Open Sessions
Conference Pass
SecureWorld Plus
VIP / Exclusive
- Wednesday, October 9, 20197:00 amRegistration openRegistration Level:
Open Sessions
7:00 am - 3:00 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
8:00 amAdvisory Council Breakfast – (VIP / INVITE ONLY)Topic: How Mature is Your Cybersecurity Incident Response Plan?Registration Level:VIP / Exclusive
8:00 am - 9:15 amLocation / Room: Spring GladeThis session is for Advisory Council members only.
8:00 am[SecureWorld PLUS] Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity FrameworkEarn 16 CPEs With This in-Depth 3-Part CourseSr. Cybersecurity Consultant, Wilson CyberRegistration Level:SecureWorld Plus
8:00 am - 9:30 amLocation / Room: Northbrook 3The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report
The class will help individuals and organizations acquire knowledge, skills and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the Instructor – Larry Wilson:
- Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
8:00 amSecureWorld PLUS Part 1 - Building an Incident Response Plan from Scratch: If It's Not Written Down, You Don't Have a Plan!Earn 16 CPEs with this in-depth 3-part courseChairwoman, CEO & President, Minorities in Cybersecurity, Inc.Registration Level:SecureWorld Plus
8:00 am - 9:30 amLocation / Room: Northbrook 2In today’s world not knowing how your company will respond when it has a breach is negligent. The last thing you want to do is be caught unprepared when the highly likely, but always untimely, event occurs. Businesses of all sizes need to have an incident response plan! Do you? Do you know where to start? If not, this session is for you. In Part 1 of our session will focus on building basic prevention and monitoring capabilities in order to detect incidents. In Part 2 we will focus on building the appropriate incident response plan for your company. Part 3 we will focus on putting the plan in action and building resiliency. 8:30 amLet's Stop Admiring the Human Factor Problem in CybersecurityCybersecurity Policy Fellow, New America Think Tank, New AmericaRegistration Level:Conference Pass
8:30 am - 9:15 amLocation / Room: WindhavenNinety-five percent of all cyber-attacks are human enabled. Organizations continue to fail at addressing human factors in cybersecurity due to a lack of education and appreciation for human factors as a science. With the increasing spending on technology to safeguard organizations’ critical networks, systems, and data, cybercriminals are circumventing defense-in-depth architectures to target humans, the weakest link. An existing fallacy is that technology will prevent data breaches, ransomware attacks, or cyber-attacks. In fact, integrating new technology creates unintended consequences that increase vulnerabilities. These technologically-induced vulnerabilities are human-enabled highlighting a lack of appreciation for human factors in cybersecurity–let’s reduce human-enable errors 8:30 amFortifying Your Enterprise in a Changing Security and Privacy LandscapeTechnical Director, Online Trust Alliance, Internet SocietyRegistration Level:Conference Pass
8:30 am - 9:15 amLocation / Room: SunnyslopoeRecent multi-million dollar sanctions for data breaches show that businesses cannot afford to be lax on privacy and security. However, the latest Internet Society studies have found that for many companies, these safeguards are severely lacking. What may start as a simple oversight can soon manifest into a potential security and financial nightmare for businesses. Embracing best practices when safeguarding user data is critical for companies to not only retain customers, but to protect themselves from the growing legal liability they could face.
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)8:30 amWho Is Responsible for Security in the Cloud?Cloud Security Engineer, Charles SchwabRegistration Level:Conference Pass
8:30 am - 9:15 amLocation / Room: Northbrook 1Examine some of the data exposure incidents over the past two years as a result of the misconfiguration of cloud resources, including recent data exposures. Will look at the specific nature of cloud misconfiguration issues, examine the areas of responsibility between cloud providers and their customers, and will offer a number of high-level suggestions on how to prevent or avoid such issues as organizations adopt cloud computing in their businesses.
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)8:30 amPiloting Through CybersecurityCISO, Brink's Inc.Registration Level:Conference Pass
8:30 am - 9:15 amLocation / Room: FairviewPiloting through Security – Using pilot skills and techniques to secure your world against cyber threats.
• Use Checklists – Develop both Emergency and Normal operations checklists and then use those to develop standard operating procedures.
o Runbook development
o Incident Management guide and artifact
o Change Management guide and artifact
• Fly the Plane! Secure the Environment! – During an incident don’t get distracted by finding the cause. Secure the environment first. Then when its safe do the research.
• PAVE: A Personal Minimums Checklist for Risk Management
o Personal – I ‘M SAFE (Illness, Medication, Stress, Alcohol, Fatigue, Emotion)
o Aircraft (Infrastructure, apps, and tools)
o Environment (Situational Awareness)
o External Pressures (Customers, Executive Leadership, Board, regulators)
• “Flying is hours and hours of boredom sprinkled with a few seconds of sheer terror” – Pappy Boyington
o Don’t let repetition lull you into a sense of complacency with your security program.
• Spatial Disorientation and trusting your instruments
o Cross-check your tools to confirm what they are saying
o Trust what your tools are telling you
• Big Sky Theory – Two randomly flying bodies (little airplanes) are very unlikely to collide, as the three-dimensional space is so large relative to the bodies.
• Situational Awareness “See and Be Seen”, “See and Avoid”
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)9:00 amExhibitor Hall openRegistration Level:Open Sessions
9:00 am - 3:00 pmLocation / Room: SecureWorld Exhibit FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
9:30 am[OPENING KEYNOTE] Business Email Compromise: Real World Stories and Practical DefenseSpecial Agent, Global Investigative Operations Center, United States Secret ServiceRegistration Level:Open Sessions
9:30 am - 10:15 amLocation / Room: Keynote TheaterThe average loss from a bank robbery is about $3,000. The average loss from a successful Business Email Compromise (BEC) attack is nearly $130,000. That kind of math explains why BEC is rampant, and every type of organization is at risk. During this presentation, hear from the point person on BEC cases investigated by the U.S. Secret Service. He’ll share true crime examples of and practical steps for defense against BEC losses, which now stand at $13.5 billion in the last six years.
10:15 amConference Break / Exhibitor Product DemonstrationRegistration Level:Open Sessions
10:15 am - 11:15 amLocation / Room: SecureWorld Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
10:15 amMeet-the-Presenter & “Birds of a Feather” Discussion GroupTopic: Securing the CloudCloud Security Engineer, Charles SchwabDevOps Revolutionary - Information Security, State FarmRegistration Level:Open Sessions
10:15 am - 10:45 amLocation / Room: Exhibitor Floor: Green ZoneWhat are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.
10:15 amMeet-the-Presenter & “Birds of a Feather” Discussion GroupTopic: The Human ThreatCybersecurity Policy Fellow, New America Think Tank, New AmericaRegistration Level:Open Sessions
10:15 am - 10:45 amLocation / Room: Exhibitor Floor: Red ZoneWhat are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.
10:15 amMeet-the-Presenter & “Birds of a Feather” Discussion GroupTopic: Communicating Between Technical and Non-Technical TeamsProgram Manager, Security Learning & Awareness, MetaRegistration Level:Open Sessions
10:15 am - 10:45 amLocation / Room: Exhibitor Floor: Blue ZoneWhat are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.
10:15 amMark Gelhardt Book Signing in the CyberLounge on the Exhibitor FloorQuantities are limited and will be distributed on a first-come, first-served basis.Registration Level:Open Sessions
10:15 am - 12:00 pmLocation / Room: CyberLoungeMark Gelhardt will be signing copies of his book, “My Time at The Clinton White House.”
Find him in the CyberLounge on the Exhibitor Floor at the following times:
10:15 a.m. – 12:00 p.m.
1:00-1:15 p.m.
BOOK SYNOPSIS:
Colonel Mark Gelhardt had an atypical military career that landed him in The White House next to the President of the United States, where he was responsible for the last link of communications between the President and the rest of the U.S. government. While a Lieutenant Colonel (LTC) in the Army, Mark was selected by top federal officials to be the Commander of the Data Systems Unit, as part of the White House Communications Agency. In this position, he supported the President as the Chief Information Officer (CIO) for all classified IT used by The White House. LTC Gelhardt served at the White House for over four years (1995-1999), working with President Clinton and his staff almost every day, both on the White House grounds and traveling worldwide. This gave him unfettered access to the inner workings of The White House and the Presidency. Since retiring from the Army in 2001, Mark has been asked by many people about his time at The White House. Mark has many stories about what happened behind closed doors, and proudly speaks about the outstanding support done by the fantastic military members that support the Commander-in-Chief. Mark has taken the time to chronicle his experiences about his day-to-day job at The White House, as well as some of the funny stories he picked up along the way. Please enjoy this non-political book with surprising behind-the-scenes stories. I hope they provide you with some insight to the wonderful military members that work so hard to keep you safe every day in support the of President and Commander-in-Chief.
11:00 amAdvisory Council LUNCH Roundtable (VIP / Invite Only)Topic: Prioritization of the Top 20 Critical Security ControlsRegistration Level:VIP / Exclusive
11:00 am - 1:00 pmLocation / Room: Spring GladeThis session is for Advisory Council members only.
11:15 am(ISC)2 Chapter Meeting: Open to All AttendeesRegistration Level:Open Sessions
11:15 am - 12:00 pmLocation / Room: Windhaven11:15 amThe Fluid Ecosystem of Risk ManagementPrincipal, Teknion Data SolutionsRegistration Level:Conference Pass
11:15 am - 12:00 pmLocation / Room: FairviewJoin us to continue to hone in the skill of reducing the fragmented efforts of digital, strategic, and operational risk management. Frameworks, methodologies, and controls are essential, but they are just not enough in a digital-native, disruptive-intensive society.
Presentation Level:
MANAGERIAL (security and business leaders)11:15 amNon-Traditional InfoSec Challenges: Risks and Protection StrategiesCISO, Health Care Service CorporationRegistration Level:Conference Pass
11:15 am - 12:00 pmLocation / Room: Northbrook 1In this presentation, we will first explore a set of commonly used technologies that may not be closely examined as part of traditional information security programs. However, they likely introduce critical risks via open apertures allowing for unauthenticated inputs by anonymous users. In this presentation, I will show you examples of how to identify assets and uncover vulnerabilities using new perspectives in this increasingly-connected world. Heavily based upon lessons learned from a 20+ year cyber career in the public sector, this presentation will provide new strategies through exciting examples that will shape how you interpret additional technologies around you and design security controls to uplift your defenses.
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)11:15 amWord on the Street Is: A Lil' Bit of Awareness Will Make It SecureProgram Manager, Security Learning & Awareness, MetaRegistration Level:Conference Pass
11:15 am - 12:00 pmLocation / Room: SunnyslopeSecurity awareness is often viewed as this intangible part of information security that is always “too” something—too costly, too much effort, too difficult to qualify. But word on the street is that a little bit of awareness is worth its weight in salt, so why are there so many varying perspectives on precisely “how” to implement a security awareness program? The answer is simple: If the streets are talking, shouldn’t someone be listening? 12:15 pm[LUNCH KEYNOTE] How to Manage Your Own Career to Get to the TopCIO, Georgia State Defense Force, Former CIO, The White HouseRegistration Level:Open Sessions
12:15 pm - 1:00 pmLocation / Room: Keynote TheaterDo you have a plan for your future? Why not? You are the leader of your own destiny! You need to look at where you are, where you want to go, and have a plan to get there. We will talk about how to develop a plan, what to think about, and how to put one foot in front of the other to get to your end goal. We will also talk about how to manage up to your boss to get what you need to help you in your own career. Col. Mark Gelhardt made it to The White House managing his own career, and stood next to the President of the United States. He will tell you how he did it; if he can do it, so can you! 1:15 pm[Panel] Building a Better Mouse Trap (Emerging Threats)Registration Level:Open Sessions
1:15 pm - 2:15 pmLocation / Room: Keynote TheaterTo be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
Panelists:
James Carnall, Looking Glass
Kristi Thiele, Ixia
Charity Wright, Intsights
Christopher Marcinko, Avanade
Michael Schindler, Ensilo
Moderator: Brent Chapman1:15 pm[Panel] You’ve Got Burned! Now What? (Incident Response)Registration Level:Open Sessions
1:15 pm - 2:15 pmLocation / Room: WindhavenWe’ve all heard the adage that it’s not if it happens but when you are inevitably breached… Do you have a plan? Even a framework to go off of? What do you include? Who do you include? How often should you be practicing this plan? Join our experts as they discuss incident response plans, who should be involved, best practices, and pitfalls.
Panelists:
Pat Benoit, CBRE
Jon Allen, Catalyst Corporate Federal Credit Union
Jonathan Tock, Speartip
Thomas Moore, Corelight
Moderator: Shawn Tuma, Spencer Fane LLP2:15 pmConference Break / Exhibitor Product DemonstrationRegistration Level:Open Sessions
2:15 pm - 3:00 pmLocation / Room: SecureWorld Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
2:15 pmMeet-the-Presenter & “Birds of a Feather” Discussion GroupTopic: Establishing a Value Mandate for Risk ProfessionalsPrincipal, Teknion Data SolutionsRegistration Level:Open Sessions
2:15 pm - 2:45 pmLocation / Room: Exhibitor Floor: Green ZoneWhat are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.
2:15 pmMeet-the-Presenter & “Birds of a Feather” Discussion GroupTopic: Third Party Cyber Risk ManagementCISO, G6 Hospitality, LLCRegistration Level:Open Sessions
2:15 pm - 2:45 pmLocation / Room: Exhibitor Floor: Red ZoneWhat are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.
2:15 pmMeet-the-Presenter & “Birds of a Feather” Discussion GroupTopic: Communicating to the BoardCISO, Health Care Service CorporationRegistration Level:Open Sessions
2:15 pm - 2:45 pmLocation / Room: Exhibitor Floor: Blue ZoneWhat are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.
3:00 pmCISO Ventures Panel: Are Cybersecurity Startups Meeting Expectations of Buyers Taking a Risk on Them?Founder & Managing Director, Whiteboard Venture PartnersChief Information Officer, EpsilonVP & Deputy CISO, Hewlett Packard EnterpriseCISO, Alkami TechnologySr. Director, Information Security, Blue Cross and Blue ShieldRegistration Level:Conference Pass
3:00 pm - 3:45 pmLocation / Room: WindhavenThe number of cyber startups is growing exponentially, with 4300+ cybersecurity companies worldwide including several private “unicorns”. With so many startups engaged in helping organizations achieve cybersecurity outcomes, how do organizational decision makers think about the risks involved in working with them? A panel of CXOs will share their expectations of and experiences with cybersecurity startups, including how they use solutions from startups to meet existing and emerging cybersecurity challenges.
3:00 pm[Panel] Knowledge Is Power: Women in CybersecurityCISO & C-Suite Advisor, Check Point Software TechnologiesCTO, Catalyst Corporation Federal Credit UnionDirector, Security Management, Financial Investment Management CompanyAssociate Director, Network Security, VerizonRegistration Level:Conference Pass
3:00 pm - 3:45 pmLocation / Room: SunnyslopeIt is often said that true knowledge must be gained through experience; either through one’s own life or through others. Join this opportunity to hear from women who bring perspectives from diverse industries (retail, financial, healthcare, utilities) as they share their different experiences as women living the information security career journey.
3:00 pmInfraGard Chapter Meeting and Presentation - Open to all AttendeesTopic: When Does a Data Theft Incident Qualify as a Reportable Data Breach?General Counsel, InfraGard North TexasRegistration Level:Open Sessions
3:00 pm - 3:45 pmLocation / Room: Keynote TheaterJoin InfraGard for their chapter meeting and guest presentation. This opportunity is open to all attendees.
Presentation:
Upon discovering that a data theft incident has occurred, a significant question arises: Is there an obligation to report the data theft incident, to victims and authorities, as a data breach? The “encryption exception” that is within the GDPR and many US laws indicates that if the data was encrypted when stolen, there has not been a breach and so reporting is not required. This presentation will provide an alternative view: for example, seven different ways that encrypted data may be compromised will be presented. Only by eliminating all seven as possibilities, should you rely on the “encryption exception.”
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)3:00 pmSecuring the Public Cloud: AutomationDevOps Revolutionary - Information Security, State FarmRegistration Level:Conference Pass
3:00 pm - 3:45 pmLocation / Room: FairviewThe largest cause of publicly disclosed security breaches in cloud environments continues to be poor security hygiene. Public cloud adoption is expanding at a mammoth pace. The absence of a physical network boundary to the internet, combined with the risk of accidental exposure by users with limited security expertise, increases the attack surface in the public cloud. Security governance is challenging in public cloud environments due to the lack of visibility and control over agile changes.
3:00 pm[SecureWorld PLUS] Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity FrameworkSecureWorld PLUS Registrants ONLYSr. Cybersecurity Consultant, Wilson CyberRegistration Level:SecureWorld Plus
3:00 pm - 4:30 pmLocation / Room: Northbrook 3The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report
The class will help individuals and organizations acquire knowledge, skills and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the Instructor – Larry Wilson:
- Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
3:00 pmSecureWorld PLUS Part 2 - Building an Incident Response Plan from Scratch: If It's Not Written Down, You Don't Have a Plan!SecureWorld PLUS Registrants ONLYChairwoman, CEO & President, Minorities in Cybersecurity, Inc.Registration Level:SecureWorld Plus
3:00 pm - 4:30 pmLocation / Room: Northbrook 2In today’s world not knowing how your company will respond when it has a breach is negligent. The last thing you want to do is be caught unprepared when the highly likely, but always untimely, event occurs. Businesses of all sizes need to have an incident response plan! Do you? Do you know where to start? If not, this session is for you. In Part 1 of our session will focus on building basic prevention and monitoring capabilities in order to detect incidents. In Part 2 we will focus on building the appropriate incident response plan for your company. Part 3 we will focus on putting the plan in action and building resiliency. 3:45 pmCasino Happy HourNetworking, Games, Prizes, Drinks, and SnacksRegistration Level:Open Sessions
3:45 pm - 5:30 pmLocation / Room: SecureWorld Exhibitor FloorJoin your peers at 3:45 p.m. in the Exhibit Hall for beverages and snacks. Test your luck at Blackjack, Roulette, and Craps. Hand the voucher you receive at registration to one of the participating exhibitors to get started with $1,000 and win big for your chance at some cool prizes!
Thank You Sponsors:
Mimecast: Happy Hour Sponsor
Cobalt: Black Jack Table
ISSA North Texas: Poker Table
SpearTip: Craps Table
Corelight: Roulette Table - Thursday, October 10, 20197:00 amRegistration openRegistration Level:
Open Sessions
7:00 am - 3:00 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
8:00 am[SecureWorld PLUS] Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity FrameworkSecureWorld PLUS Registrants ONLYSr. Cybersecurity Consultant, Wilson CyberRegistration Level:SecureWorld Plus
8:00 am - 9:30 amLocation / Room: Northbrook 3The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report
The class will help individuals and organizations acquire knowledge, skills and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the Instructor – Larry Wilson:
- Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
8:00 amSecureWorld PLUS Part 3 - Building an Incident Response Plan from Scratch: If It's Not Written Down, You Don't Have a Plan!SecureWorld PLUS Registrants ONLYChairwoman, CEO & President, Minorities in Cybersecurity, Inc.Registration Level:SecureWorld Plus
8:00 am - 9:30 amLocation / Room: Northbrook 2In today’s world not knowing how your company will respond when it has a breach is negligent. The last thing you want to do is be caught unprepared when the highly likely, but always untimely, event occurs. Businesses of all sizes need to have an incident response plan! Do you? Do you know where to start? If not, this session is for you. In Part 1 of our session will focus on building basic prevention and monitoring capabilities in order to detect incidents. In Part 2 we will focus on building the appropriate incident response plan for your company. Part 3 we will focus on putting the plan in action and building resiliency. 8:30 amBanking Data Breach and Lessons LearnedFormer CIO & COO, Los Alamos National BankRegistration Level:Conference Pass
8:30 am - 9:15 amLocation / Room: WindhavenYour financial institution has been hacked and is now on the evening news. Customers, board members, the press, and regulators are hounding you by the minute. How do you recover step-by-step as CIO/COO/CISO? This session covers data breach nightmares during pre-attack, attack-in-motion, and post-attack scenarios. What are the key steps in starting the recovery of business operations with everyone demanding quick action? Next in line is the enforcement actions from the regulator: what are the necessary turnaround actions and road-maps? Gain real-world insider views on turning around a horrible situation.
Presentation Level: MANAGERIAL (security and business leaders)8:30 amConsidering a Continuity Plan?Sr. Information Systems Auditor, Parkland HealthCISO, Texas Scottish Rite Hospital for ChildrenRegistration Level:Conference Pass
8:30 am - 9:15 amLocation / Room: FairviewYour organization is required to implement a continuity plan but they can be complex and time consuming. Perhaps you are wondering where to start, and your organization is pressing you to innovate and leverage efficiencies. Cyber attacks are inevitable and can cause serious harm to your organization’s availability. Join Michael Smith and James Carpenter as we walk through important planning steps for building and implementing your continuity plan. 8:30 amDeveloping and Implementing an Effective Security Awareness ProgramLessons Learned from an Oil and Gas Exploration CompanySr. Security Architect, CDWRegistration Level:Conference Pass
8:30 am - 9:15 amLocation / Room: SunnyslopePedro will discuss his lessons learned in security awareness. He works in a very traditional Oil And Gas Exploration company, and from the production point of view, security awareness was the last thing anyone wanted to talk about. Pedro was able to change the culture, and ultimately behavior, by relating security awareness to their home use. He made it personal and relevant to the employee, that got attention. Once you have their attention, then you can start changing their behavior.
9:00 amExhibitor Hall openRegistration Level:Open Sessions
9:00 am - 3:00 pmLocation / Room: SecureWorld Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
9:30 am[OPENING KEYNOTE] Everything You Wanted to Know About a Ransomware Attack, but Were Afraid to AskCISO, Supreme LendingRegistration Level:Open Sessions
9:30 am - 10:15 amLocation / Room: Keynote TheaterThis presentation will focus on lessons learned from a real ransomware attack and what to consider before, during, and after the attack. The audience take-away will include a thought-provoking list of resources and protection measures that will better prepare any organization.
10:15 amConference Break / Exhibitor Product DemonstrationRegistration Level:Open Sessions
10:15 am - 11:15 amLocation / Room: SecureWorld Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
10:15 amMeet-the-Presenter & “Birds of a Feather” Discussion GroupTopic: Responding to the Evolving Privacy LandscapeCo-Chair, Data Privacy & Cybersecurity Practice, Spencer Fane LLPRegistration Level:Open Sessions
10:15 am - 10:45 amLocation / Room: Exhibitor Floor: Green ZoneWhat are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.
10:15 amMeet-the-Presenter & “Birds of a Feather” Discussion GroupTopic: Career Development: Becoming a CISOSr. Security Architect, CDWRegistration Level:Open Sessions
10:15 am - 10:45 amLocation / Room: Exhibitor Floor: Red ZoneWhat are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.
10:15 amMeet-the-Presenter & “Birds of a Feather” Discussion GroupTopic: Breach ManagementFormer CIO & COO, Los Alamos National BankRegistration Level:Open Sessions
10:15 am - 10:45 amLocation / Room: Exhibitor Floor: Blue ZoneWhat are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.
11:00 amAdvisory Council Roundtable - (VIP / Invite Only)Topic: Privacy Versus Security (CCPA, GDPR, DevOpsSec)Registration Level:VIP / Exclusive
11:00 am - 12:00 pmLocation / Room: Spring GladeThis session is for Advisory Council members only.
11:15 amThe Legal Component of Incident ResponseData Privacy & Cyber Partner, Spencer Fane LLPRegistration Level:Conference Pass
11:15 am - 12:15 pmLocation / Room: SunnyslopeLegal obligations attach when a data privacy or security incident occurs. An important component to responding to any data incident requires analysis of various international, state, and sectoral laws and regulations applicable to a given incident. This discussion will highlight the current and future legal climate of incident response. 11:15 amCyber Insurance: Safety Net or Scam?Principal Consultant, Aberfoyle AssociatesRegistration Level:Conference Pass
11:15 am - 12:00 pmLocation / Room: FairviewCyber liability insurance was conceived to help organizations recover from the devastating effects of a cyber attack, but are they actually fulfilling that purpose? While cyber insurance underwriters are requiring policy seekers to fill out risk assessment surveys and have offered resources to clients to help mitigate cyber risk, the daunting burden of proof is still placed on the insured to prove lack of negligence. What has to happen for insurers and their clients to agree upon third party risk assessment tools to create a more equitable cost vs. coverage framework? How can businesses regain control of their risk valuations? 11:15 amStrategically Reporting to the Board of DirectorsCybersecurity Regulatory Testing Lead, USAAAttorney, Technology and Transactions Counsel, USAARegistration Level:Conference Pass
11:15 am - 12:00 pmLocation / Room: Northbrook 1This presentation will cover three major areas of concerns when developing reporting for the board of directions. The first is assurance testing and reporting of the results so that the board is confident that the program is operating as promised. The second is an overview of current laws in the financial sector and other industries, including some that require board-level reporting. Finally, we will discuss what goes into the board package and how it should be presented.
Presentation Level: MANAGERIAL (security and business leaders)11:15 amThird-Party Cyber Risk: Creating and Managing a Program that WorksCISO, G6 Hospitality, LLCRegistration Level:Conference Pass
11:15 am - 12:00 pmLocation / Room: WindhavenTwo-thirds of all major data breaches can be traced to an external third party of some kind. In addition, more and more regulations are focusing on third parties, as well. Business partners, suppliers, service providers, auditors, consultants, outside counsel firms, and more all add to a company’s cyber and compliance risk. Effectively assessing and managing these third-party risks is now more important than ever.
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)12:00 pmAdvisory Council LUNCH Round Table - (VIP / Invite Only)Topic: Zero Trust, What’s the Big Deal?Registration Level:VIP / Exclusive
12:00 pm - 1:00 pmLocation / Room: Spring GladeThis session is for Advisory Council members only.
12:15 pm[LUNCH KEYNOTE] Why Teams, Strategies, and Processes Are Essential for Managing Cyber RiskCo-Chair, Data Privacy & Cybersecurity Practice, Spencer Fane LLPRegistration Level:Open Sessions
12:15 pm - 1:00 pmLocation / Room: Keynote TheaterIn twenty years of practicing cyber law, Shawn Tuma has seen a multitude of real-world cybersecurity and data breach cases. He will share his experience on:
· Why cybersecurity is an overall business risk that must be properly managed to comply with laws and regulations
· Why strategic leadership is critical in cybersecurity
· Why teams are critical for cybersecurity and are affected by personalities and psychology
· How to prioritize limited resources to effectively manage the most likely real-world risks
· How to achieve reasonable cybersecurity
· Why cyber insurance is a critical component of the cyber risk management process1:15 pm[Panel] Shifting Landscape of Attack VectorsRegistration Level:Open Sessions
1:15 pm - 2:15 pmLocation / Room: Keynote TheaterIf one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
Panelists:
Luis Rodriguez, Mimecast
Peter Tomaszewski, PSG Consults
Matt Rose, Checkmarx
Chris Mears, InTouch Health
Moderator: Tad Dickie2:15 pmConference Break / Exhibitor Product DemonstrationRegistration Level:Open Sessions
2:15 pm - 3:00 pmLocation / Room: SecureWorld Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
2:30 pmDash for Prizes & CyberHuntRegistration Level:Open Sessions
2:30 pm - 2:45 pmLocation / Room: SecureWorld Exhibitor FloorBe sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win
3:00 pmCompliance Strikes AgainPresident , (ISC)2 Dallas/Fort Worth ChapterRegistration Level:Conference Pass
3:00 pm - 3:45 pmLocation / Room: FairviewMany organizations are struggling to implement cyber security. There are several factors causing these shortcomings. Where is your company maturity level?
3:00 pmTime to Get Re-Married: Turns Out, Privacy and Cybersecurity Are Still in Love!Chairwoman, CEO & President, Minorities in Cybersecurity, Inc.Registration Level:Conference Pass
3:00 pm - 3:45 pmLocation / Room: Northbrook 1Cybersecurity and privacy have been divorced for some time now, with organizations splitting responsibilities: cyber/information security responsibilities lie with the technical teams, and privacy generally resides with the legal teams. Unfortunately, this split has been disastrous, mostly for the general public! In this session, we will discuss how forward thinking companies are re-marrying their cybersecurity and privacy programs to create a more holistic plan for data security and privacy—hopefully, to live happily ever after.
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)
- ACPBooth: 180
ACP is the premier organization for business continuity professionals providing a powerful networking and learning environment for ACPits members. Known for its progressive programs, workshops and symposiums, the organization has become a unifying force in defining and leading the continuously evolving fields of business continuity, disaster recovery, and emergency response (the “profession”). The Organization is strategically aligned with business partners such as DRI International, and BC Management, as well as our corporate sponsors. With a strong presence in North America, ACP has 42 chapters and over 2,300 members. We welcome all individuals, regardless of experience or certification, with an interest in the Profession.
Founded in 1983, we are an established community of industry experts, educators, practitioners, leaders, facilitators and advocates. Our members view us as connectors and as a vital networking source.
- AgariBooth: 500
Agari is transforming the legacy Secure Email Gateway with its next-generation Secure Email Cloud powered by predictive AI. Leveraging data science and real-time intelligence from trillions of emails, the Agari Identity Graph™ detects, defends and deters costly advanced email attacks including business email compromise, spear phishing and account takeover.
- <Booth: 545
- Checkmarx Inc.Booth: 130
Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.
- Cloud Security Alliance (CSA)Booth: 710
The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.
- CobaltBooth: 800
Cobalt’s Pentest as a Service (PtaaS) platform is modernizing traditional pentesting. By combining a SaaS platform with an exclusive community of testers, we deliver the real-time insights you need to remediate risk quickly and innovate securely.
- Comodo CybersecurityBooth: 810
In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.
- CorelightBooth: 830
Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com
- EC-CouncilBooth: 700
International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.
- EgnyteBooth: 850
Egnyte is the only secure content platform that is designed specifically for business. Egnyte provides teams with secure file sharing capability and access to content delivered at hyper-speed, regardless of file size, location, device or bandwidth. More than 15,000 of the world’s most demanding and regulated businesses in more than 120 countries around the globe trust Egnyte to manage their content on the cloud.
- enSiloBooth: 645
enSilo protects businesses around the world from data breaches and disruption caused by cyber attacks. The enSilo Endpoint Security Platform comprehensively secures endpoints in real-time pre- and post-infection without alert fatigue, excessive dwell time or breach anxiety while also containing incident response costs by orchestrating automated detection, prevention and incident response actions against advanced malware. enSilo’s patented approach stops advanced malware with a high degree of precision, provides full system visibility and an intuitive user interface and combines next-generation antivirus (NGAV), application communication control, automated endpoint detection and response (EDR) with real-time blocking, threat hunting, incident response, and virtual patching capabilities in a single agent. The platform can be deployed either in the cloud or on-premises and supports multi-tenancy.
- ForgeRock / Ping IdentityBooth: 540
ForgeRock is a global leader in digital identity that delivers modern and comprehensive identity and access management solutions for consumers, employees, and things to simply and safely access the connected world. Using ForgeRock, more than 1,300 global customer organizations orchestrate, manage, and secure the complete lifecycle of identities from dynamic access controls, governance, APIs, and storing authoritative data—consumable in any cloud or hybrid environment. The company is headquartered in San Francisco, California, with offices around the world.
For more information and free downloads, visit www.forgerock.com or follow ForgeRock on social media.
- Future ComBooth: 545
Future Com provides consulting services and products with a focus on cloud and cybersecurity solutions. We partner with our customers, working with them on everything from preventing the loss of electronic data to ground-up network design and implementation.
We deliver top technologies and provide customizable consulting services for the products we carry. We maintain the highest-level technical certifications and years of field experience in all aspects of networking and security.
- InfraGard North Texas Members AllianceBooth:
The primary purpose of the InfraGard North Texas Members Alliance is to assist in increasing the security of the United States national infrastructures through ongoing exchanges of information relevant to infrastructure protection and through education, outreach, and similar efforts. In addition to the benefits offered by the national InfraGard organization, there are several ways our local chapter accomplishes these objectives, including:
- Local quarterly membership meetings focused on infrastructure protection
- Sector-specific meetings and information exchanges (see Sector Chief Program).
- Partnerships and discounts to training offerings with other organizations such as ISSA and SecureWorld
- Networking opportunities with peers within and across all sectors
- IntSightsBooth: 640
IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the open, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world.
- ISC2 Dallas-Fort Worth ChapterBooth: 140
The Dallas-Fort Worth Chapter of ISC2 is based in the DFW area and serves the counties of the Dallas-Fort Worth Metroplex. Members include those with security certifications from ISC2 as well as other professionals practicing or interested in information, software and communications security. Our mission is to advance information security in the DFW area by providing our members and other security professionals with the opportunity to share knowledge, grow professionally, educate others, and collaborate on projects. Our chapter programs provide members a forum to facilitate the exchange of knowledge and ideas, development of leadership and professional skills, and advancement of information systems security. We also provide our members with access to a variety of industry resources and educational programs to keep them up to date with the latest advances in technology as well as information assurance.
- North Texas ISSABooth: 340
The Dallas/Fort Worth area has many large corporations, government organizations, and educational institutions. Our membership comes from the network and information systems professionals of these organizations and institutions, as well as vendors of security products. We seek to provide our members with access to information and resources to assist their employers in securing critical information resources. Our monthly luncheon meetings, conferences, and other resources are available to members and non-members alike to assist in educating security practitioners of all types.
- ISSA Fort WorthBooth: 600
The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. Learn more at the ISSA, International website. The Fort Worth Chapter of ISSA brings all of the benefits of International membership, along with opportunities for experiencing great speakers, local networking, earning CPEs, job prospecting and more.
- Ixia, a Keysight BusinessBooth: 630
We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.
- Looking GlassBooth: 530
LookingGlass Cyber Solutions delivers unified threat protection against sophisticated cyber attacks to global enterprises and government agencies. Our comprehensive portfolio prioritizes relevant and timely insights enabling customers to operationalize threat intelligence across the entire cyber attack lifecycle.
- MimecastBooth: 510
Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.
- RIMSBooth: 160
The Dallas Fort Worth RIMS Chapter is among the largest most active chapters in the world, making a global and local difference regarding the importance of Risk Management.
- Security InnovationBooth: 100
For almost two decades, global clients have trusted Security Innovation to help them learn how to defend software applications and sensitive data from cyber-threats and attacks. We understand the challenges facing today’s enterprise, where reputation and customer trust is on the front lines. That’s why we continually work to discover and overcome the latest security threats with our Centers of Excellence, and integrate this knowledge into every training and assessment solution we deliver.
- SpearTipBooth: 840
SpearTip is an advisory firm consisting of industry leading professionals providing their expertise and offering of a full range of security services, to include unconflicted advisory services to Corporate Counsels and Chief Executives.
- TechTargetBooth:
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- ThalesBooth: 860
As the global leader in cloud and data protection, we help the most trusted brands and largest organizations in the world protect their most sensitive data and software, secure the cloud and achieve compliance through our industry-leading data encryption, access management, and software licensing solutions.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Mary ChaneyChairwoman, CEO & President, Minorities in Cybersecurity, Inc.
Mary N. Chaney, Esq., CISSP, CIPP/US has over 30 years of experience in Information Security, Privacy and Risk Management. She graduated from Xavier University with a B.S.B.A in Information Systems and became a licensed attorney in the State of Texas in 1999 after obtaining her J.D. from Texas Southern University - Thurgood Marshall School of Law.
Ms. Chaney began her career journey by serving as a Special Agent for the FBI in Los Angeles before transitioning into executive level information security and privacy roles for GE Capital, J&J, Comcast, and Esperion Therapeutics.
Ms. Chaney is the Chairwoman, CEO and President of Minorities in Cybersecurity, Inc. which focuses on support, leadership, and career development for women, non-binary and other minorities in cybersecurity and the Founder and CEO of its subsidiary MiC Talent Solutions, Inc. which focuses on placement of underrepresented talent.
Ms. Chaney developed MiC and MiC Talent to create an ecosystem where underrepresented cybersecurity professionals can start, build, and grow their career, in addition to providing job opportunities from organizations vested in their success.
- Calvin NoblesCybersecurity Policy Fellow, New America Think Tank, New America
Dr. Nobles is a Cybersecurity Scientist and practitioner with more than 25 years of experience. He teaches cybersecurity at several universities. He recently retired from the Navy and is currently employed in the Financial and Services Industry. Dr. Nobles is a Cybersecurity Policy Fellow with the New America Think Tank. He authored a book on the integration of technologically advanced aircraft in general aviation. His personal story is featured in the book, Black Men Changing the Narrative Through Education. Dr. Nobles serves as Chairman, of a Cybersecurity Technology Advisory Board and on the Intelligence and National Security Alliance Cyber Council. He has fulfilled various executive-level positions as a cybersecurity professional.
- Jeff WilburTechnical Director, Online Trust Alliance, Internet Society
Jeff Wilbur is the Technical Director of the Internet Society’s Online Trust Alliance. He is responsible for integrating, developing, and extending the OTA initiative within the Internet Society’s overall mission and objectives. He has over 25 years of experience in high technology, all focused on bringing new, industry-transforming communications technologies to market. He has been involved at the founding stages of Ethernet, routing, switching, VOIP, unified messaging, and email authentication and services in both startups and Fortune 500 companies. Jeff has a technical and business background with a Master’s Degree in Engineering from Stanford.
- Bill MeredithCloud Security Engineer, Charles Schwab
Bill Meredith has over 25 years of experience designing, implementing, and supporting IT solutions for large enterprises, of which 10 years have been in the cybersecurity area. He is a cybersecurity professional with experience across a diverse set of cyber domains and industries such as Cloud Security, Financial, Forensics Investigation, Technology, Industrial, Commercial Web, Consumer Retail, Product Distribution, Shipping Logistics, and Manufacturing. Bill has a Bachelor's degree in Accounting, a Bachelor's degree in Computer Information Systems, and a MBA from the University of Louisville. He currently holds the CISSP, CCSP, CCSK, and AWS Cloud Practitioner certifications.
- Patrick Benoit, ModeratorCISO, Brink's Inc.
Patrick was previosuly the Global Head of Cyber Governance, Risk, and Compliance / Business Information Security Officer for CBRE. He was formerly the Deputy CISO for Cheetah Digital. He has been an Executive Business Partner at Experian; a Customer Delivery Executive and Service Delivery Leader at Dell; and owned a technology consulting company. He is a highly effective Business Leader with a mastery of Technology and Security. He is also a Writer, Speaker, and a continuous Mentor/Advisor and Learner. He has demonstrated repeated success guiding business strategy to achieve maximum positive business impacts with minimum resource expenditures. Talented at building and launching global technology and security programs, grooming high-performing teams across all domains, plus guiding the digital transformation, enhancing the digital customer experience, driving and enhancing revenue using technology and reducing risk to the business. A skilled executive leader, presenter, negotiator, and businessperson, able to forge solid relationships with strategic partners and build consensus across multiple organizational levels.
He is certified as C/CISO, CISM, CISSP, CRISC, PMP, ITIL Expert, and Lean Six Sigma Black Belt. He is a pilot and flight instructor. He studies and teaches Aikido, rides motorcycles, and his favorite teaching is “From Chaos Comes Greatness,” a loose translation from the “I Ching."
- Christopher McMahonSpecial Agent, Global Investigative Operations Center, United States Secret Service
Chris McMahon is a Special Agent for the United States Secret Service. Prior to joining the Secret Service, Chris was a Prince George’s County, MD Police Officer. Chris is a well-seasoned criminal investigator specializing in cyber-enabled financial fraud, money laundering, credit card/ID fraud among other crimes. Chris began his Secret Service career out of the New York Field Office spending time between the Fraud Squad and Electronic Crimes Task Force where he earned the designation NITRO Agent for specialized training in network intrusions. While in the New York Field Office, Chris ran point on several large-scale multi-national criminal investigations targeting transnational organized crime groups. Chris is currently assigned to the U.S. Secret Service, Global Investigative Operations Center (GIOC) where he specializes in Business Email Compromise schemes and account takeovers focusing on the international nexus of cyber-enabled financial crime.
- Bill MeredithCloud Security Engineer, Charles Schwab
Bill Meredith has over 25 years of experience designing, implementing, and supporting IT solutions for large enterprises, of which 10 years have been in the cybersecurity area. He is a cybersecurity professional with experience across a diverse set of cyber domains and industries such as Cloud Security, Financial, Forensics Investigation, Technology, Industrial, Commercial Web, Consumer Retail, Product Distribution, Shipping Logistics, and Manufacturing. Bill has a Bachelor's degree in Accounting, a Bachelor's degree in Computer Information Systems, and a MBA from the University of Louisville. He currently holds the CISSP, CCSP, CCSK, and AWS Cloud Practitioner certifications.
- Moderator--Bill WhiteDevOps Revolutionary - Information Security, State Farm
Bill is an Information Security professional with 30 years’ experience in IT, Fraud investigation, Information Security, and Risk Assessment processes. He is a member of the team responsible for Information Security architectural at a Fortune 50 company. He started as a bench technician while learning his way up to Information Security Management. Bill is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Controls (CRISC) and a GIAC Certified Python Coder. (GPYC).
- Calvin NoblesCybersecurity Policy Fellow, New America Think Tank, New America
Dr. Nobles is a Cybersecurity Scientist and practitioner with more than 25 years of experience. He teaches cybersecurity at several universities. He recently retired from the Navy and is currently employed in the Financial and Services Industry. Dr. Nobles is a Cybersecurity Policy Fellow with the New America Think Tank. He authored a book on the integration of technologically advanced aircraft in general aviation. His personal story is featured in the book, Black Men Changing the Narrative Through Education. Dr. Nobles serves as Chairman, of a Cybersecurity Technology Advisory Board and on the Intelligence and National Security Alliance Cyber Council. He has fulfilled various executive-level positions as a cybersecurity professional.
- Dominick FrazierProgram Manager, Security Learning & Awareness, Meta
Dominick Frazier is a security professional with over 13 years of security experience with his current role being in Information Technology/Cyber-Security. In his current role he serves as the Security Awareness & Communication Manager responsible for the conversation around security between technical and non-technical teams, which extends to both employees and clients. Given his tenure in security, he has robust knowledge of the information technology and physical security sector including applicable regulations and frameworks.
- Book Signing
- Paola SaibenePrincipal, Teknion Data Solutions
Paola Saibene has been a technologist for 26 years, having held multiple C-suite roles (CIO, CTO, CSO) in large, global organizations, having received national awards in innovation and cybersecurity, and having led thousands of her own team members to fulfill business missions, and thrive despite constraints. She has also worked as a Data Privacy Officer and as a VP of Enterprise Risk Management. Paola blends innovation, digital transformation, strategy, growth, security, privacy, risk, compliance, and governance into an ecosystem of high resiliency and strength, especially as it pertains to data and its valuation process. Presently, Paola leads the Data Governance Practice at Teknion Data Solutions and teaches at Georgetown University (Information Security Master’s Program), Dallas Baptist University (Digital Risk Management Program), and the ENAE University in Spain (Master’s in Data Science ). Her curriculum across universities is built on data seen from a “Governance by Design” approach, infused with Cybersecurity, Data Privacy, Digital Ethics, Enterprise Risk Management, and Information Security Law. She is also the co-author of the “CISO Mentor”.
- Ian SchnellerCISO, Health Care Service Corporation
A 20+ year information security veteran, Ian has served in many leadership positions to include CIO/CISO. Ian also led a multi-billion dollar mission charged with developing and operating advanced cyber capabilities for the Undersecretary of Defense (Intelligence), the DoD Chief Information Officer, and the Secretary of the Air Force. In this role he led high impact global teams and advised the US Congress and Executive Branch, resulting in a coordinated, funded national approach to resolve the highest cyber concerns of Government leadership. In the financial sector, Ian has led strategic capabilities to protect critical infrastructure from cyber-attack.
- Dominick FrazierProgram Manager, Security Learning & Awareness, Meta
Dominick Frazier is a security professional with over 13 years of security experience with his current role being in Information Technology/Cyber-Security. In his current role he serves as the Security Awareness & Communication Manager responsible for the conversation around security between technical and non-technical teams, which extends to both employees and clients. Given his tenure in security, he has robust knowledge of the information technology and physical security sector including applicable regulations and frameworks.
- Mark GelhardtCIO, Georgia State Defense Force, Former CIO, The White House
Colonel Gelhardt, at the pinnacle of his military career was selection to work at The White House as the CIO, supporting President Clinton, the VP, the White House Staff, and the U.S. Secret Service managing all the classified automation and telecommunications. Colonel Gelhardt is a combat veteran. Colonel Gelhardt is a well-known speaker and the author of “My time at the Clinton White House”. Since retiring from active service, Colonel Gelhardt has volunteer with many different service organizations. Currently he is the Chief Information Officer for the Georgia State Defense Force and all volunteer force keeping your state safe.
- Paola SaibenePrincipal, Teknion Data Solutions
Paola Saibene has been a technologist for 26 years, having held multiple C-suite roles (CIO, CTO, CSO) in large, global organizations, having received national awards in innovation and cybersecurity, and having led thousands of her own team members to fulfill business missions, and thrive despite constraints. She has also worked as a Data Privacy Officer and as a VP of Enterprise Risk Management. Paola blends innovation, digital transformation, strategy, growth, security, privacy, risk, compliance, and governance into an ecosystem of high resiliency and strength, especially as it pertains to data and its valuation process. Presently, Paola leads the Data Governance Practice at Teknion Data Solutions and teaches at Georgetown University (Information Security Master’s Program), Dallas Baptist University (Digital Risk Management Program), and the ENAE University in Spain (Master’s in Data Science ). Her curriculum across universities is built on data seen from a “Governance by Design” approach, infused with Cybersecurity, Data Privacy, Digital Ethics, Enterprise Risk Management, and Information Security Law. She is also the co-author of the “CISO Mentor”.
- KC ConditCISO, G6 Hospitality, LLC
KC Condit has been an information security practitioner and IT leader for 30 years with a diverse resume including hospitality, financial services, retail, and private, post-secondary education. He is currently the CISO for G6 Hospitality, LLC, and is responsible for information security, data privacy, IT risk management, and IT compliance for the Motel 6 and Studio 6 brands in the U.S. and Canada along with the Hotel 6 brand in India. Since 2011, KC has made 3rd party risk management an area of particular focus, developing low-cost approaches and creative, risk-based solutions.
- Ian SchnellerCISO, Health Care Service Corporation
A 20+ year information security veteran, Ian has served in many leadership positions to include CIO/CISO. Ian also led a multi-billion dollar mission charged with developing and operating advanced cyber capabilities for the Undersecretary of Defense (Intelligence), the DoD Chief Information Officer, and the Secretary of the Air Force. In this role he led high impact global teams and advised the US Congress and Executive Branch, resulting in a coordinated, funded national approach to resolve the highest cyber concerns of Government leadership. In the financial sector, Ian has led strategic capabilities to protect critical infrastructure from cyber-attack.
- Abhijit SolankiFounder & Managing Director, Whiteboard Venture Partners
Abhijit Solanki is the founder of Whiteboard Venture Partners, an early stage venture capital firm helping entrepreneurs achieve their whiteboard dreams.
- Robert WaldenChief Information Officer, Epsilon
Robert Walden is the Chief Information Officer at Epsilon where he is responsible for cybersecurity, data center and public cloud infrastructure services, and network services. Additionally, Robert is responsible for providing all IT workplace services for a global user base. Robert has been delivering business value through technology for over 15 years, with a broad background in Information Technology that covers financial services, manufacturing, retail, consulting, and marketing services with an emphasis on IT strategy and digital transformation. Prior to joining Epsilon he served as a Managing Partner of K. Morrow Associates and was CIO of iPhotonix and TXP Corp. Previous to that he held roles at 7-Eleven, Inc. and Citigroup.
Throughout his career, Robert has focused on ensuring technology investments are maximized and drive better business outcomes by influencing organizations to be customer-centric, data-driven, and results-oriented. While he is passionate about data and technology, ultimately, he believes success is entirely dependent upon working with great people.
Robert lives in the Dallas area with his wife, two children, and their ever-present Pug. - Drew SimonisVP & Deputy CISO, Hewlett Packard Enterprise
Drew Simonis is a Vice President and serves as the Deputy CISO at Hewlett Packard Enterprise (HPE). He has worked in some of the largest and most complex environments in the public sector and the private sector with firms such as IBM, AT&T, EDS and Symantec. Prior to joining HPE, Drew spent 8 years as the CISO for Willis Group Holdings (now Willis Towers Watson). Insurance exposed Drew to formal risk management and analysis methodologies and is also where he began to develop an affinity for quantitative measurement of cyber risk as a better means to justify a security program and engage with business leadership. Drew has co-authored several books on security technology and architecture and articles on cyber organizational paradigms. Drew lives in North Texas and holds a Master of Science Degree in Computer Science from James Madison University.
- Anand SinghCISO, Alkami Technology
Dr. Anand Singh is an information security executive with a history of bridging the gap between IT and business. He has led significant enterprise transformations on behalf of Fortune 20 companies. He has also driven success of several early stage companies and has shaped Information Security industry in his illustrious career. He is currently Chief Information Security Officer (CISO) at Alkami Technology. Prior to this role, he was the CISO at Caliber Home Loans. He has also served in leadership functions at UnitedHealth Group and Target.
Dr. Singh is an adjunct faculty at Mitchell Hamline School of Law. He has a PhD in Computer Science from University of Minnesota and M.S. in Computer Science from Purdue University. Dr. Singh also holds CISM and CISSP professional certifications. He is an accomplished speaker and author with several notable keynotes and publications under his belt.
- Cindi CarterCISO & C-Suite Advisor, Check Point Software Technologies
Cindi Carter is a global, multi-industry Cybersecurity and Information Technology Executive who consistently seeks the optimal outcome for any endeavor. As a transformational leader from startups to enterprises, she excels at building cybersecurity practices in highly-regulated industries, turning strategic goals into actionable outcomes, and highly collaborative engagement across the organization for managing cyber risk.
At Check Point Software Technologies, Cindi is a Chief Information Security Officer in the Office of the CISO, leading Check Point's Healthcare Center of Excellence where human safety is essential to care.
Cindi is the founding President of Women in Security - Kansas City, was honored in SC Media magazine’s “Women to Watch in Cyber Security," and was also featured in Cybersecurity Venture’s book, “Women Know Cyber: 100 Fascinating Females Fighting Cybercrime.” She presents at conferences worldwide, holds several recognized IT, security, and project management certifications, and has a Master of Science degree in Information Technology.
- Diana HennelCTO, Catalyst Corporation Federal Credit Union
Diana Hennel is currently the Chief Technology Officer for Catalyst Corporate Federal Credit Union. In her role, Diana is responsible for the long-term strategic direction and implementation of technology strategy, security, and processes. She oversees the corporate’s network operations, technology development and information systems security. Diana attributes her success in the technology industry to her skills in building highly productive teams.
Diana joined Catalyst Corporate in 2017. She has 25 years of technology, security, and operations experience, including over eleven years in IT executive management. Prior to joining Catalyst, she served as VP of Delivery at Targetbase, a customer relationship management and analytics agency, and as the CIO/CTO of TMX Finance, a consumer specialty finance company with over 1150 stores. She has Fortune 50 and software development experience, as well as experience in monitoring organizations for security compliance.
Diana has a Bachelor of Science degree in math and computer science from Mount Union University and a Master of Science degree in computer science from the University of Illinois.
- Amna SiddiquiDirector, Security Management, Financial Investment Management Company
Amna Siddiqui is Director, Security Management, with a broad-based technology background and current experience in Cybersecurity and Technology Risk Management in the financial sector. She is knowledgeable in industry and regulatory frameworks and holds multiple certifications with most recent related to AWS.
- Tianne Strombeck, ModeratorAssociate Director, Network Security, Verizon
Tia Strombeck, MBA, CISSP, currently manages a risk management team focused on governance and cross-organizational programs. Tia has 20+ years experience in information security. She has focused on building cross-organizational relationships to help other business teams understand the importance and value of security initiatives. She has worked with the network teams to imbed security requirements into their new development and operating processes.
- Kelce WilsonGeneral Counsel, InfraGard North Texas
Kelce S. Wilson was in the U.S. Air Force, both active duty and reserves, retiring as a Lieutenant Colonel. He has a B.S., M.S. and PhD in electrical engineering, an M.B.A., a J.D., US PTO patent practitioner registration, and is a certified privacy professional with CIPP-US, CIPP-E, and CIPM. During his military and engineering career he worked in cryptography, radar and jamming, low observable (stealth) aircraft, and cybersecurity testing (white hat hacking). As an attorney, he has worked in patent litigation, licensing, and prosecution, and also privacy & security matters, including both breach prevention and response.
- Moderator--Bill WhiteDevOps Revolutionary - Information Security, State Farm
Bill is an Information Security professional with 30 years’ experience in IT, Fraud investigation, Information Security, and Risk Assessment processes. He is a member of the team responsible for Information Security architectural at a Fortune 50 company. He started as a bench technician while learning his way up to Information Security Management. Bill is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Controls (CRISC) and a GIAC Certified Python Coder. (GPYC).
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Mary ChaneyChairwoman, CEO & President, Minorities in Cybersecurity, Inc.
Mary N. Chaney, Esq., CISSP, CIPP/US has over 30 years of experience in Information Security, Privacy and Risk Management. She graduated from Xavier University with a B.S.B.A in Information Systems and became a licensed attorney in the State of Texas in 1999 after obtaining her J.D. from Texas Southern University - Thurgood Marshall School of Law.
Ms. Chaney began her career journey by serving as a Special Agent for the FBI in Los Angeles before transitioning into executive level information security and privacy roles for GE Capital, J&J, Comcast, and Esperion Therapeutics.
Ms. Chaney is the Chairwoman, CEO and President of Minorities in Cybersecurity, Inc. which focuses on support, leadership, and career development for women, non-binary and other minorities in cybersecurity and the Founder and CEO of its subsidiary MiC Talent Solutions, Inc. which focuses on placement of underrepresented talent.
Ms. Chaney developed MiC and MiC Talent to create an ecosystem where underrepresented cybersecurity professionals can start, build, and grow their career, in addition to providing job opportunities from organizations vested in their success.
- Happy Hour
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Mary ChaneyChairwoman, CEO & President, Minorities in Cybersecurity, Inc.
Mary N. Chaney, Esq., CISSP, CIPP/US has over 30 years of experience in Information Security, Privacy and Risk Management. She graduated from Xavier University with a B.S.B.A in Information Systems and became a licensed attorney in the State of Texas in 1999 after obtaining her J.D. from Texas Southern University - Thurgood Marshall School of Law.
Ms. Chaney began her career journey by serving as a Special Agent for the FBI in Los Angeles before transitioning into executive level information security and privacy roles for GE Capital, J&J, Comcast, and Esperion Therapeutics.
Ms. Chaney is the Chairwoman, CEO and President of Minorities in Cybersecurity, Inc. which focuses on support, leadership, and career development for women, non-binary and other minorities in cybersecurity and the Founder and CEO of its subsidiary MiC Talent Solutions, Inc. which focuses on placement of underrepresented talent.
Ms. Chaney developed MiC and MiC Talent to create an ecosystem where underrepresented cybersecurity professionals can start, build, and grow their career, in addition to providing job opportunities from organizations vested in their success.
- Eddie HoFormer CIO & COO, Los Alamos National Bank
Eddie Ho is the former COO and CIO for Los Alamos National Bank in New Mexico and CIO and CISO at OmniAmerican Bank in Texas. Prior to banking leadership roles, Eddie was in Technology Risk Management, cyber security, and Enterprise Architecture for IBM, Dell, Grant Thornton, and Blockbuster. Eddie is a board member for ePayAdvisors and is a frequent speaker for banking and finance industries. Eddie is the author of a network technology book and frequent contributor to industry publications. Eddie holds a BS from the University of Wisconsin, an MS in Computer Science from North Dakota State University, and holds CIPP, CISA, CISM, CGEIT, and CISSP certifications.
- Michael R. SmithSr. Information Systems Auditor, Parkland Health
Michael R. Smith, MBA, CISSP, CFE, CISA, CIA, PMP, ITIL, is a Healthcare Information Technology Professional with over thirty years of IT experience. Michael is a Sr. I.S. Auditor at Parkland in Dallas, Texas, specializing in performing information security assessments and audits focused around IT governance and regulatory compliance.
Industry Certifications, Licensure, & Training
Certified Information Security Specialist (CISSP)
Certified Internal Auditor (CIA)
Project Management Professional (PMP)
Certified Fraud Examiner (CFE)
Certified Information Systems Auditor (CISA)
Information Library Information Technology (ITIL) - James CarpenterCISO, Texas Scottish Rite Hospital for Children
James Carpenter is a Healthcare Information Technology & Security Professional with 20 years of IT leadership experience. James is currently the Director of Information Technology & Security for Texas Scottish Rite Hospital for Children in Dallas, Texas. Over the course of his career James has created and led healthcare information security teams and helped organizations successfully navigate the complex and ever-changing landscape of security and technology. James has been responsible for strategic design of information security programs, implementation of key enterprise information security technologies such as DLP, IDM/IAM, eDiscovery, MDM, and the teams and processes that support successful integration. James is a CISSP, CISM, and CISA and holds a Master’s degree in Strategic Leadership from Amberton University.
- Pedro Serrano, ModeratorSr. Security Architect, CDW
Pedro Serrano has over 35 years of experience managing and installing technical controls in networks around the world, 20 of those in military systems. Previously Pedro was a former CISO, Network Security for an integrated healthcare system as well as Security Architect for major Oil and Gas Exploration company, today he is CDW’s Senior Security Architect. He holds two postgraduates’ degrees one in Telecommunications Management and Computer Science and serves in the Board of Directors of The Information System Security Association (ISSA) chapter in Tulsa, and BSides Oklahoma. He also serves as an advisor to the Latino Leadership Institute and is a graduate from the Leadership Oklahoma program. Pedro holds the CISSP certification from ISC2.
- Mark NagielCISO, Supreme Lending
Mark is currently serving as the Chief Information Security Officer at Supreme Lending. Prior to Supreme Lending, Mark Served as the CISO at Prime Lending, Head of Information Security at MetroPCS (a T-Mobile division), VP of Information Technology and VP of Information Security at InCharge Institute, Head of NEC Information Security Consulting practice covering the US and the Caribbean. Prior to NEC, Mark co-founded Network Audit Systems, which was acquired by Armor Holdings, a NYSE global threat mitigation leader, where he served as a CTO. Prior experience included serving as the first Head of Information Security at Niagara Mohawk Power Corporation with responsibility for program development covering Corporate, Fossil, Hydro and Nuclear division protections. Mark is a graduate of State University of New York with a BS in Business Management and attanded the Harvard Business School Executive Education Program.
- Shawn E. TumaCo-Chair, Data Privacy & Cybersecurity Practice, Spencer Fane LLP
Shawn Tuma is an internationally recognized cybersecurity, computer fraud and data privacy law attorney, areas in which he has practiced for two decades. He is Co-Chair of Spencer Fane’s Data Privacy & Cybersecurity Practice where he regularly serves as cybersecurity and privacy counsel advising a wide variety of businesses ranging from small and mid-sized companies to Fortune 100 enterprises. Shawn has been named a Cybersecurity Law Trailblazer by the National Law Journal, SuperLawyers Top 100 Lawyers in DFW, and Best Lawyers in Dallas. He serves as the Practitioner Editor for Bloomberg Law’s Texas Privacy & Data Security Law, among many other activities.
- Pedro Serrano, ModeratorSr. Security Architect, CDW
Pedro Serrano has over 35 years of experience managing and installing technical controls in networks around the world, 20 of those in military systems. Previously Pedro was a former CISO, Network Security for an integrated healthcare system as well as Security Architect for major Oil and Gas Exploration company, today he is CDW’s Senior Security Architect. He holds two postgraduates’ degrees one in Telecommunications Management and Computer Science and serves in the Board of Directors of The Information System Security Association (ISSA) chapter in Tulsa, and BSides Oklahoma. He also serves as an advisor to the Latino Leadership Institute and is a graduate from the Leadership Oklahoma program. Pedro holds the CISSP certification from ISC2.
- Eddie HoFormer CIO & COO, Los Alamos National Bank
Eddie Ho is the former COO and CIO for Los Alamos National Bank in New Mexico and CIO and CISO at OmniAmerican Bank in Texas. Prior to banking leadership roles, Eddie was in Technology Risk Management, cyber security, and Enterprise Architecture for IBM, Dell, Grant Thornton, and Blockbuster. Eddie is a board member for ePayAdvisors and is a frequent speaker for banking and finance industries. Eddie is the author of a network technology book and frequent contributor to industry publications. Eddie holds a BS from the University of Wisconsin, an MS in Computer Science from North Dakota State University, and holds CIPP, CISA, CISM, CGEIT, and CISSP certifications.
- Jeremy RuckerData Privacy & Cyber Partner, Spencer Fane LLP
Jeremy Rucker leads businesses through the evolving and complex landscape of data privacy, security, and incident response. As a data privacy and cybersecurity attorney, Jeremy regularly counsels clients in all industries on the emerging federal, state, and international data laws and regulations, and also serves as a breach coach to guide organizations through national data breach notification processes and resultant regulator investigations.
Jeremy is a frequent speaker on data privacy and cybersecurity matters and is certified by the International Association of Privacy Professionals as a Privacy Law Specialist. Additionally, Jeremy holds double certifications as a Certified Information Privacy Professional for United States law (CIPP/US) and European law (CIPP/E); and a certification as a Certified Information Privacy Manager (CIPM – IAPP).
- Mark LangfordPrincipal Consultant, Aberfoyle Associates
Mark is the Founder and Principal Consultant at Aberfoyle Associates, a Plano based cybersecurity consulting firm. Mark is a Board Member of the North Texas ISSA, was recently inducted into Infragard, and is called upon periodically to speak at cybersecurity industry events. He holds a Bachelor’s Degree in Management from Clemson University and a Master's Degree in Telecommunications Management from Oklahoma State University.
- Dr. Jason EdwardsCybersecurity Regulatory Testing Lead, USAA
Jason Edwards has over 20 years of IT/Cybersecurity experience and currently works for USAA researching, developing and executing enterprise cybersecurity assurance testing. Jason is a 22-year veteran of the US Army and has served multiple tours of duty in Iraq, Afghanistan, and elsewhere. Jason is currently awaiting final approval for his doctoral dissertation in cybersecurity with a focus on ‘Regulatory Cybersecurity Testing of Large Financial Institutions.’ Jason and his family enjoy living in San Antonio and spending time outdoors. Jason is married to Selda, and they have 4 children, Michelle (21), Chris (19), Ceylin (9) and Mayra (7).
- KC ConditCISO, G6 Hospitality, LLC
KC Condit has been an information security practitioner and IT leader for 30 years with a diverse resume including hospitality, financial services, retail, and private, post-secondary education. He is currently the CISO for G6 Hospitality, LLC, and is responsible for information security, data privacy, IT risk management, and IT compliance for the Motel 6 and Studio 6 brands in the U.S. and Canada along with the Hotel 6 brand in India. Since 2011, KC has made 3rd party risk management an area of particular focus, developing low-cost approaches and creative, risk-based solutions.
- Shawn E. TumaCo-Chair, Data Privacy & Cybersecurity Practice, Spencer Fane LLP
Shawn Tuma is an internationally recognized cybersecurity, computer fraud and data privacy law attorney, areas in which he has practiced for two decades. He is Co-Chair of Spencer Fane’s Data Privacy & Cybersecurity Practice where he regularly serves as cybersecurity and privacy counsel advising a wide variety of businesses ranging from small and mid-sized companies to Fortune 100 enterprises. Shawn has been named a Cybersecurity Law Trailblazer by the National Law Journal, SuperLawyers Top 100 Lawyers in DFW, and Best Lawyers in Dallas. He serves as the Practitioner Editor for Bloomberg Law’s Texas Privacy & Data Security Law, among many other activities.
- Mary ChaneyChairwoman, CEO & President, Minorities in Cybersecurity, Inc.
Mary N. Chaney, Esq., CISSP, CIPP/US has over 30 years of experience in Information Security, Privacy and Risk Management. She graduated from Xavier University with a B.S.B.A in Information Systems and became a licensed attorney in the State of Texas in 1999 after obtaining her J.D. from Texas Southern University - Thurgood Marshall School of Law.
Ms. Chaney began her career journey by serving as a Special Agent for the FBI in Los Angeles before transitioning into executive level information security and privacy roles for GE Capital, J&J, Comcast, and Esperion Therapeutics.
Ms. Chaney is the Chairwoman, CEO and President of Minorities in Cybersecurity, Inc. which focuses on support, leadership, and career development for women, non-binary and other minorities in cybersecurity and the Founder and CEO of its subsidiary MiC Talent Solutions, Inc. which focuses on placement of underrepresented talent.
Ms. Chaney developed MiC and MiC Talent to create an ecosystem where underrepresented cybersecurity professionals can start, build, and grow their career, in addition to providing job opportunities from organizations vested in their success.

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes