- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Thursday, August 13, 20208:00 amExecutive Roundtable [VIP invite only]Discussion topic: NOW What Are You Including in Your Incident Response Plan?VP & CISO, Provation MedicalChief Security Officer & Technology Lead, Trexin GroupRegistration Level:
- VIP / Exclusive
8:00 am - 8:45 amThis session is for Advisory Council members only.
The current global threat landscape has shifted dramatically in the past several months due to the COVID-19 pandemic. Security professionals are being tasked with keeping the company’s data safe with an influx of remote workers that we’ve never had to account for. Inevitably something is going to happen. An incident WILL arise. You may have had a great plan in the past, and you probably continuously tested it. But have you tested it now that the IT and InfoSec departments are separated and the employees are everywhere? In either case, it’s time to reevaluate your Incident Response plan to accommodate for this unprecedented shift.
8:30 amExhibitor Hall openRegistration Level:- Open Sessions
8:30 am - 9:00 amLocation / Room: Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
9:00 am[Opening Keynote] Cybersecurity as a Key Element of Enterprise Risk ManagementRisk Manager, Corporate Security, ZoomRegistration Level:- Open Sessions
9:00 am - 9:45 amWith the increased complexity of cyber threats and lack of skilled professionals to address those threats, the risk and cost of cybercrime is increasing at a staggering rate. Since information technology systems provide the foundation for business operations, enterprise risk management (ERM) is an increasingly essential business strategy to proactively identify and address cybersecurity exposures. We will use a case study to discuss key ERM tactics to minimize the risk associated with cybersecurity incidents.
9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:00 amLocation / Room: Exhibitor FloorVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:00 amSecurity Awareness: Another Brick in the WallAmericas Lead for Human Cyber Risk and Education, EYRegistration Level:- Open Sessions
10:00 am - 10:30 amSecurity awareness and training. The Human Element. Change Management. All of these have resulted in extraneous mandatory learning for employees, often without regard to a role- or risk-based education profile. Employees are experiencing learning fatigue at a rapid pace, without significant results on an organization’s overall risk profile. It’s time to stop educating and start engaging, for significant, measurable information security behavior change in your organization. This session will cover learning trends, opportunities for engagement, and examples you can implement immediately.
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)10:00 amAttack on Home Base: Cybercrime Tactics and TechniquesSr. Sales Engineer, MalwarebytesRegistration Level:- Open Sessions
10:00 am - 10:30 amThe coronavirus pandemic has left the world looking very different now than it did at the beginning of the year.
For starters, millions of workers are out of the office and working from their homes. This change in scenery, combined with safe social distancing efforts that help prevent the spread of COVID-19, has created a crisis for many, but an opportunity for some.
This special COVID-19 themed Cybercrime Tactics and Techniques report looks at the most prominently spread malware families taking advantage of this crisis, as well as other, related efforts we have observed by cybercriminals.
Key takeaways include answers to these questions:
• What are the most popular malware being spread through COVID-19 phishing attacks?
• What does a COVID-19 phishing attack look like?
• How has the coronavirus shifted attackers’ focus?10:00 amLeveraging the Three Lines of Defense to Improve Your Security PositionVP, Technology and Cybersecurity Audit & Advisory Services, ManulifeRegistration Level:- Open Sessions
10:00 am - 10:30 amDepending on your role, a three lines of defense risk management model can be your best friend or worst enemy. No matter your view, the data produced through these channels can help you better understand your weaknesses, work more effectively with senior management, and respond to a variety of scenarios.
Presentation Level: MANAGERIAL (security and business leaders)10:30 amNetworking BreakRegistration Level:- Open Sessions
10:30 am - 10:45 amVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:45 amHey, Information Security: Be Part of the Digital Transformation or Be Left Behind!Director, Information Security Education & Consulting, Harvard UniversityRegistration Level:- Open Sessions
10:45 am - 11:15 am“Digital transformation” (Dx) as a buzzword may be approaching the end of its life, but the fundamental concept—continuously improving the use of technology and data to provide value to customers—is real and critical to the survival of businesses. If information security teams don’t evolve to deliver the same Dx value and benefits to our organizations, then we risk losing our “customers” to intentional circumvention or preference for shadow IT providers. Make sure your information security team provides the core Dx attributes to your organization to cultivate value, loyalty, and trust. Join this session to learn how you can:
• Embed security into your culture, technologies and processes
• Empower innovation and expedite time-to-market through consistent security risk governance
• Assess the impacts, goals and methods of likely cyber attacks and incidents
• Align IT and security professionals with business objectives and risk tolerance
• Prepare now for effective detection and response to reduce business impacts of incidentsPresentation level: MANAGERIAL (security and business leaders)
10:45 am[Panel] Identity and Access Management: Zero Trust for the Win?Principal Security Architect, OktaField CTO (US) & Principal Sales Engineer, RSARegistration Level:- Open Sessions
10:45 am - 11:15 amAuthentication used to be a discreet decision with the purpose of securing a single access point. Today, the ability to utilize many different types of authentication—from passwordless authentication, to certificate-based authentication, to adaptive and multi-factor authentication—is the foundation of a robust access management framework. With all the terms flying around out there—MFA, 2FA, Zero Trust, IAM, etc.—it’s hard to keep track of what is supposed to be working. Our experts will help demystify the jargon, provide best practices, and steer you away from common missteps.
10:45 amThe DoD’s Cybersecurity Maturity Model Certification (CMMC) Is Coming – Are You Ready?Treasurer and Member, Board of Directors, Cybersecurity Maturity Model Certification (CMMC) Accreditation BodyRegistration Level:- Open Sessions
10:45 am - 11:15 amSupply chain risks are at the top of everyone’s mind today, and the US Department of Defense (DoD) is no different. That is why the DoD created its Cybersecurity Maturity Model Certification (CMMC). CMMC is a five level, third-party validated maturity certification. CMMC includes both technical and process/procedural requirements. Organizations in the Defense Supply Chain will be required to obtain CMMC certification before contract award. Requests for Proposals (RFPs) containing CMMC requirements are expected in October 2020. This session provides an overview of CMMC and the corresponding industry-led ecosystem that is being created, spearheaded by the CMMC Accreditation Body (CMMC-AB).
Presentation Level: MANAGERIAL (security and business leaders)10:45 amAutomation in the New Normal: Rapid On/Offboarding of Workers Anywhere, and on Any DeviceSr. Product Marketing Manager, OktaRegistration Level:- Open Sessions
10:45 am - 11:15 amThe rapid shift to remote, distributed workforces has forced IT professionals to quickly support new/expanded ways of working. In addition to extending access to resources and enhancing security from more locations and devices, IT now is challenged with rethinking already time-intensive onboarding and offboarding processes.
According to a recent survey of IT leaders, these manual efforts sap budgets and productivity, and increase your security gaps. In this presentation, we’ll talk about the benefits of automating onboarding and offboarding and how Lifecycle Management can help streamline many of the manual processes that you likely have in place today.
Learn more about the benefits of:
- Creating a single source of truth from multiple directories, and driving identity lifecycles from your HRIS, granting the right access automatically as they join and securely removing access in a timely manner as users leave.
- Centralizing and automating lifecycle management across all apps on-premises and in the cloud.
- Generating and exporting detailed reports on who has access to what.
11:15 amNetworking BreakRegistration Level:- Open Sessions
11:15 am - 11:30 amVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
11:30 amKeynote Fireside Chat: Business Continuity Planning During the COVID-19 PandemicVP & CISO, Provation MedicalVice President, Human Resources, Provation MedicalRegistration Level:- Open Sessions
11:30 am - 12:15 pmMilinda Rambel Stone, VP and CISO, and Susan Hanson, VP of Human Resources, of Provation Medical will share in this interview format led by SecureWorld’s Emmy Award winning journalist, Bruce Sussman.
Susan and Milinda are Provation COVID-19 Task Force members leading their organization through these challenging times. They will share their experience surrounding the daunting task of Business Continuity planning during the coronavirus pandemic. BC planning can be difficult enough during normal times. What are we missing now that we have a significant global scale event?
12:15 pmNetworking BreakRegistration Level:- Open Sessions
12:15 pm - 12:30 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
12:30 pmPivoting Your Information Security Program to the New NormalCISO, Veterans United Home LoansRegistration Level:- Open Sessions
12:30 pm - 1:00 pmWe are living in different times that demand different ways of thinking. Many existing Information Security tools have lost some visibility and viability. How has your thinking changed about your Information Security program? Maybe more importantly, what are you thinking the future will look like and how are you posturing your next purchase, hire, or action to be prepared for the next pivot? We will talk about some questions you should be asking yourself, your team, your peers, and your executives.
12:30 pmChanging Cyber Landscapes: The Battle of AlgorithmsDirector of Enterprise Security, DarktraceRegistration Level:- Open Sessions
12:30 pm - 1:00 pmAmong rapidly evolving technological advancements, the emergence of AI-enhanced malware is making cyberattacks exponentially more dangerous and harder to identify. In the near future, we will begin to see supercharged, AI-powered cyberattacks leveraged at scale. To protect against offensive AI attacks, organizations are turning to defensive cyber AI, which can identify and neutralize emerging malicious activity, no matter when, or where, it strikes.
In this session, learn about:
• Paradigm shifts in the cyber landscape
• Advancements in offensive AI attack techniques
• The Immune System Approach to cyber security and defensive
• Autonomous Response capabilities
• Real-world examples of emerging threats that were stopped with Cyber AIPresentation level:
GENERAL (InfoSec best practices, trends, solutions, etc.)12:30 pm[Panel] No Perimeter: Security in the CloudCloud Security Architect, OptivVP, Global Field CISO Team, FortinetSr. Product Marketing Manager, Cloud and App-layer Data Protection, Thales Cloud SecurityDirector, WhiteSourceRegistration Level:- Open Sessions
12:30 pm - 1:00 pmWorldwide events have accelerated cloud adoption trends. Organizational reliance on the cloud is at an all-time high. This panel will explore cloud security risks, controls, and best practices to help ensure a secure cloud computing environment.
1:00 pmNetworking BreakRegistration Level:1:00 pm - 1:15 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pmNew Remote Workforce: Privacy and Security Risks and MitigationsFounding Partner & Owner, Fischer Law, LLCRegistration Level:- Open Sessions
1:15 pm - 1:45 pmThe sudden growth in the remote workforce exposed critical cybersecurity and privacy concerns that should be considered. This presentation will provide an overview of key legal considerations with remote work when it comes to privacy and security, as well as discuss some solutions to help mitigate risk as your employees work from home.
1:15 pm[Panel] Threat Landscape in Flux: Emerging ThreatsDirector, Technology Marketing, Trend MicroSolutions Architect, ReliaQuestSr. Sales Engineer, MalwarebytesCTO, RedSeal NetworksRegistration Level:- Open Sessions
1:15 pm - 1:45 pmThe attack surface is shifting, threat actors are adapting, and security teams must also pivot. This panel will take a dive into various attack vectors, security gaps, and emerging threats organizations are now facing.
1:15 pmVIPR Report: The Verizon Incident Preparedness and Response Report – Taming the Data BreachHead of Research, Development, Innovation, Verizon Threat Research Advisory CenterRegistration Level:- Open Sessions
1:15 pm - 1:45 pmPreparing for and responding to data breaches and cybersecurity incidents is never easy. It takes knowledge of your environment and its unique threats, effective teamwork, and just as importantly, a rigorous Incident Response (IR) Plan. The VIPR Report is a data and scenario-driven approach to incident preparedness and response; it’s based on three years of Verizon’s IR Plan readiness assessments, and our data breach simulation recommendations. John will present findings with the six phases of incident and in doing so, cover five data breach scenarios illustrating the need for that phase of an IR Plan and its underlying components.
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)1:45 pmNetworking BreakRegistration Level:- Open Sessions
1:45 pm - 2:00 pmLocation / Room: Exhibitor FloorVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:00 pm[Closing Keynote] People, Processes, and Tech Strategies: Recruit, Train, and Retain for Success!CISO, CSCRegistration Level:- Open Sessions
2:00 pm - 2:45 pmWhile most security teams leverage these key resources to reduce risk in our programs, how you leverage these resources will ultimately determine your effectiveness and success. Come join a leading security practitioner in a collaborative discussion on tips and landmines to avoid.
- Arctic Wolf NetworksBooth: https://www.engagez.net/arctic-wolf-swvc
Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOC™ service is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting, and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit https://www.arcticwolf.com.
- Checkmarx Inc.Booth: https://www.engagez.net/checkmarx
Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.
- Cloud Security Alliance (CSA)Booth: N/A
The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.
- CorelightBooth: https://www.engagez.net/corelight
Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com
- DarktraceBooth: https://www.engagez.net/darktrace-swvc
Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.
The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.
- EC-CouncilBooth: N/A
International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.
- FortinetBooth: https://www.engagez.net/fortinet-swvc
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.
- GigamonBooth: https://www.engagez.net/gigamon-swvc
Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com.
- Global Cyber AllianceBooth: N/A
The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org
- InfraGard ChicagoBooth: N/A
All InfraGard participants are committed to the proposition that a robust exchange of information about threats to and actual attacks on these critical infrastructures is an important element for successful infrastructure protection efforts. This chapter is governed by our local bylaws.
The goal of InfraGard is to enable the flow of information so that the owners and operators of infrastructure assets can better protect themselves and so that the United States government can better discharge its law enforcement and national security responsibilities.
- ISACA Chicago ChapterBooth: N/A
Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the metro Chicago area.
Chapter meetings are generally held the third Thursday of each month at The Conference Center at One North Wacker (1 N. Wacker Drive, 2nd Floor, Chicago, Illinois 60606)
Please check our web site from time to time for the most up-to-date listing of chapter related events and training opportunities.
- ISC2 Chicago ChapterBooth: N/A
The mission of the Chicago Chapter is to advance the local Chicagoland information security community by providing its members with opportunities to increase knowledge, grow professional networks, share information and advance the profession as a whole by promoting certification, ethical behavior, and social responsibility.
Our members consist of ISC2 credentialed professionals who hold either a SSCP, CAP, CSSLP, and/or a CISSP or advanced concentration certification. Our chapter program is focused on sharing knowledge and exchanging ideas among security professionals in the local area. Ultimately, we want to advance the field of information security by educating practitioners and the public at large on how to protect and defend against security threats.
- ISSA Chicago ChapterBooth: N/A
The Chicago Chapter of the Information Systems Security Association (ISSA) has a mission to offer a stimulating combination of discussion forums, hands-on learning, CISSP certification training, conferences, and other events which are designed to enhance understanding and awareness of information security issues for information security professionals.
Whether you are exploring a career in cybersecurity, honing your technical expertise or an established security executive, the ISSA offers you a network of 10,000 colleagues worldwide to support you in managing technology risk and protecting critical information and infrastructure. Enhance your professional stature, expand your peer network and achieve your personal career goals. Your local chapter and ISSA International will provide you with a wealth of resources to keep you current with industry trends and developments in our ever-evolving field.
- MalwarebytesBooth: https://www.engagez.net/malwarebytes-swvc
Malwarebytes secures endpoints, making workplaces resilient. Our adaptive attack protection predicts and detects attacks with multi-layer detection across the kill chain. We enable active threat response with machine learning that is actionable and automated, allowing for full recovery when a compromise occurs. We empower enterprise endpoint orchestration across siloed IT and Security organizations, simplifying security management and making responses effective. Malwarebytes makes endpoints resilient so workplaces can protect and remediate, and employees can regain control of their digital lives. Visit us at www.malwarebytes.com/business.
- OktaBooth: https://www.engagez.net/okta-sw
Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.
- Optiv & BlackBerryBooth: https://www.engagez.net/optiv-blackberry
Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.
- RedSealBooth: https://www.engagez.net/redseal-sw
By focusing on cybersecurity fundamentals, RedSeal helps government agencies and Global 2000 companies measurably reduce their cyber risk. With RedSeal’s cyber terrain analytics platform and professional services, enterprises improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif.
- ReliaQuestBooth: https://www.engagez.net/reliaquest-sw
ReliaQuest, the force multiplier of security operations, increases visibility, reduces complexity, and manages risk with its cloud native security operations platform, GreyMatter. ReliaQuest’s GreyMatter is built on an open XDR architecture and delivered as a service anywhere in the world, anytime of the day, by bringing together telemetry from tools and applications across cloud, on-premises and hybrid cloud architectures. Hundreds of Fortune 1000 organizations trust ReliaQuest to operationalize security investments, ensuring teams focus on the right problems while closing visibility and capability gaps to proactively manage risk and accelerate initiatives for the business. ReliaQuest is a private company headquartered in Tampa, Fla., with multiple global locations. For more information, visit www.reliaquest.com.
- RSA a Dell Technologies CompanyBooth: https://www.engagez.net/rsa-sw
RSA Business-Driven Security™ solutions provide organizations with a unified approach to managing digital risk that hinges on integrated visibility, automated insights and coordinated actions. With solutions for rapid detection and response, user access control, consumer fraud protection, and integrated risk management, RSA customers can thrive and continuously adapt to transformational change.
- SynopsysBooth: https://www.engagez.net/synopsys-sw
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
- TechTargetBooth: N/A
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- ThalesBooth: https://www.engagez.net/thales
As the global leader in cloud and data protection, we help the most trusted brands and largest organizations in the world protect their most sensitive data and software, secure the cloud and achieve compliance through our industry-leading data encryption, access management, and software licensing solutions.
- Trend MicroBooth: https://www.engagez.net/trendmicro-swvc
Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.
- Women in CyberSecurity (WiCyS)Booth: N/A
Women in CyberSecurity (WiCyS) is the premier nonprofit organization with international reach dedicated to bringing together women in cybersecurity. Founded by Dr. Ambareen Siraj from Tennessee Tech University through a National Science Foundation grant in 2013, WiCyS offers opportunities and resources for its members and collaboration benefits for its sponsors and partners. The organization’s founding partners are Cisco, Facebook and Palo Alto Networks. WiCyS’ strategic partners include Amazon Web Services, Bloomberg, Cisco, Equifax, Facebook, Google, HERE Technologies, IBM, Lockheed Martin, Nike, Optum, Palo Alto Networks, PayPal, SANS Institute, Target, and University of California San Diego. To learn more about WiCyS, visit https://www.wicys.org.
- Milinda Rambel StoneVP & CISO, Provation Medical
Milinda Rambel Stone is an executive security leader with extensive experience building and leading security programs, including Information Security Governance, Vulnerability Management, Incident Investigation & Response, Security Awareness, and Risk Management & Compliance. With significant experience in creating and managing large-scale information security programs in technology, healthcare, and financial services, today Milinda puts this expertise to work as a VP and CISO at Provation Medical.
- Glenn KapetanskyChief Security Officer & Technology Lead, Trexin Group
Glenn Kapetansky has a passion for building systems, organizations, and teams, and has done so across a number of business sectors, technologies, and roles. For over 20 years, Glenn has advised senior executives and built teams throughout the delivery cycle: strategy, architecture, development, quality assurance, deployment, operational support, financials, and project planning. His credentials were earned in such diverse industries as healthcare, finance, energy, consumer products, and telecommunications. Glenn's current focus areas—as Senior Principal and Chief Security Officer at Trexin Group—are agile management, data protection, and audit/regulatory compliance.
Glenn speaks and publishes on occasion. He has been named numerous times in various Who's Who, and is a repeat recipient of Bell Labs' Arno Penzias Award for Innovation in the Marketplace. He is active in CIO Roundtables, CISO Chicago, the Chicago Life Sciences Consortium, and the Technology Leaders' Association. Glenn's certifications and memberships include IEEE, ISC2 (CISSP), ISACA (CISA), and ITIL (SM).
- Tamika PuckettRisk Manager, Corporate Security, Zoom
As the City of Chicago’s Chief Risk Officer, Ms. Puckett was responsible for implementing and managing the city’s enterprise risk management governance framework, including the implementation of policies and procedures to identify and manage organizational risks. A career risk manager, Ms. Puckett possesses over 15 years of experience managing complex, public sector enterprise risk management programs. She possesses specialized experience in the areas of risk assessments, workers’ compensation, contractual risk transfer, and training programs. Ms. Puckett was recognized as a 2018 Insurance Business America Leading Risk Manager.
- Alexandra PanaretosAmericas Lead for Human Cyber Risk and Education, EY
With a background in broadcasting and operational security, Alex specializes in secure communications and education, awareness program development, the psychology of social engineering, human-based risk mitigation, and behavior analytics. She has over 12 years of experience developing and implementing security awareness, communication, and education strategies in Fortune 50/100 companies and other global enterprises. Alex is OPSEC Manager II Certified by the U.S. Army and the Joint Information Operations Warfare Center (JIOWC). She volunteers with local law enforcement agencies educating parents, community groups, and youth organizations on information security and social media safety in her free time.
- Brendan CampbellVP, Technology and Cybersecurity Audit & Advisory Services, Manulife
- Sandy SilkDirector, Information Security Education & Consulting, Harvard University
Sandy Silk is the Director of Information Security Education and Consulting at Harvard University, Founder of Cyber Risk and Resilience Consulting, and a member of the Board of Advisors for the MS in Information Security Leadership at Brandeis University. She excels at bringing together executive leaders, business teams, and IT professionals to align cyber risk management with strategic priorities and culture, risk tolerance levels, and positive customer experience. Sandy is also involved in several WIT organizations and programs. Her prior information security career included positions with Fidelity Investments, Bose Corporation, and Wellington Management Company.
- Ben SmithField CTO (US) & Principal Sales Engineer, RSA
Ben Smith is Field CTO (US East) with RSA, and a technically-focused risk management executive with over 25 years’ experience. He holds the CISSP and CRISC certifications and has presented on RSA's behalf at cybersecurity events sponsored by Gartner, FS-ISAC, ISSA, BSides, ICI, (ISC)2, ISACA, InfraGard, HTCIA and other organizations.
- James GoepelTreasurer and Member, Board of Directors, Cybersecurity Maturity Model Certification (CMMC) Accreditation Body
James Goepel is Treasurer and Member, Board of Directors for the CMMC-AB. He is also an adjunct professor of Cybersecurity at Drexel University and CEO of Fathom Cyber, a trusted agent for senior management and developer of defensible cybersecurity strategies. Jim earned his BSECE from Drexel and his JD and LLM degrees from George Mason University. He worked in the IT and security industries for nearly two decades, including as a Network Administrator for the US House of Representatives and as a lawyer and technologist for a wide range of cybersecurity companies, including system developers, research institutions, and software vendors.
- Kelsey NelsonSr. Product Marketing Manager, Okta
Kelsey Nelson is a Senior Product Marketing Manager at Okta, leading workforce IT and security solutions, including getting beyond the buzzword of "Zero Trust." Prior to joining Okta, she led product and business communications at tech startups varying from enterprise software to edtech to consumer music hardware, and prior to that taught secondary school history and English with Teach for America. Today, she lives in San Francisco, though will always call Wisconsin home.
- Milinda Rambel StoneVP & CISO, Provation Medical
Milinda Rambel Stone is an executive security leader with extensive experience building and leading security programs, including Information Security Governance, Vulnerability Management, Incident Investigation & Response, Security Awareness, and Risk Management & Compliance. With significant experience in creating and managing large-scale information security programs in technology, healthcare, and financial services, today Milinda puts this expertise to work as a VP and CISO at Provation Medical.
- Susan HansonVice President, Human Resources, Provation Medical
Susan has over 20 years of healthcare experience in Human Resources and Compliance. Susan joined the Provation team in 2017 and brings her experience of building and growing high-performing teams with a dynamic, results-oriented culture and strong leadership. Susan also has experience in healthcare compliance specifically in HIPAA and HITECH by building a healthcare compliance program in her previous career. Susan has a Bachelor of Science degree in Human Resource Management as well as a Master of Science degree with an emphasis in Leadership, along with an MBA from Capella University in Minneapolis, Minnesota.
- Randy RawCISO, Veterans United Home Loans
Randy Raw is Chief Information Security Officer at Veterans United Home Loans in Columbia, Missouri. He has more than 25 years of experience in both public entities and private industry, having built several Information Security programs from the ground up. He is a proponent of risk-based, layered security measures that utilize both preventative and detective approaches to achieve the right solution for the organization. Randy is a CISSP and is active in the Central Missouri InfoSec community. He has spoken at SecureWorld on many technical topics and turns his focus towards helping others move from the technical trenches to a leadership role.
- David MassonDirector of Enterprise Security, Darktrace
David Masson is Darktrace’s Director of Enterprise Security, and has over two decades of experience working in fast moving security and intelligence environments in the UK, Canada and worldwide. With skills developed in the civilian, military and diplomatic worlds, he has been influential in the efficient and effective resolution of various unique national security issues. David is an operational solutions expert and has a solid reputation across the UK and Canada for delivery tailored to customer needs. At Darktrace, David advises strategic customers across North America and is also a regular contributor to major media outlets in Canada where he is based, included CBC and The Globe and Mail. He holds a master’s degree from Edinburgh University.
- Eric WolffSr. Product Marketing Manager, Cloud and App-layer Data Protection, Thales Cloud Security
Eric Wolff is a Senior Product Marketing Manager for Thales application-layer data protection and solutions for public cloud security. He has over 20 years’ experience in threat intelligence management, network security, application acceleration, enterprise-class storage area networking, storage virtualization, data-management applications, and storage subsystems.
- Jordan Fischer, InstructorFounding Partner & Owner, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP) - Mike LloydCTO, RedSeal Networks
Dr. Mike Lloyd has more than 25 years of experience in the modeling and control of fast-moving, complex systems. He has been granted 21 patents on security, network assessment, and dynamic network control. Before joining RedSeal, Mike Lloyd was Chief Technology Officer at RouteScience Technologies (acquired by Avaya), where he pioneered self-optimizing networks. Mike served as principal architect at Cisco on the technology used to overlay MPLS VPN services across service provider backbones. He joined Cisco through the acquisition of Netsys Technologies, where he was the senior network modeling engineer.
Dr. Mike Lloyd holds a degree in mathematics from Trinity College, Dublin, Ireland, and a PhD in stochastic epidemic modeling from Heriot-Watt University, Edinburgh, Scotland.
- John GrimHead of Research, Development, Innovation, Verizon Threat Research Advisory Center
John has over 17 years of experience investigating, and leading teams investigating, data breaches and cybersecurity incidents within the government and civilian security sectors. Currently, John heads the Verizon Threat Research Advisory Center (VTRAC) research, development, and innovation effort. In this role, he focuses on researching cybersecurity incidents, performing digital forensic examinations, advising on data breach containment and eradication efforts, and creating data breach response preparedness training and breach simulation exercises for customers worldwide. Prior to joining Verizon, John served 12 years with the U.S. Army investigating security-related incidents with eight years specifically focused on network intrusion investigations and forensic examinations.
- Mark Eggleston, CISSP, GSEC, CHPSCISO, CSC
Mark Eggleston is the chief information security officer (CISO) for CSC, responsible for the global security and privacy program design, operations and continual maturation. As a senior executive specializing in security and privacy program development and management, Mark’s unique background and expertise in information technology, program, and people management have positioned him as a thought leader and frequent industry speaker.
Mark started his career as a program manager and psychotherapist at a hospital serving children and adolescents. Later, Mr. Eggleston helped develop an internal compliance approach—complete with policies and tools—ensuring a geographically dispersed health care provider organization (across 19 states) complied with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Mr. Eggleston then transitioned to applying his HIPAA expertise at an HMO where he has implemented many successful security controls and technologies, including single sign-on (SSO), Identity and Access Management (IAM), Cloud Access security broker (CASB), and a vulnerability assessment program.
Mark received his Bachelor of Science in psychology from Radford University. Later, Mark received both his Master of social work and his post-baccalaureate certificate in management information systems from Virginia Commonwealth University. In addition, Mark holds CHPS, CHPS, and CISSP certifications.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes