenneth’s understanding of the digital technology stack across the enterprise and cyber risk management has allowed him to successfully operate in a variety of industries and become a highly respected leader in Financial Services, Retail, Healthcare, and Manufacturing.
As the Global CISO for Ingredion, Kenneth is responsible for establishing and executing a cyber strategy to manage risk across the corporate and manufacturing environments. He brings a deep understanding of cybersecurity threats, regulations, and best practices to the role to build a strong security culture. Beyond his core responsibilities, Kenneth is a dedicated thought leader in the cybersecurity community. He is a cyber product advisor, active speaker at various industry events, and volunteers time to support and mentor youth in STEM fields.
- Tony Beaird, ModeratorVP & Chief Security Officer, Claro Healthcare
- Nick MullenIT Governance Manager, Mutual of Omaha
Nick Mullen is a passionate technology leader that views information security as a genuinely noble cause. Over the last decade and change, he has been helping all sorts of teams deliver all sorts of solutions of all shapes and size, mostly in the GRC space. Today his primary focus is building and leading the IT Governance program at Mutual of Omaha.
- Stephen ChristiansenPrincipal Security Consultant - Hybrid Cloud, Stratascale
Stephen Christiansen is a Principal Security Consultant at Stratascale, with an emphasis on Security for Data and AI. Stephen has over 20 years of technical, consulting, and managerial success working with Fortune 100 companies in areas such as hybrid & multi-cloud strategy, zero trust architecture and methodologies, and architectural design, with an exceptional track record of assessing complex IT environments and designing transformational solutions for data center and cloud.
Prior to joining Stratascale in 2022, Stephen spent time as a VP of IT, CTO, Enterprise Architect, and Strategy Advisor for several global corporations and consulting firms, across diverse industries such as real estate, retail, manufacturing, financial services, technology, and healthcare.
He is a successful IT strategist at the forefront of digital security transformation in large enterprise environments.
- Lisa Jones-HuffSr. Director, Global Security Specialists, Elastic
Lisa Jones Huff is a seasoned cybersecurity expert with over two decades of experience in the field. As the Senior Director of Global Security Specialists, SA Team at Elastic, she brings a wealth of knowledge and a consultative approach to the table.
Lisa's passion lies in helping organizations identify and tackle their ongoing security challenges by leveraging their existing technology investments. She takes the time to engage with customers, working closely to provide them with invaluable insights into their security landscape.
Her primary focus is on providing Enterprise Visibility, by shedding light on threats that may be targeting entities within organizations. By doing so, Lisa empowers her clients with the critical information they need to make informed decisions regarding potential cyber threats that may be lurking within their environment.
Over her illustrious career, Lisa has collaborated with some of the largest and most prominent organizations in the world, aiding them in staying one step ahead of targeted cyber threats. Her dedication to the cybersecurity field has solidified her reputation as a trusted expert in safeguarding digital assets and mitigating security risks.
Lisa is a trailblazer in the cybersecurity realm, committed to fortifying organizations against the ever-evolving landscape of cyber threats. With her deep expertise and consultative approach, she continues to make invaluable contributions to the realm of digital security.
- Oren KorenCo-Founder & CPO, Veriti
Oren Koren is the Co-Founder and Chief Product Officer of Veriti. Oren brings 19 years of experience in cybersecurity, advanced threat analysis, and product management,. Prior to founding Veriti, Oren was a Senior Product Manager at Check Point Software Technologies, where he led AI-based innovations and advanced data analytics projects redefining threat hunting and SIEM applications. Before Check Point, Oren served for 14 years at the prestigious 8200 unit and was responsible for different cybersecurity activities and research. Oren won the Israeli Security Award and 3 MOD awards for cutting-edge innovations in cyber security.
- Heather MengarelliManager, Solutions Engineering, Snyk
Heather Mengarelli is a Manager of Solutions Engineering at Snyk, with more than 20 years of experience. Heather is a dedicated and client-focused professional who enjoys helping enterprise clients solve complex use cases in the area of DevSecOps, Web Security, and Web Performance. Her experience includes five years at Accenture as systems specialist and 9 years at Akamai Technologies on the Professional Services team supporting Akamai’s largest enterprise clients in the e-commerce and travel verticals.
- Mike Zachman, ModeratorVP & Chief Security Officer, Zebra Technologies
- Bonnie ViteriPrinciple Technical Security Engineer, Yahoo
Building security programs and devising simple solutions to complex problems is what I do. I didn't travel the traditional path into cyber, and I don't plan to conform now.
A behavioral psychologist at heart who is always watching and actively listening when everyone else is waiting to respond, paired with an M.S. in Criminology, makes me the ideal social engineer.
My first success was merging Yahoo and AOL security programs into a thriving, single-security culture through global psychological and behavioral change management techniques, specializing in human risk and designing programs to address it. Understanding what motivates developers and building solid relationships one conversation at a time, focusing on people, programs and processes lended to 98% global security adoption at Yahoo. Bridging the gap between developers and non-technical colleagues made me invaluable.
- Richard HalmSr. Attorney, Clark Hill PLC
Rick Halm guides clients in preparing for, responding to, recovering, and learning from cybersecurity and privacy incidents. Rick's breadth of experience within the incident response landscape—from leading incident response at the cyber insurance level, to experience at one of the nation’s largest health insurers, to his time in private practice—all blend together to allow him to approach cybersecurity and privacy incidents from a unique vantage point. As a U.S. Army veteran, he blends this vantage point with an ability to bring order and calm to complex and high-stress incidents.
- Arvin VermaSr. Strategic Advisor & vCISO, Sentinel Technologies
Arvin Verma is a highly motivated cybersecurity professional, with over 14 years of experience across a multitude of cyber and IT domains. He has worked in multiple industries spanning over 5 Fortune 500 companies and Big 4 consulting. He is currently a vCISO within the SMB segment.
In addition, Arvin proudly served in the US Navy Reserves as a Cryptologic Warfare Officer. He also serves as a research fellow with the Cybersecurity Forum Initiative where he has co-authored several research papers in new cyber trends and best practices.
Arvin holds several leadership positions with InfraGard Chicago and InfraGard National. He currently serves as the National Sector Chief for the Information Technology Sector, National Sector Security and Resilience Program of InfraGard National.He also serves as an advisor to several private and public entities, several startup organizations and is a guest lecturer at several universities across the State of Illinois.
Arvin is ISC2 CISSP certified, CompTIA Security+ certified, ISO 27001 Lead Auditor certified and a CMMC Registered Practitioner. - Happy Hour
- Ricardo LafosseCISO, The Kraft Heinz Company
Ricardo Lafosse is responsible for IT risk governance, software and product security, incident management, technical disaster recovery, and determining enterprise-wide security policies and procedures. Lafosse regularly presents on security topics at global conferences, including Defcon, MirCon, and ISACA CACS. Lafosse has more than 15 years of experience in information security for the government, finance, legal, and healthcare. Lafosse holds a Master’s in Information Assurance from the Iowa State University. He also holds the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) designations.
- Elizabeth OguntiCISO, JBT Corporation
- Mike ZachmanVP & Chief Security Officer, Zebra Technologies
- Lisa Plaggemier, ModeratorExecutive Director, National Cybersecurity Alliance
Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes