googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Top 10 Reasons to Attend SecureWorld
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, August 28, 2024
    10:30 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:30 am - 4:00 pm
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    11:00 am
    [Panel] Protecting Against OT and IoT Threats
    • session level icon
    speaker photo
    CISO, Trinseo
    Registration Level:
    • session level iconOpen Sessions
    11:00 am - 11:45 am

    There are several steps you can take to protect against cybersecurity threats in OT (Operational Technology) and IoT (Internet of Things) environments. This panel explores these steps, including:

    • Developing a comprehensive cybersecurity strategy
    • Segmenting your networks
    • Implementing strong access controls
    • Using encryption
    • Keeping your systems up to date
    • Monitoring your systems
    • Conducting regular training and awareness

    Come ready to learn and be ready with some questions for our panelists at the end of the session.

    11:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:45 am - 12:00 pm
    Location / Room: Exhibitor Floor

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    12:00 pm
    Insider Threat Actors & Artificial Intelligence
    • session level icon
    speaker photo
    Sr. Director, Cyber Security, Acumatica, Inc.
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm

    Threat methods and controls utilized for the corporate workforce that now expands beyond the office building and into remote locations is not as comprehensive and effective for those who are typically in the office. The intent of employees may not be malicious but rather inherent to poor practices; however, there are those who happen to begin unintentional but gradually become the intentional insider threat.

    This presentation is designed to help individuals identify how seemingly “innocent” activity can make them an insider threat, and how to identify behavioral elements utilizing a number of security solutions. Through live demonstrations, we will show how “everyday activities” can result in higher risk to the company.

    Objectives:

    • Learn the methodologies utilized by individuals within the organization that would be considered insider threat activity.
    • Learn how to identify system and user-based behavioral indicators.
    • Learn which existing or enhanced security layer can provide insider threat profile data.

    Take-Aways:

    • How to identify business processes which can contribute to intentional or unintentional insider threats.
    • Enhance procedures required to identify insider threat exposures.
    • Enhance awareness training to include additional methods of insider threat.
    • Enhance existing physical and digital security layers to better identify specific insider threat activity.
    12:00 pm
    Integrate Transformative OT Cybersecurity Programs to Increase Effectiveness
    • session level icon
    speaker photo
    Principal, CI5O Advisory Services LLC
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm

    At the operational field, plant, or edge level, growing risks like cybersecurity must be managed amid a need to democratize and expand technology within an increasingly connected workplace. Traditional approaches of handling cyber, analytics, edge, and others as separate IT projects and not addressing these needs as various pieces of a major holistic change effort (including many non-technology aspects) are causing them to fail outright or have poor results. Operational management frameworks are designed to provide consistency and reliability at the field level for various reasons, including safety and environmental priorities, and can create friction with innovative techniques and large-scale change. Culture clashes between OT, IT, and Operations teams and priorities worsen this situation.

    It’s important to appreciate how transformative OT cybersecurity programs are in order to integrate those objectives and ways of working into existing frameworks. This also allows cybersecurity teams to take advantage of new models and emerging technology which can accelerate progress. Finding and supporting these solutions is not enough though; companies need to apply a different approach to leading their internal change to overcome resistance and improve engagement.

    12:00 pm
    Building a Sustainable Cybersecurity Program
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm

    Join us for a dynamic session on “Building a Sustainable Cybersecurity Program” where we explore the significance of sustainable cybersecurity and its benefits. Discover real-life examples and best practices from various industries, showcasing successful integration of sustainable cybersecurity practices. Gain insights into the challenges of implementation and strategies to overcome them. Explore the policies and regulations that promote sustainable cybersecurity and understand their impact. Walk away with a comprehensive summary and actionable steps to create a resilient cybersecurity program for long-term success. Don’t miss this opportunity to safeguard your organization’s critical assets in an ever-evolving digital landscape.

    12:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:45 pm - 1:00 pm

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    1:00 pm
    Managing Smart Buildings Service Provider Fragmentation
    • session level icon
    speaker photo
    National Practice Lead – Building Cybersecurity, Michael Baker International
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:45 pm

    Building control systems have been around since the late 1970s. These systems were digitally controlled and proprietary. The building staff could run the building, but the logic/programming required the system service provider’s knowledge to maintain. Over time, the building staff’s reliance on the service provider grew to the point that the service provider not only has unrestricted local access but also unrestricted remote access. And in most cases, the service provider provides and controls remote access. When you take this into account and multiply it by the number of building control systems per building, the number of service provider technicians that currently have access, and former employees that possibly have access, and then multiply this by the number of buildings owned, this number can be huge. Now take into consideration that most of the service providers are not bound to cybersecurity service provider agreements. These buildings are a high degree of risk exposure for building owners.

    Learning Objectives:

    • Participants will be exposed to the current state of the building control system cybersecurity.
    • Participants will be walked through some real-world examples of results when service provider management does not exist and/or breaks down.
    • Participants will learn the basic concepts of managing service providers using ISA 62443.
    1:00 pm
    Secure by Default: Evolving Security Expectations
    • session level icon
    speaker photo
    Product Evangelist, Automox
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:45 pm

    CISA recently released their paper on “Secure by Design, Secure by Default” software that has support from seven major governments. It is meant to make significant, achievable improvements in software security. We will discuss the Secure by Default concept, why it is important, and what customers and vendors can do about it today.

    1:00 pm
    A Proactive Approach to Incident Response for OT
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:45 pm

    With a marked increase RaaS, APT, and nation-state sponsored attacks in the industrial cybersecurity sector over the last 18 months, it is more critical than ever for organizations to build effective incident response capabilities for their Operational Technology (OT) and Industrial Control Systems (ICS) environments.

    Often when the OT process is down, so is the revenue stream. The pressure to get back operational is high. Having a solid practiced plan, the right tools in place, and an effective decision-making process are critical to restoring production.

    1:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:45 pm - 2:00 pm

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    2:00 pm
    Pig Butchering, BEC, and Artificial Intelligence: What the Secret Service Wants You to Know
    • session level icon
    speaker photo
    Financial Fraud Investigator, Global Investigative Operations Center, U.S. Secret Service
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:45 pm

    Session description to come.

    2:00 pm
    Securing User Access with Comprehensive Identity Management
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:45 pm

    Identity management is crucial for securing user access across an organization’s IT infrastructure. A comprehensive identity management platform provides a unified view of user identities and access rights, allowing administrators to easily manage user access, detect and remediate identity-related threats, and enforce access policies. This presentation will provide an overview of the key features and benefits of a modern identity management platform and demonstrate how it can help organizations to enhance their security posture and protect against the latest identity-based threats

    2:00 pm
    Mitigating Data Privacy and Cybersecurity Risk Throughout the Supply Chain
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:45 pm

    Attendees will walk away with a practical understanding of how to involve key stakeholders at various points in the compliance program development process and the importance of third-party risk management concerning the overall data security and compliance culture within an organization.

    Businesses are increasingly built on a complex spiderweb of third-party providers that access a business’s systems, data, and other critical operations. This includes all manufacturing companies that rely on third parties—such as service providers, SAAS vendors, or contractors—to manage data and sensitive operations. Organizations typically have limited control over third parties, limited transparency into their security practices, and limited availability or resources to track third-party security upgrades. As owners and managers of portions of critical infrastructure, it is important for these companies to evaluate the current threat landscape and shift perspective on cyber threats from “if” to “when” as they examine preparedness, protocols, and employee education throughout upstream, midstream, and downstream operations.

    Mitigating data privacy, cybersecurity, and technology risk throughout the supply chain should be a priority for organizations, and our presentation will touch on key considerations for third-party management, including due diligence, contractual terms, and ongoing compliance.

    2:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:45 pm - 3:00 pm

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    3:00 pm
    Cyber Intel Briefing: Manufacturing
    • session level icon
    speaker photo
    CNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC
    speaker photo
    Founding Partner, CYFORIX (Former CISO & Sr. Executive at Keurig Dr Pepper, Comcast, HD Supply, and GE)
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm

    Session description to come.

    3:00 pm
    Illuminating the Dark Risk Universe: A New Frontier in Third-Party Security
    • session level icon
    speaker photo
    Sr. Strategic Advisor & vCISO, Sentinel Technologies
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm

    The modern enterprise exists within a vast cosmos of interconnected third-party relationships—suppliers, vendors, partners, and more. Yet this indispensable ecosystem also represents a rapidly expanding attack surface rife with often unaddressed cyber risks. Far too many organizations still rely on checklist security assessments providing only a fragmented snapshot-in-time of third-party risk posture. This illuminating session sheds light on the dark universe of third-party security threats lurking beyond the corporate perimeter. Get ready to:

    • Explore the real-world cyber risk impacts of complex, opaque supply chain relationships through analysis of recent high-profile breaches.
    • Gain insights into emerging AI/ML techniques for continuously monitoring third parties at scale across public, deep/dark web sources.
    • Learn a novel risk quantification framework for performing objective criticality assessments of all third-party partners.
    • Understand key regulatory trends around third-party cyber risk governance, including SEC-proposed rules.
    3:00 pm
    Where Are We with Securing Critical Infrastructure?
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm

    The need for cybersecurity in critical infrastructure environments (e.g., energy pipelines, power plants, nuclear facilities, petrochemical sites, water treatment plants) is at critical levels. In this discussion, we’ll be looking at the current state of cybersecurity in these types of ICS/OT environments.

    3:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 4:00 pm

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    4:00 pm
    [Closing Keynote] Navigating the Future: Privacy and Cybersecurity Challenges in the Era of an All-Connected World
    • session level icon
    speaker photo
    The Privacy Professor; CEO, Privacy & Security Brainiacs
    Registration Level:
    • session level iconOpen Sessions
    4:00 pm - 4:45 pm

    The proliferation of smart products being manufactured is staggering. If you can see it, smell it, touch it, wear it, ride in it, hear it, or…whatever…you can computerize it in some way to improve life, surveil others, provide protection, fix bodies, be entertaining; the list is endless. A lot of thought goes into making “bells and whistles” to make a product useful in some way at a price low enough to motivate purchases, reaping as much profits to the manufacturers and retailers, and/or benefits to those using the product, as possible. The potential for building radical, innovative advancements in transportation, lifestyles, clothing, consumer health, education, safety, environment, technology, recreation, housing, finance, nutrition and communication is exciting! However, what often gets lost in the excitement of the possibilities are the manufacturers’ and retailers’ considerations for, and critical conversations about, the privacy and cybersecurity risks inherent in using these smart devices and associated components. Subsequently, security and privacy controls are not engineered into the full smart products’ components.

    This session will explore the multifaceted challenges surrounding privacy and cybersecurity in the era of a world where anything that exists could potentially be a smart product. Rebecca will delve into the intricacies of data collection, transmission, and storage within these technologies, examining the potential vulnerabilities and privacy concerns that arise as consumers surreptitiously become interconnected with their surroundings, and ultimately a wide range of organizations that utilize their collected data in a variety of ways.

    Key topics to be addressed include the secure transmission of sensitive personal data, the collection and sharing of personal data by smart products, and the ethical considerations of balancing advancements in consumer products with individual data protection. Real-world use cases will be presented, illustrating both the potential benefits and risks associated with such products as smart automobiles and roadways, smart jewelry, smart travel products and fitness trackers.

    Attendees will gain valuable insights into best practices for engineering robust cybersecurity capabilities into such products, ensuring personal data confidentiality, and navigating the evolving regulatory landscape. This session aims to empower manufacturing engineers, technology developers, and policymakers with the knowledge needed to strike a balance between innovation and the protection of consumer privacy in the dynamic and expanding landscape of smart consumer products. Join us for an engaging discussion that paves the way for a secure and ethical future in an increasingly connected world.

Exhibitors
  • Splunk
    Booth:

    You see servers and devices, apps and logs, traffic and clouds. We see data—everywhere. Splunk® offers the leading platform for Operational Intelligence. It enables the curious to look closely at what others ignore—machine data—and find what others never see: insights that can help make your company more productive, profitable, competitive and secure. What can you do with Splunk?
    Just ask.

  • Trout Software
    Booth:

    Simple and agile approach to secure your assets: secure your digital perimeters, respond to threats quickly, and ensure continuous operations.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Tammy Klotz
    CISO, Trinseo

    Tammy Klotz is a vibrant and accomplished executive with over three decades of diverse experience in the manufacturing industry, specializing in cybersecurity and transformational leadership. She offers keen expertise in navigating mergers, acquisitions, and divestitures within both publicly-traded and privately-held companies and is seasoned in security, risk, and compliance leadership. Tammy brings a dynamic and positive approach to problem solving, excelling in simplifying intricate IT and cybersecurity concepts and facilitating pragmatic, non-technical dialogues that resonate with business executives. She is recognized as a strong, knowledgeable, thoughtful security executive who excels in public speaking and thought leadership, striving to empower others through knowledge sharing.

  • speaker photo
    Mike Muscatell
    Sr. Director, Cyber Security, Acumatica, Inc.

    Mike Muscatell is a seasoned IT veteran with more than 21 years in the Information Security field. He is a certified ethical hacker (CEH). Was honored as top 100 professionals in the Information Security field by Strathmore's for 2014. Member of a number of security organizations, including InfraGard and the U.S. Chamber of Commerce Cyber Committee.

  • speaker photo
    Al Lindseth
    Principal, CI5O Advisory Services LLC
  • speaker photo
    Fred Gordy
    National Practice Lead – Building Cybersecurity, Michael Baker International

    Fred Gordy is a nationally recognized thought leader, speaker, and expert in building systems cybersecurity specializing in organizational and technical vulnerabilities. He has over 20 years of industry experience including information technology and building controls systems. Fred has been the Chairperson of the Cyber Security Committee for the InsideIQ 55 international member companies, Security Steering Committee Member for S.E.A.T. (Sports & Entertainment Alliance in Technology), founding member of Cyber Security for Control Systems Association International (CS2AI), past president and current president emeritus the Atlanta CS2AI Chapter.

  • speaker photo
    David van Heerden
    Product Evangelist, Automox
  • speaker photo
    Stephen Dougherty
    Financial Fraud Investigator, Global Investigative Operations Center, U.S. Secret Service

    Stephen Dougherty has over a decade of investigative experience. His career as a Financial Fraud Investigator in support of the federal government has played a pivotal role in criminal investigations, surrounding cyber-enabled financial crime, money laundering, human trafficking, identity theft, healthcare fraud, embezzlement, tax/government program fraud, dark web crimes, among others. Stephen’s main area of expertise is combatting money laundering in all its forms. Aside from this, Stephen has been proactive in identifying new and future trends in the world of financial crime. Such trends include the cyber security nexus of financial crimes and its ever-growing relationship in major financial crimes such as Business Email Compromise and the rise of the dark web and the use of virtual currency as a vehicle for facilitation of financial crimes. Stephen has been a leader and a mentor to other investigators teaching them how to uncover fraud internally and externally. Stephen is currently an investigator contracted to the U.S. Secret Service’s Global Investigative Operations Center (GIOC) in Washington D.C.

  • speaker photo
    Col. Cedric Leighton
    CNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC

    Cedric Leighton is a CNN Military Analyst and a retired United States Air Force Colonel. On CNN, he has provided incisive commentaries on the Israel-Hamas War, the War in Ukraine, the U.S. withdrawal from Afghanistan, and numerous other conflicts around the world. His analysis has been seen by millions of viewers around the world and provided much needed context to some of the most pressing national security issues of our time. As a U.S. Air Force officer, Colonel Leighton served at U.S. Special Operations Command, the Joint Staff, and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star. After serving 26 years as a U.S. Air Force Intelligence Officer, Col. Leighton founded a strategic risk consultancy and became the co-founder of CYFORIX, where he advises multinational businesses on developing better cyber strategies designed to reduce risk and unpredictability.

  • speaker photo
    VJ Viswanathan
    Founding Partner, CYFORIX (Former CISO & Sr. Executive at Keurig Dr Pepper, Comcast, HD Supply, and GE)

    VJ Viswanathan is a seasoned technology executive recognized and awarded for innovation, business capability transformation, and thoughtful mentorship. Most recently, VJ is the founding partner at CYFORIX, a global cybersecurity research, advisory, and strategic consulting firm delivering solutions to public and private sectors. He also serves as the CEO at TORQE, a specialized advisory firm focused on analytics, automation, and convergent technologies. VJ is the co-host of ELEVATEINTEL, a podcast series at the nexus of technology, social, and defense.

    With more than 25 years of pioneering enterprise technology, cybersecurity, privacy, and compliance & risk management experience, VJ has a detailed track record of designing, implementing, and leading highly successful programs, products, and services at multinational Fortune 100 brands spanning CPG, telecom, media, supply chain, healthcare, and finance segments. As a strategic thought leader, VJ has delivered the first of its kind "Supply Chain Security" & “Omni-channel Risk Management” frameworks. As a published author and featured keynote speaker at global industry events, he approaches disruptive digital paradigms with innovation, creativity, and active collaboration with his key industry peers, researchers, national & international law enforcement, and defense groups.

    VJ is an active mentor at various incubators and accelerators groups, serves as an advisory board member for growth stage companies. As a strategic adviser to VC & PE firms, he specializes in developing market analysis, competitive product road maps, and guides in opportunity mapping. As a board member and subject matter advisor to CEOs and corporate directors, VJ evaluates and audits enterprise technology and cybersecurity programs for veracity and operational effectiveness.

    VJ is passionate about animal rights and giving back to the technology and security industry. He has created a rescue and foster care group for large breed dogs. He is actively engaged with academic institutions and purpose-driven professional groups like Minorities in Cyber Security, where he serves as a board member and chair of mentorship programs to develop the next generation talent through coaching and facilitating scholarships for technology and cybersecurity education.

  • speaker photo
    Arvin Verma
    Sr. Strategic Advisor & vCISO, Sentinel Technologies

    Arvin Verma is a highly motivated and talented cybersecurity professional with over 8 years of experience across a diverse set of cyber domains and industries such as Aerospace and Defense, Technology, Financial and Insurance, Commercial Retail, Manufacturing and several more. He has filed more than 4 invention disclosures in the field of cybersecurity with one being granted as a patent and continues to leverage new concepts to drive higher confidence in today’s continuously changing environment. Arvin is CISSP certified, Security+ Certified and a ISO 27001 Certified Lead Auditor. He serves as NSSRP IT Sector Chief and Chicago Chapter Board Member for InfraGard.

  • speaker photo
    Rebecca Herold
    The Privacy Professor; CEO, Privacy & Security Brainiacs

    Rebecca Herold has more than 30 years of security, privacy, and compliance experience. She is founder of The Privacy Professor Consultancy (2004) and of Privacy & Security Brainiacs SaaS services (2021) and has helped hundreds of clients throughout the years. Rebecca has been a subject matter expert (SME) for the National Institute of Standards and Technology (NIST) on a wide range of projects since 2009, including: seven and a half years leading the smart grid privacy standards creation initiative, and co-authoring those informative references and standards; two years being a co-author of and a SME member of the team that created the Privacy Framework (PF) and associated documents; and three years as a SME team member, and co-author of the Internet of Things (IoT) technical and non-technical standards and associated informative references; and performing throughout the years proof of concept (PoC) tests for a variety of technologies, such as field electricity solar inverters, PMU reclosers, and associated sensors. Rebecca has served as an expert witness for cases covering HIPAA, privacy compliance, criminals using IoT devices to track their victims, stolen personal data of retirement housing residents, tracking apps and website users via Meta Pixels and other tracking tech, and social engineering using AI. Rebecca has authored 22 books, and was adjunct professor for nine and a half years for the Norwich University MSISA program. Since early 2018, Rebecca has hosted the Voice America podcast/radio show, Data Security & Privacy with the Privacy Professor. Rebecca is based in Des Moines, Iowa, USA. www.privacysecuritybrainiacs.com

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Learn and connect virtually

Join your InfoSec peers for high-quality training and collaboration. Sign up today!