googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Tuesday, November 2, 2021
    9:00 am
    [PLUS Course] Developing a Comprehensive Ransomware Plan
    • session level icon
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm

    Ransomware is a type of malicious software cyber actors use to deny access to systems or data. The malicious cyber actor holds systems or data hostage until the ransom is paid. After the initial infection, the ransomware attempts to spread to shared storage drives and other accessible systems. If the demands are not met, the system or encrypted data remains unavailable, or data may be deleted.

    The impact of the Colonial Pipeline hack on millions of homes and businesses is a sobering reminder of the way ransomware can paralyze essential infrastructure. Sadly, this strategy seems to be paying off for some hacking groups, as they see their success in payouts and financial value increasing—with multi-million-dollar payouts now the new normal. Many of these at-risk industries have made the decision that ransom payment is the best of a bad set of options available to them.

    Malicious actors continue to adjust their ransomware tactics over time, to include pressuring victims for payment by threatening to release stolen data if they refuse to pay, and publicly naming and shaming victims as secondary forms of extortion. Malicious actors engage in lateral movement to target critical data and propagate ransomware across entire networks. These actors also increasingly use tactics, such as deleting system backups, that make restoration and recovery more difficult or infeasible for impacted organizations.

    This class will focus on how organizations should handle:

    • Part 1: Preparation for ransomware attacks
    • Part 2: Mapping recent ransomware attacks to the MITRE ATT&CK Framework
    • Part 3: Protection against ransomware attacks
    • Part 4: Detection and analysis of ransomware attacks
    • Part 5: Containment and eradication of ransomware attacks
    • Part 6: Recovery and post-incident activity—ransomware response checklist
    • Part 7: Review, summary, and next steps
    9:00 am
    [PLUS] How to Build and Maintain a Game-Changing Security Awareness Program that Measures Success
    • session level icon
    speaker photo
    CSO, Security Mentor; Former CISO, State of Michigan
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories

    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan

    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program

    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start over or tweak the plan? What strategies work to get executive buy-in? What are you missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q&A, and several successful toolkits are covered.

  • Wednesday, November 3, 2021
    7:30 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:30 am - 4:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 3:30 pm
    Location / Room: SecureWorld Exhibit Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    Advisory Council Roundtable Breakfast – (VIP / Invite only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:30 am
    Location / Room: Spring Glade

    This roundtable discussion is for our Advisory Council members only.

    8:30 am
    OPENING KEYNOTE
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Keynote Theater
    9:15 am
    Networking Break
    Registration Level:
    9:15 am - 9:45 am

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    9:45 am
    Let's Stop Admiring the Human Factor Problem in Cybersecurity
    • session level icon
    Registration Level:
    • session level iconConference Pass
    9:45 am - 10:15 am
    Ninety-five percent of all cyber-attacks are human enabled. Organizations continue to fail at addressing human factors in cybersecurity due to a lack of education and appreciation for human factors as a science. With the increasing spending on technology to safeguard organizations’ critical networks, systems, and data, cybercriminals are circumventing defense-in-depth architectures to target humans, the weakest link. An existing fallacy is that technology will prevent data breaches, ransomware attacks, or cyber-attacks. In fact, integrating new technology creates unintended consequences that increase vulnerabilities. These technologically-induced vulnerabilities are human-enabled highlighting a lack of appreciation for human factors in cybersecurity–let’s reduce human-enable errors
    9:45 am
    Fortifying Your Enterprise in a Changing Security and Privacy Landscape
    • session level icon
    Registration Level:
    • session level iconConference Pass
    9:45 am - 10:15 am
    Location / Room: Sunnyslopoe

    Recent multi-million dollar sanctions for data breaches show that businesses cannot afford to be lax on privacy and security. However, the latest Internet Society studies have found that for many companies, these safeguards are severely lacking. What may start as a simple oversight can soon manifest into a potential security and financial nightmare for businesses. Embracing best practices when safeguarding user data is critical for companies to not only retain customers, but to protect themselves from the growing legal liability they could face.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    9:45 am
    Who Is Responsible for Security in the Cloud?
    • session level icon
    Registration Level:
    • session level iconConference Pass
    9:45 am - 10:15 am

    Examine some of the data exposure incidents over the past two years as a result of the misconfiguration of cloud resources, including recent data exposures. Will look at the specific nature of cloud misconfiguration issues, examine the areas of responsibility between cloud providers and their customers, and will offer a number of high-level suggestions on how to prevent or avoid such issues as organizations adopt cloud computing in their businesses.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    10:15 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 10:45 am
    Location / Room: SecureWorld Exhibitor Floor

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    10:45 am
    Lessons from Emergency Response for IT and Cybersecurity
    • session level icon
    speaker photo
    Program Manager, Cyber Readiness Center, Texas A&M Engineering Extension Service
    Registration Level:
    • session level iconConference Pass
    10:45 am - 11:15 am

    For years, Information Technology and Cybersecurity departments within organizations have been struggling to develop plans and procedures for mitigating, responding to, and recovering from cybersecurity events. Although some strides have been made at the federal and state government level to integrate cybersecurity into the “all hazards approach” to incident management, many organizations outside of traditional emergency management are hard pressed to develop incident response, recovery, and mitigation/preparedness procedures.

    In this presentation, Andrew Jarrett will discuss a brief history of NIMS/ICS, federal and state doctrine that has been developed to coordinate cybersecurity incident response in the public sector, and how organizations in both the public and private sector can implement a model inspired by the core tenants of incident command and other lessons in emergency response to manage cybersecurity risk and organize for the response and recovery from cybersecurity disasters.

    10:45 am
    (ISC)2 Chapter Meeting: Open to All Attendees
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am
    10:45 am
    The Fluid Ecosystem of Risk Management
    • session level icon
    Registration Level:
    • session level iconConference Pass
    10:45 am - 11:15 am

    Join us to continue to hone in the skill of reducing the fragmented efforts of digital, strategic, and operational risk management. Frameworks, methodologies, and controls are essential, but they are just not enough in a digital-native, disruptive-intensive society.
    Presentation Level:
    MANAGERIAL (security and business leaders)

    11:15 am
    Networking Break
    Registration Level:
    11:15 am - 11:45 am

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    11:45 am
    Non-Traditional InfoSec Challenges: Risks and Protection Strategies
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:45 am - 12:15 pm
    In this presentation, we will first explore a set of commonly used technologies that may not be closely examined as part of traditional information security programs. However, they likely introduce critical risks via open apertures allowing for unauthenticated inputs by anonymous users. In this presentation, I will show you examples of how to identify assets and uncover vulnerabilities using new perspectives in this increasingly-connected world. Heavily based upon lessons learned from a 20+ year cyber career in the public sector, this presentation will provide new strategies through exciting examples that will shape how you interpret additional technologies around you and design security controls to uplift your defenses.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    11:45 am
    Piloting Through Cybersecurity
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:45 am - 12:15 pm
    Location / Room: Fairview

    Piloting through Security – Using pilot skills and techniques to secure your world against cyber threats.

    • Use Checklists – Develop both Emergency and Normal operations checklists and then use those to develop standard operating procedures.
    o Runbook development
    o Incident Management guide and artifact
    o Change Management guide and artifact
    • Fly the Plane! Secure the Environment! – During an incident don’t get distracted by finding the cause. Secure the environment first. Then when its safe do the research.
    • PAVE: A Personal Minimums Checklist for Risk Management
    o Personal – I ‘M SAFE (Illness, Medication, Stress, Alcohol, Fatigue, Emotion)
    o Aircraft (Infrastructure, apps, and tools)
    o Environment (Situational Awareness)
    o External Pressures (Customers, Executive Leadership, Board, regulators)
    • “Flying is hours and hours of boredom sprinkled with a few seconds of sheer terror” – Pappy Boyington
    o Don’t let repetition lull you into a sense of complacency with your security program.
    • Spatial Disorientation and trusting your instruments
    o Cross-check your tools to confirm what they are saying
    o Trust what your tools are telling you
    • Big Sky Theory – Two randomly flying bodies (little airplanes) are very unlikely to collide, as the three-dimensional space is so large relative to the bodies.
    • Situational Awareness “See and Be Seen”, “See and Avoid”
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    11:45 am
    Ransomware Incident Command and Lessons Learned for Managers
    Registration Level:
    11:45 am - 12:15 pm

    This presentation presents a practical approach to incident command for managers at all levels, irrelevant of cyber expertise. Managers of all types are asked to take charge in critical situations and can benefit from leveraging proven crisis management processes during ransomware response.

    12:20 pm
    [Keynote] Cyber Insurance: Driving the Future of Cybersecurity Improvements
    • session level icon
    speaker photo
    Co-Chair, Data Privacy & Cybersecurity Practice, Spencer Fane LLP
    Registration Level:
    • session level iconOpen Sessions
    12:20 pm - 1:15 pm
    Location / Room: Keynote Theater

    What will drive the next big wave of information security improvements at U.S. organizations? Instead of regulation, it may be insurance. A two-pronged evolution is underway. Insurance policies are suddenly becoming more prescriptive for organizations, often requiring companies meet certain cybersecurity benchmarks before a policy can be written. At the same time, “InsureTech” is emerging on the scene. This involves a new breed of insurance company that provides cyber coverage and also scans the insured’s environment to constantly monitor for IT and cyber risk. Join this keynote panel as we discuss this evolution and look at future impacts of cyber insurance on security leaders and their teams.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    1:15 pm
    Networking Break
    Registration Level:
    1:15 pm - 1:30 pm

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    1:30 pm
    [Panel] Cloud: Power and Peril
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:30 pm - 2:15 pm
    Location / Room: Keynote Theater

    We are making history now, in the cloud. Organizations are utilizing cloud at record levels, revealing its power like never before. However, much of this shift was forced, and fast, which increased risk. And attackers are shifting, too. Join this panel as we unpack the power of the cloud and also its peril: current challenges, threats, and pitfalls.

    1:30 pm
    [Panel] Third-Party Risk: Managing Your Partners
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:30 pm - 2:15 pm

    At any given moment, a company could take a snapshot of its risk and stay busy trying to seal up all of its own holes (or accept them for what they are) in security. But what about the businesses that support you? How do you know that Fred’s band has a secure API for its clients? Does ACME really need access to our HR files? Why do we keep getting old invoices from ABC Parts Company? Dive into third-party risk, networking security with a focus on data exfiltration, and how Zero Trust could eliminate this costly issue.

    1:30 pm
    Insider Threats: A Multi-Pronged Approach to Protecting Your Organization
    • session level icon
    Registration Level:
    • session level iconConference Pass
    1:30 pm - 2:15 pm
    Insider threats are a real danger and cannot be overlooked. While deploying the latest secure system to fight against cyber threats is a decent strategy, you must also implement an effective insider threat system for an overall cybersecurity solution. An insider threat program cannot be brought off the shelf, but is a continuous process to identify and detect an incident as it occurs.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    2:15 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 2:30 pm
    Location / Room: SecureWorld Exhibitor Floor

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    2:30 pm
    Hey, Information Security: Be Part of the Digital Transformation or Be Left Behind!
    • session level icon
    Registration Level:
    • session level iconConference Pass
    2:30 pm - 3:00 pm
    “Digital transformation” (Dx) as a buzzword may be approaching the end of its life, but the fundamental concept—continuously improving the use of technology and data to provide value to customers—is real and critical to the survival of businesses. If information security teams don’t evolve to deliver the same Dx value and benefits to our organizations, then we risk losing our “customers” to intentional circumvention or preference for shadow IT providers. Make sure your information security team provides the core Dx attributes to your organization to cultivate value, loyalty, and trust.

    Join this session to learn how you can:
    •  Embed security into your culture, technologies and processes
    •  Empower innovation and expedite time-to-market through consistent security risk governance
    •  Assess the impacts, goals and methods of likely cyber attacks and incidents
    •  Align IT and security professionals with business objectives and risk tolerance
    •  Prepare now for effective detection and response to reduce business impacts of incidents

    Presentation level: MANAGERIAL (security and business leaders)

    2:30 pm
    [Panel] Knowledge Is Power: Women in Cybersecurity
    • session level icon
    Registration Level:
    • session level iconConference Pass
    2:30 pm - 3:00 pm

    It is often said that true knowledge must be gained through experience; either through one’s own life or through others. Join this opportunity to hear from women who bring perspectives from diverse industries (retail, financial, healthcare, utilities) as they share their different experiences as women living the information security career journey.

    2:30 pm
    InfraGard Chapter Meeting and Presentation - Open to all Attendees
    • session level icon
    Topic: When Does a Data Theft Incident Qualify as a Reportable Data Breach?
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 3:00 pm
    Location / Room: Keynote Theater

    Join InfraGard for their chapter meeting and guest presentation. This opportunity is open to all attendees.
    Presentation:
    Upon discovering that a data theft incident has occurred, a significant question arises: Is there an obligation to report the data theft incident, to victims and authorities, as a data breach? The “encryption exception” that is within the GDPR and many US laws indicates that if the data was encrypted when stolen, there has not been a breach and so reporting is not required. This presentation will provide an alternative view: for example, seven different ways that encrypted data may be compromised will be presented. Only by eliminating all seven as possibilities, should you rely on the “encryption exception.”
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    2:30 pm
    Securing the Public Cloud: Automation
    • session level icon
    Registration Level:
    • session level iconConference Pass
    2:30 pm - 3:00 pm

    The largest cause of publicly disclosed security breaches in cloud environments continues to be poor security hygiene. Public cloud adoption is expanding at a mammoth pace. The absence of a physical network boundary to the internet, combined with the risk of accidental exposure by users with limited security expertise, increases the attack surface in the public cloud. Security governance is challenging in public cloud environments due to the lack of visibility and control over agile changes.

    3:00 pm
    Networking Break
    Registration Level:
    3:00 pm - 3:30 pm

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    3:30 pm
    Third-Party Vendor Risk Management, Lessons Learned, and Best Practices
    Registration Level:
    3:30 pm - 4:00 pm

    Modern business today relies on third parties to reduce overhead and cost. This can include the transfer of critical data which sometimes include “Crown Jewels.” How businesses evaluates these vendors should be built into the procurement process, but also take in to account how the vendor responds to these requests—and not just from you, but from every other company they are hosting, processing, and transferring data for.

    Learn how you can streamline the process and create value for both your company and your vendor(s).

    3:30 pm
    A Modern Approach to Information Protection
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:30 pm - 4:00 pm

    Data Loss Prevention (DLP) solutions alone can no longer address today’s data privacy requirements. Customer PII data is the most often lost or stolen data, and more than half of these breaches involve malicious attacks. Challenges like increasing threat activity, difficulty protecting a remote workforce, and accelerating migration of data to cloud platforms make it harder to secure data and comply with privacy regulations—especially when analysts need multiple tools to investigate data leakages. So how can you better protect your company in 2021?

    3:30 pm
    The Challenge of Detecting Threats in the Cloud
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:30 pm - 4:00 pm

    Detecting threats in the cloud presents several challenges: dealing with new technologies and facing new threat scenarios, exacerbated by the COVID-19 accelerated cloud adoption. Gartner indicates that organizations have been expanding their adoption of cloud security-oriented tools, such as Cloud Security Posture Management (CSPM) and Cloud Access Security Broker (CASB), as they try to keep cloud-related threats under control. However, not all organizations have an interest in adopting all these added technologies, and even when they do, the challenge of integrating them into their security monitoring infrastructure remains.

    Join this discussion to learn:

    • What are the differences between traditional threats and cloud threats?
    • How to align your security monitoring architecture to the new cloud monitoring requirements
    • How to optimize cloud security monitoring with a cloud-first SIEM approach
    4:00 pm
    Happy Hour
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    4:00 pm - 5:00 pm

    Join your peers for conversation and complimentary hors d’oeuvres and beverages. This is a great opportunity to network with other security professionals from the area, and to discuss the hot topics from the day.

  • Thursday, November 4, 2021
    7:30 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:30 am - 3:30 pm
    Location / Room: Registration Desk in Lobby

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 3:30 pm
    Location / Room: SecureWorld Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:30 am
    OPENING KEYNOTE
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Keynote Theater
    9:15 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:15 am - 9:45 am

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    9:45 am
    Banking Data Breach and Lessons Learned
    • session level icon
    Registration Level:
    • session level iconConference Pass
    9:45 am - 10:15 am

    Your financial institution has been hacked and is now on the evening news. Customers, board members, the press, and regulators are hounding you by the minute. How do you recover step-by-step as CIO/COO/CISO? This session covers data breach nightmares during pre-attack, attack-in-motion, and post-attack scenarios. What are the key steps in starting the recovery of business operations with everyone demanding quick action? Next in line is the enforcement actions from the regulator: what are the necessary turnaround actions and road-maps? Gain real-world insider views on turning around a horrible situation.
    Presentation Level: MANAGERIAL (security and business leaders)

    9:45 am
    Considering a Continuity Plan?
    • session level icon
    Registration Level:
    • session level iconConference Pass
    9:45 am - 10:15 am
    Your organization is required to implement a continuity plan but they can be complex and time consuming. Perhaps you are wondering where to start, and your organization is pressing you to innovate and leverage efficiencies. Cyber attacks are inevitable and can cause serious harm to your organization’s availability. Join Michael Smith and James Carpenter as we walk through important planning steps for building and implementing your continuity plan.
    9:45 am
    Beyond the Security Awareness Check Box
    • session level icon
    Registration Level:
    • session level iconConference Pass
    9:45 am - 10:15 am
    It’s time to move beyond the “Awareness” messaging campaigns and the annual compliance training check box. Employees need to take the next step and act on the knowledge that is constantly pushed out to them. A solid Security Awareness program needs to include opportunities for learners to build their skills as well as practice those skills in realistic scenarios. This session will provide an overview of ways to think beyond doing an annual compliance eLearning and focus on providing on-going learning opportunities that are timely and relevant.
    10:15 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 10:45 am
    Location / Room: SecureWorld Exhibitor Floor

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    10:45 am
    The Evolving Cyber & Privacy Landscape
    • session level icon
    speaker photo
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
    Registration Level:
    • session level iconConference Pass
    10:45 am - 11:15 am

    The changes from an evolving cyber and privacy landscape can seem impossible to track, let alone implement. Join this session with nationally known cybersecurity and privacy attorney Jordan Fischer to gain an understanding of what is new and what is next. Also, learn about key strategies for implementation to help drive organizational compliance.

    10:45 am
    Cyber Insurance: Safety Net or Scam?
    • session level icon
    Registration Level:
    • session level iconConference Pass
    10:45 am - 11:15 am
    Cyber liability insurance was conceived to help organizations recover from the devastating effects of a cyber attack, but are they actually fulfilling that purpose? While cyber insurance underwriters are requiring policy seekers to fill out risk assessment surveys and have offered resources to clients to help mitigate cyber risk, the daunting burden of proof is still placed on the insured to prove lack of negligence. What has to happen for insurers and their clients to agree upon third party risk assessment tools to create a more equitable cost vs. coverage framework? How can businesses regain control of their risk valuations?
    10:45 am
    Strategically Reporting to the Board of Directors
    • session level icon
    Registration Level:
    • session level iconConference Pass
    10:45 am - 11:15 am
    This presentation will cover three major areas of concerns when developing reporting for the board of directions. The first is assurance testing and reporting of the results so that the board is confident that the program is operating as promised. The second is an overview of current laws in the financial sector and other industries, including some that require board-level reporting. Finally, we will discuss what goes into the board package and how it should be presented.
    Presentation Level: MANAGERIAL (security and business leaders)

     

    11:15 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 11:45 am

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    11:45 am
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:45 am - 12:15 pm

    Moderated discussion for SecureWorld Advisory Council members. By invite only.

    11:45 am
    Success Factors for Securing a Multi- or Hybrid-Cloud Environment
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:45 am - 12:15 pm

    More organizations are experiencing the benefits of public cloud infrastructure—all of which enables development teams to select the best infrastructure for their application, such as one cloud provider over another, or leveraging the data center to host a portion of their assets and resources. But it creates a security challenge, since the security tooling for one cloud service provider is often not portable to another, and the tooling for the data center is not optimized for the cloud. The result is multiple dashboards, reduced productivity, increased costs, and gaps in security controls. Join us to learn about better ways to secure these diverse and complex environments.

    11:45 am
    Third-Party Cyber Risk: Creating and Managing a Program that Works
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:45 am - 12:15 pm

    Two-thirds of all major data breaches can be traced to an external third party of some kind. In addition, more and more regulations are focusing on third parties, as well. Business partners, suppliers, service providers, auditors, consultants, outside counsel firms, and more all add to a company’s cyber and compliance risk. Effectively assessing and managing these third-party risks is now more important than ever.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

     

    12:20 pm
    LUNCH KEYNOTE
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:20 pm - 1:15 pm
    Location / Room: Keynote Theater
    1:15 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 1:30 pm

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    1:30 pm
    [Panel] Ransomware: Myths, Pitfalls, and New Insights
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:30 pm - 2:15 pm
    Location / Room: Keynote Theater

    One thing we have learned over the past 18 months is that ransomware is very lucrative. Backups and cyber insurance have you covered, right? Not so fast. Misinformation abounds around digital extortion. Join our panel of experts as they unpack some of the myths and pitfalls around ransomware and offer valuable insight on how to keep your company out of the headlines!

    1:30 pm
    From Technologist to CISO
    • session level icon
    Registration Level:
    • session level iconConference Pass
    1:30 pm - 2:15 pm

    Are you a technician feeling the call towards leadership? Are you just interested in learning more about leadership? Just being a good tech is no guarantee of being a good leader. There are many things that good leaders need to know that have nothing to do with technical knowledge. Come to this session and join in a conversation about the path from the Information Security technical role to an IS leadership role. Learn the right knowledge that will be powerful in helping you become a great IS leader!

    2:15 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 2:30 pm
    Location / Room: SecureWorld Exhibitor Floor

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    2:30 pm
    Making Your Risk Management Program a Key Line of Defense
    • session level icon
    Registration Level:
    • session level iconConference Pass
    2:30 pm - 3:00 pm

    This session will explain how to build a Security Risk Management Program and how to raise awareness to your key stakeholders. You’ll learn where to start your lines of defense, and most importantly, how to mature the program where your stakeholders are comfortable discussing and making risk-based decisions.

    2:30 pm
    Continuous Security Validation: Exercise Your Environment More than the Adversary
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 3:00 pm

    With Incident Response as the new normal, ensuring that our systems and processes support that effort and threat hunting are working as expected. We will discuss why and how to establish a Continuous Security Validation (CSV) program within your organization. Specifically, how such a program evolves beyond Breach and Attack Simulation (BAS) and provides teams a continuous feedback loop to understand their posture and identify gaps as they arise.

    2:30 pm
    The DoD’s Cybersecurity Maturity Model Certification (CMMC) Is Coming – Are You Ready?
    • session level icon
    Registration Level:
    • session level iconConference Pass
    2:30 pm - 3:00 pm

    Supply chain risks are at the top of everyone’s mind today, and the US Department of Defense (DoD) is no different. That is why the DoD created its Cybersecurity Maturity Model Certification (CMMC). CMMC is a five level, third-party validated maturity certification. CMMC includes both technical and process/procedural requirements. Organizations in the Defense Supply Chain will be required to obtain CMMC certification before contract award. Requests for Proposals (RFPs) containing CMMC requirements are expected in October 2020. This session provides an overview of CMMC and the corresponding industry-led ecosystem that is being created, spearheaded by the CMMC Accreditation Body (CMMC-AB).
    Presentation Level: MANAGERIAL (security and business leaders)

    3:00 pm
    Networking Break — Dash for Prizes and CyberHunt winners announced
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:30 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have your badge scanned with participating exhibitors throughout the day. Past prizes have included Kindles, Bose wireless headphones, gift cards, iPads, drones, and more! *Must be present to win.

    3:30 pm
    CLOSING KEYNOTE
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:30 pm - 4:00 pm
    Location / Room: Keynote Theater
Exhibitors
  • Association of Continuity Professionals (ACP) North Texas
    Booth:

    ACP is a non-profit professional organization, which provides a forum for the exchange of experiences and information, for business continuity professionals, throughout a network of local chapters.

    Founded in March of 1986, the North Texas Chapter is one of the oldest continuously meeting chapters, and among the largest by membership, serving the Dallas/Fort Worth metroplex. Meetings are held on the first Tuesday of every month, unless the first Tuesday coincides with a holiday week.  We invite you to attend our next meeting.

  • Cybercrime Support Network
    Booth:

    Cybercrime Support Network (CSN) is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime. CSN’s mission is to improve the plight of Americans facing the ever growing impact of cybercrime by bringing together national partners to support cybercrime victims before, during, and after.

  • InfraGard North Texas
    Booth:

    The primary purpose of the InfraGard North Texas Members Alliance is to assist in increasing the security of the United States national infrastructures through ongoing exchanges of information relevant to infrastructure protection and through education, outreach, and similar efforts. In addition to the benefits offered by the national InfraGard organization, there are several ways our local chapter accomplishes these objectives, including:

    • Local quarterly membership meetings focused on infrastructure protection
    • Sector-specific meetings and information exchanges (see Sector Chief Program).
    • Partnerships and discounts to training offerings with other organizations such as ISSA and SecureWorld
    • Networking opportunities with peers within and across all sectors
  • ISC2 Dallas-Fort Worth
    Booth:

    The Dallas-Fort Worth Chapter of ISC2 is based in the DFW area and serves the counties of the Dallas-Fort Worth Metroplex. Members include those with security certifications from ISC2 as well as other professionals practicing or interested in information, software and communications security. Our mission is to advance information security in the DFW area by providing our members and other security professionals with the opportunity to share knowledge, grow professionally, educate others, and collaborate on projects. Our chapter programs provide members a forum to facilitate the exchange of knowledge and ideas, development of leadership and professional skills, and advancement of information systems security. We also provide our members with access to a variety of industry resources and educational programs to keep them up to date with the latest advances in technology as well as information assurance.

  • North Texas ISSA
    Booth:

    The Dallas/Fort Worth area has many large corporations, government organizations, and educational institutions. Our membership comes from the network and information systems professionals of these organizations and institutions, as well as vendors of security products. We seek to provide our members with access to information and resources to assist their employers in securing critical information resources. Our monthly luncheon meetings, conferences, and other resources are available to members and non-members alike to assist in educating security practitioners of all types.

  • ISSA Fort Worth
    Booth:

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. Learn more at the ISSA, International website. The Fort Worth Chapter of ISSA brings all of the benefits of International membership, along with opportunities for experiencing great speakers, local networking, earning CPEs, job prospecting and more.

  • PKWARE
    Booth:

    PKWARE protects the world’s data with smart encryption software and solutions. In use by more than 35,000 customers, including government agencies and global corporations, PKWARE’s easy-to-use security armors data itself and eliminates vulnerabilities wherever data is used, shared or stored.

    PKWARE offers the only data discovery and protection solution that locates and secures sensitive data to minimize organizational risks and costs, regardless of device or environment. Our software enables visibility and control of personal data, even in complex environments, making PKWARE a global leader in data discovery, security, and compliance.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Dan Lohrmann
    CSO, Security Mentor; Former CISO, State of Michigan

    Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker, and author. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington D.C. to Moscow. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. In 2017, Dan was awarded the cybersecurity breakthrough CISO of the year for global security products and services companies.

    He led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO), and Chief Information Security Officer (CISO) roles in Michigan.

    Dan currently serves as the CSO and Chief Strategist for Security Mentor, Inc., where he leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting, and workshops for end-users, managers, and executives in the public and private sectors. He has advised senior leaders at the White House, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses, and non-profit institutions.

    Dan has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

    He is the author of two books: "Virtual Integrity: Faithfully Navigating the Brave New Web" and "BYOD For You: The Guide to Bring Your Own Device to Work." He is the co-author of the upcoming (November 2021) Wiley book, "Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from the Inevitable."

    Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

  • speaker photo
    Andrew Jarrett
    Program Manager, Cyber Readiness Center, Texas A&M Engineering Extension Service

    Andrew Jarrett of the TEEX Cyber Readiness Center is a former firefighter, current member of a Type II/Type III Incident Management Team (IMT) and has recently been deployed as a member of Texas Division of Emergency Management (TDEM) Incident Support Teams (ISTs) for COVID response. As the Cyber Enterprise Program Manager at the TEEX CRC, he helps organizations assess their cybersecurity risk posture, develop pre-incident plans for cybersecurity, and organize their resources for response and recovery. He has also developed and delivered a number of FEMA-certified cybersecurity courses focused on the FEMA mission set of preparedness, mitigation, response, and recovery.

  • speaker photo
    Shawn E. Tuma
    Co-Chair, Data Privacy & Cybersecurity Practice, Spencer Fane LLP

    Shawn Tuma is an internationally recognized cybersecurity, computer fraud and data privacy law attorney, areas in which he has practiced for two decades. He is Co-Chair of Spencer Fane’s Data Privacy & Cybersecurity Practice where he regularly serves as cybersecurity and privacy counsel advising a wide variety of businesses ranging from small and mid-sized companies to Fortune 100 enterprises. Shawn has been named a Cybersecurity Law Trailblazer by the National Law Journal, SuperLawyers Top 100 Lawyers in DFW, and Best Lawyers in Dallas. He serves as the Practitioner Editor for Bloomberg Law’s Texas Privacy & Data Security Law, among many other activities.

  • speaker photo
    Panel Discussion
  • speaker photo
    Panel Discussion
  • speaker photo
    Panel Discussion
  • speaker photo
    Panel Discussion
  • speaker photo
    Jordan Fischer, Instructor
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP

    Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Panel Discussion
Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes