- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, April 12, 202310:30 amExhibitor Hall openRegistration Level:
- Open Sessions
10:30 am - 4:00 pmLocation / Room: Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
11:00 am[Opening Fireside Chat] CISO Panel: A Healthcare State of the UnionCISO, Vancouver ClinicCISO, Steward Health CareRegistration Level:- Open Sessions
11:00 am - 11:45 amJoin our group of security leaders as we dig into current topics surrounding healthcare and cyber. We’ll touch base on recession and budget planning, cyber insurance challenges, and Artificial Intelligence, and we’ll discuss some of the 2023 predictions and see if they are likely to come to fruition.
11:45 amNetworking BreakRegistration Level:- Open Sessions
11:45 am - 12:00 pmLocation / Room: Exhibitor FloorVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
12:00 pmNavigating the Insider ThreatscapeSr. Director, Cyber Security, Acumatica, Inc.Registration Level:- Open Sessions
12:00 pm - 12:30 pmThreat methods and controls utilized for the corporate workforce that now expands beyond the office building and into remote locations is not as comprehensive and effective for those who are typically in the office. The intent of employees may not be malicious but rather inherent to poor practices; however, there are those who happen to begin unintentional but gradually become the intentional insider threat.
12:00 pmKnow Your Contract: Third Party Management in HealthcareCo-Founder & Managing Partner, XPAN Law PartnersRegistration Level:- Open Sessions
12:00 pm - 12:30 amIn this informative session, cyber attorney Rebecca Rakoski explores the importance of understanding contracts with third-party vendors in the healthcare industry. The talk highlights the risks associated with outsourcing services to third-party vendors and emphasizes the need for clear and detailed contracts to mitigate these risks. It provides practical advice on negotiating contracts, including identifying key performance indicators and incorporating language to ensure compliance with regulatory requirements. Rebecca also discusses the importance of ongoing contract management and monitoring to ensure that vendors are meeting their obligations and that the healthcare organization is fully compliant with all relevant laws and regulations. Overall, the presentation serves as a valuable resource for healthcare organizations looking to improve their third-party management practices and mitigate potential risks associated with outsourcing services.
12:00 pmIdentity and the Current Threat LandscapeSr. Principal, Industries, OktaRegistration Level:- Open Sessions
12:00 pm - 12:30 pmIdentity is a crucial aspect of our lives, both in the physical world and the digital realm. In the current cyber threat landscape, the issue of identity has become even more important, as cybercriminals continue to target individuals and organizations to gain access to sensitive information and steal identities for financial gain. In this session, Tom Malta from OKTA will answer our questions about the current threats to ORGs.
12:45 pmNetworking BreakRegistration Level:- Open Sessions
12:45 pm - 1:00 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:00 pmDid You Get Our Message? How to Maintain Email AvailabilitySr. Security Engineer, Cape Cod HealthcareRegistration Level:- Open Sessions
1:00 pm - 1:45 pmOrganizations implement settings to ensure an email message is not spoofed; and nowhere is effective email communication more important than in healthcare where patients receive vital information, such as test results and other health-related updates. However, some organizations are not utilizing all settings available to them to ensure patients are indeed receiving email communications. This presentation investigates:
- How to avoid having emails to patients blocked by ISPs
- What to do when a service provider does block emails
- The importance of making sure an organization is notified in a timely manner when messages are flagged as spam (feedback loops)
1:00 pmA Healthier View on ComplianceCISO, AutomoxRegistration Level:- Open Sessions
1:00 pm - 1:45 pmToo often, we see compliance as an adversarial process. We know that compliance is imperfect, but articulating the challenges is difficult. However, we can develop models for more appropriate compliance, while appreciating those limitations. Further, it is even possible that we can learn to appreciate compliance as an enabler to our organization’s core mission.
1:45 pmNetworking BreakRegistration Level:- Open Sessions
1:45 pm - 2:00 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:00 pmNavigating HIPAA Compliance and Security Incidents: Where to Merge, Yield, and StopPartner, Dallas, Constangy, Brooks, Smith & Prophete, LLPPartner, Buffalo, Constangy, Brooks, Smith & Prophete, LLPRegistration Level:- Open Sessions
2:00 pm - 2:45 pmThis presentation will cover how healthcare organizations and business associates can safely traverse the complex healthcare regulatory environment. Sarah Rugnetta will focus on effective strategies to safeguard data through effective governance, appropriate controls, preparation, and training. In other words, she’ll discuss strategies on how to buckle up, perform needed safety checks, and practice safe driving. Lindsay Nickle will provide a crash course on how to minimize monetary and reputational harm, reduce the risk of fines, and avoid litigation when responding to security incidents (i.e., tactics on how to avoid hefty “traffic” tickets, body work, and ambulance chasers!).
2:00 pmTechnology Disruption and How to Transform CybersecurityCyber Risk Advisor, EYRegistration Level:- Open Sessions
2:00 pm - 2:45 pmTechnological advancement is bringing about new challenges where organizations are unable to effectively manage their cyber risk and the impact these risks could have on their business. This presentation speaks to the growing need to evolve cybersecurity and how to transform the way cyber risk is viewed and managed.
2:45 pmNetworking BreakRegistration Level:- Open Sessions
2:45 pm - 3:00 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
3:00 pmBuild Better Controls Around Third-Party RiskCISO, Keck Medicine of USCRegistration Level:- Open Sessions
3:00 pm - 3:45 pmThird-party risk refers to the potential risks that arise from the use of third-party vendors, suppliers, partners, or service providers who have access to an organization’s sensitive information, systems, or processes. What are the challenges and compounding risk around third parties? What are organizations doing today and how they can leverage automation to improve their program?
3:00 pmBusiness Continuity: Succession Planning 101CISO, Veterans United Home LoansRegistration Level:- Open Sessions
3:00 pm - 3:45 pmSession description to come.
3:45 pmNetworking BreakRegistration Level:- Open Sessions
3:45 pm - 4:00 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
4:00 pmCyber World on Fire: A Look at Internet Security in Today’s Age of ConflictCNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLCRegistration Level:- Open Sessions
4:00 pm - 4:45 pmThis informative session analyses the growing threat of cyberattacks and risks to internet security in today’s world. Col. Leighton explores the various types of attacks and vectors, including how bad actors can impact businesses and individuals. The session also examines the role of governments and international organizations—partnering with public and private businesses—in protecting against cyber threats.
Col. Leighton describes how nefarious actions are becoming increasingly more sophisticated and widespread, with hackers targeting not just large corporations but also smaller businesses and even individuals. He emphasizes the need for organizations to take proactive measures to protect their networks and data, including investing in advanced security technologies and providing regular training to employees.
He shares examples of cyber activity—good and bad; offensive and defensive—from Ukraine, China, and around the globe.
4:00 pmThe State of the Cybersecurity Workforce2023 Job Data: It Will Surprise You!Founder and CEO, CyberSN and Secure DiversityRegistration Level:- Open Sessions
4:00 pm - 4:45 pmSession description to come.
- CRESTBooth:
CREST is an international not-for-profit accreditation and certification body that represents and supports the technical information security market. CREST provides internationally recognised accreditations for organisations and professional level certifications for individuals providing penetration testing, cyber incident response, threat intelligence, and Security Operations Centre (SOC) services.
- OktaBooth:
Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.
- ZeroFoxBooth:
Using diverse data sources and artificial intelligence-based analysis, the ZeroFox Platform identifies and remediates targeted phishing attacks, credential compromise, data exfiltration, brand hijacking, executive and location threats and more. The patented ZeroFox SaaS technology processes and protects millions of posts, messages and accounts daily across the social and digital landscape, spanning LinkedIn, Facebook, Slack, Twitter, Instagram, Pastebin, YouTube, mobile app stores, the deep & dark web, domains, email and more.
Led by a team of information security and high-growth company veterans, ZeroFox has raised funding from NEA, Highland Capital, Intel Capital, Hercules Capital and others, and has collected top industry awards such as Red Herring Top 100 North America, the SINET16 Champion, Dark Reading’s Top Security Startups to Watch, Tech Council of Maryland’s Technology Company of the Year and the Security Tech Trailblazer of the Year.
- AutomoxBooth:
Automox tackles one of today’s biggest cybersecurity challenges: misconfigured and out-of-date systems that can easily be exploited. Legacy tools simply cannot remediate known vulnerabilities as efficiently as modern IT demands. Automox is rewriting those rules with a cloud-native endpoint hardening platform that delivers unprecedented speed, simplicity, and automation—whether it is on-prem, in the cloud, or on the move.
- Michael BrayCISO, Vancouver Clinic
- Esmond KaneCISO, Steward Health Care
Esmond Kane brings more than two decades of expertise as a distinguished leader in information security, safeguarding vital sectors. With a rich leadership background at prestigious institutions like Harvard University, Mass General Brigham, and Steward Health Care, he also serves on the advisory boards of multiple companies, providing valuable insights on cyber matters. Kane excels as a trusted consultant to top executives and founders, ensuring secure IT operations, regulatory compliance, and resilient design. His stellar track record is a testament to his recognized authority in the field.
- Mike MuscatellSr. Director, Cyber Security, Acumatica, Inc.
Mike Muscatell is a seasoned IT veteran with more than 21 years in the Information Security field. He is a certified ethical hacker (CEH). Was honored as top 100 professionals in the Information Security field by Strathmore's for 2014. Member of a number of security organizations, including InfraGard and the U.S. Chamber of Commerce Cyber Committee.
- Rebecca RakoskiCo-Founder & Managing Partner, XPAN Law Partners
Rebecca L. Rakoski is the managing partner at XPAN Law Partners, LLC. Rebecca advises her clients on a proactive, multi jurisdictional approach to identify and address data privacy and cybersecurity compliance gaps and potential liabilities. She uses her extensive experience to work with her clients to create and tailor a security and privacy governance program that fits their specific needs in order to limit their regulatory exposure.
Rebecca counsels and aggressively defends public and private corporations, and their boards, during data breaches and responds to state/federal regulatory compliance and enforcement actions. As an experienced litigator, Rebecca has handled hundreds of matters in state and federal courts. Rebecca skillfully manages the intersection of state, federal, and international regulations that affect the transfer, storage, and collection of data to minimize her client's litigation risks.
Rebecca regularly negotiates complex contractual provisions that are impacted by domestic and international data privacy regulations including the California Consumer Privacy Act of 2018, and the European Union's General Data Protection Regulation. She understands how the nature of the data can affect the role her client plays in the data transaction and uses that knowledge to mitigate corporate liability.
As a thought leader in the area of data privacy and cybersecurity, Rebecca serves on the New Jersey State Bar Association's Cyber Task Force. Rebecca is Vice-Chair Elect for the New Jersey State Bar Association's Bankruptcy Law Section.Rebecca has been appointed and served in multiple highly complex litigation matters by the New Jersey Superior Court as a Special Master in the areas of technology and eDiscovery. She also served on the Complex Business Litigation Committee that drafted and revised the New Jersey Court Rules involving electronic discovery. Rebecca was on the eDiscovery committee of her prior law firm and created its eDiscovery subgroup.
Rebecca is on the Board of Governors for Temple University Health Systems and is also the Acting Dean of Online Learning and an adjunct professor at Drexel University’s Thomas R. Kline School of Law.
- Stanley HammondSr. Security Engineer, Cape Cod Healthcare
Stanley Hammond has been in the IT field for the past 20 years and in the information security since 2006. He is currently a Senior Security Engineer in the healthcare field in Massachusetts. Throughout his career he has worked for non-profits, non-government organizations, higher education, and both public and private sector organizations. He is currently working in multiple areas including security awareness, incident response and proactive maintenance. He holds several industry recognized certifications including CISSP, CISM, CISA, HCISPP and CDPSE.
- Jason KiktaCISO, Automox
Jason Kikta is the Chief Information Security Officer at Automox. He previously served for over 20 years in the United States Marine Corps, which included seven years at U.S. Cyber Command designing and managing the national counter-APT and counter-ransomware missions.
- Lindsay NicklePartner, Dallas, Constangy, Brooks, Smith & Prophete, LLP
Lindsay serves as a vice chair of the cybersecurity and data privacy practice group. Lindsay has extensive experience managing responses to data privacy and security incidents, having managed some of the largest and most complex healthcare-related incidents in the world. Lindsay also has substantial experience assisting clients with the Payment Card Industry Data Security Standard (PCI DSS). She is uniquely positioned to gauge third-party liability, having served as a trial attorney in healthcare and financial regulatory matters for more than 15 years before beginning to manage responses to data privacy and security incidents. In helping clients mitigate the risk of that liability, she regularly facilitates training and workshops on data security. Lindsay holds the U.S. Certified Information Privacy Professional for United States law (CIPP/US) credential and regularly serves as a featured speaker on topics related to cyber insurance, cyber risk mitigation, and data privacy regulation. She received her J.D. from Baylor University and is admitted to practice in Texas.
- Sarah RugnettaPartner, Buffalo, Constangy, Brooks, Smith & Prophete, LLP
Sarah serves as a vice chair of the Constangy Cyber Team and practices in New York. She leads the provision of compliance advisory services for the Cyber Team, advising clients on strategies to mitigate risk associated with data privacy and security through business-oriented approaches. Sarah has more than 15 years of experience working in the privacy law area. She is a former privacy officer, a former state regulator, and has extensive experience serving as outside counsel for businesses in the fields of health law, data privacy, regulatory compliance, and risk management. She is well-versed in advising clients on the scope and applicability of domestic and international data privacy laws. A former Assistant General Counsel with the Vermont Department of Financial Regulation, Sarah regularly interfaces with state and federal agencies in response to investigations, enforcement actions and compliance audits. Sarah holds the Certified Information Privacy Professional for European law (CIPP/E) credential. She received her J.D. from the University of Buffalo and is admitted to practice in New York and Vermont.
- Brandon M. BapstCyber Risk Advisor, EY
Brandon has more than nine years of strategic experience in the security risk field. As a Cyber Risk Advisor within EY's Cyber Transformation practice, he works closely with executives, CSOs and CISOs on developing mature cyber risk programs. He has worked with Global Fortune 100 companies to transform tactical security programs into holistic enterprise security risk management practices enabled through data driven insights and technology. He is a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Certified Information Systems Auditor (CISA).
- Brian CayerCISO, Keck Medicine of USC
- Randy RawCISO, Veterans United Home Loans
Randy Raw is Chief Information Security Officer at Veterans United Home Loans in Columbia, Missouri. He has more than 25 years of experience in both public entities and private industry, having built several Information Security programs from the ground up. He is a proponent of risk-based, layered security measures that utilize both preventative and detective approaches to achieve the right solution for the organization. Randy is a CISSP and is active in the Central Missouri InfoSec community. He has spoken at SecureWorld on many technical topics and turns his focus towards helping others move from the technical trenches to a leadership role.
- Col. Cedric LeightonCNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC
Cedric Leighton is a CNN Military Analyst and a retired United States Air Force Colonel. On CNN, he has provided incisive commentaries on the Israel-Hamas War, the War in Ukraine, the U.S. withdrawal from Afghanistan, and numerous other conflicts around the world. His analysis has been seen by millions of viewers around the world and provided much needed context to some of the most pressing national security issues of our time. As a U.S. Air Force officer, Colonel Leighton served at U.S. Special Operations Command, the Joint Staff, and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star. After serving 26 years as a U.S. Air Force Intelligence Officer, Col. Leighton founded a strategic risk consultancy and became the co-founder of CYFORIX, where he advises multinational businesses on developing better cyber strategies designed to reduce risk and unpredictability.
- Deidre DiamondFounder and CEO, CyberSN and Secure Diversity
Deidre Diamond is the founder and CEO of CyberSN, the largest cybersecurity talent acquisition technology and services firm in the U.S., transforming job searching and hiring for the cybersecurity industry. Standardizing all cybersecurity job functions into a common taxonomy of 45 roles, the CyberSN platform allows professionals to make anonymous, public profiles that match with employer-posted job descriptions using the same taxonomy. This innovation is disruptive and solves a serious national security issue. Deidre’s leadership style combines 25 years of experience working in technology and staffing, her love of the cybersecurity community, and a genuine enthusiasm for people. She has led large-scale sales and operations and built high-performance teams at Rapid7 and Motion Recruitment prior to founding her own organizations. She believes a company-culture established on ‘anything is possible’ attitudes and open communication frameworks, along with positive energy, career advancement, and kindness, enables her teams to have fun at work and reach beyond peak performance. She also encourages the use of EQ (Emotional Intelligence) skills: self-awareness, self-regulation, motivation, social skills, and empathy. Deidre has also founded SecureDiversity.org, a non-profit organization working to raise awareness for, and increase the hiring of, women and underrepresented humans in the cybersecurity workforce. She has also spoken at some of the biggest tech summits, conferences, and podcasts in the world including ISC2 Congress, RSA, ISSA International, and Hacker Halted.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes