Top 10 Reasons to Attend SecureWorld
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Thursday, April 8, 2021
    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 9:00 am
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Virtual booths feature demos, resources downloads, and staff ready to answer your questions. Look for participating Dash For Prizes and CyberHunt sponsors to be entered to win prizes.

    8:00 am
    Advisory Council Roundtable
    • session level icon
    How Secure, Really, Are Your Vendors?
    speaker photo
    Chief Risk and Innovation Officer, MRS BPO, LLC
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:50 am

    This session is for SecureWorld Advisory Council members by invite only.

    Discussion topic moderated by Michael Meyer, Chief Risk and Innovation Officer at MRS BPO.

    8:15 am
    Cloud Security Alliance Delaware Valley Chapter: Town Hall Meeting
    • session level icon
    Open to all attendees
    speaker photo
    President, Delaware Valley Chapter, Cloud Security Alliance
    Registration Level:
    • session level iconOpen Sessions
    8:15 am - 8:50 am

    Board members of the CSA Delaware Valley Chapter will talk about where we’ve been, what we’ve been doing successfully during the pandemic, and what we have planned for 2021/22.

    CSA-DV is led by a volunteer network of local cloud and cybersecurity professionals. It is the go-to resource for industry practitioners to learn and maintain their Cloud Security best practices knowledge, as well as for any individual in the local community interested in Cloud Security awareness. CSA-DV offers events, webinars, and various Cloud Security certificate training courses (such as CCSK Foundation, CCSK+, CCAK, and much more).

    For more details, please visit our booth in the Exhibitor Hall and speak with one of our board members.

    8:15 am
    A Critical Look at the Security Posture of the Fortune 500
    • session level icon
    speaker photo
    Sr. Director, Chief Security Data Scientist, Rapid7
    Registration Level:
    • session level iconOpen Sessions
    8:15 am - 8:50 am

    The global pandemic has brought many changes to the IT landscape of corporations across the globe. To see how this has impacted the “best of the best,” Rapid7 Labs has reprised its seminal industry cyber exposure research from 2018 to see how the security posture of Fortune 500 organizations has evolved (or devolved), and to present solid advice to CISOs and practitioners looking to improve their cybersecurity practices.

    8:15 am
    How to Effectively Manage the Modern Risks of Open Source Code
    • session level icon
    speaker photo
    Security Evangelist & Sr. Solution Specialist, Checkmarx Inc.
    Registration Level:
    • session level iconOpen Sessions
    8:15 am - 8:50 am

    Today’s modern applications depend on of a substantial amount of open source components and third-party libraries, and developers acknowledge that utilizing open source allows them to focus more on unique code attributes instead of recreating what’s already been successfully established. Although organizations acknowledge a heightened level of security, license, and operational risk, unfortunately, many don’t effectively track or manage open source throughout their entire code base and cannot consistently address the widening hazards they face.

    As a result, organizations desire automated, repeatable processes for open source usage, risk management, and vulnerability remediation that fit within modern development environments.

    In this session, attendees will hear recommendations from Stephen Gates, Checkmarx SME, on how to effectively implement an approach to:

    • Identify open source with confidence
    • Minimize open source security and license risks
    • Prioritize exploitable vulnerabilities
    • Accelerate informed remediation
    • Integrate and automate open source analysis

    Presentation level: MANAGERIAL (security and business leaders)

    9:00 am
    [Opening Keynote] Marching on in 2021: Cyber Resiliency in Security
    • session level icon
    speaker photo
    VP, Chief Information Security and Privacy Officer, Health Partners Plans
    speaker photo
    CISO, ChristianaCare Health System
    speaker photo
    Director of Information Security, NFI
    speaker photo
    CISO, University of Pennsylvania
    speaker photo
    VP & CISO, Global Infrastructure and Security Solutions, TE Connectivity
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am

    The past year has served as an accelerant for digital innovation and, unfortunately, nation-state cybercrime. However, cybersecurity professionals are up for the challenge! Come hear this panel of security leaders, working across several verticals, as they debate and discuss:

    • Return to the workplace priorities for workforce resiliency
    • Pandemic lessons learned to continue digital transformation
    • Practical strategies for combating nation-state cybercrime
    • Mental health and coping strategies
    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:00 am
    Location / Room: Exhibitor Floor

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    10:00 am
    The Threat from Within: Creating an Effective Cyber Awareness Program
    • session level icon
    speaker photo
    CISO, New Jersey Courts
    speaker photo
    Co-Founder & Managing Partner, XPAN Law Partners
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    The basic “people problem” needs to be redefined and updated using science. For years, cybersecurity and data privacy advocates have been arguing that training employees is the only way to safeguard the organization. However, many organizations engage in cybersecurity training are forced to stare down the barrel of a data breach caused by one of those trained employees. The question becomes, why do we continue to repeat the same exercise expecting a different outcome?

    In addition, the global pandemic has caused many organizations to operate remotely. And many are planning to operate with at least a portion of their employees being remote. This causes another operational hurdle for IT and IT security professionals.

    This presentation will explain how cyber awareness training, in a traditional method, is a complete failure. We will discuss how using this traditional method of training can cause greater liability and threats to an organization. Finally, we will review how measuring an employee’s  Knowledge (K), Attitude (A), and Behavior (B) (“KAB”) toward cybersecurity can help to create tailored solution for cyber awareness training and provide a workforce the weapons they need to effectively stave off cyberthreats.

    10:00 am
    Faking It: Stopping Impersonation Attacks with Cyber AI
    • session level icon
    speaker photo
    Director, Email Security Products, Darktrace
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    Today, 94% of cyber threats still originate in the inbox. “Impersonation attacks” are on the rise, as artificial intelligence is increasingly being used to automatically generate spear-phishing emails, or digital fakes, that expertly mimic the writing style of trusted contacts and colleagues.

    Humans can no longer distinguish real from fake on their own, and businesses are increasingly turning to AI to distinguish friend from foe and fight back with autonomous response.

    In an era when thousands of documents can be encrypted in minutes, “immune system” technology takes action in seconds—stopping cyber threats before damage is done.

    Find out how in this session.

    10:00 am
    The #1 Challenge in the Digital Transformation to the Cloud—You!
    • session level icon
    speaker photo
    Growth Technologies Evangelist, Check Point Software Technologies
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    Using public clouds for enterprise datacenters is now mainstream; the advantages are significant and the gained agility undisputable. However, the number of services and options being offered is daunting. And with these choices come consequences; one misconfiguration can put your entire organization at risk… or worse.

    Another reality you will face as you scale is the challenge of using a “one-size-fits-all” interface. Imagine trying to find a misconfigured or exposed S3 bucket when you have thousands; it’s finding a needle in a stack of needles.

    And, if you’re like most enterprises, you have a resource gap and don’t have the experienced, trained security professionals maintaining your cloud environment(s). This gap exacerbates risks. The cloud environments available today are extremely comprehensive and powerful, but in unskilled hands, one fat-finger can have dire consequences. And, as you implement ephemeral cloud-native services like Lambda functions and other cloud-native platform components, new challenges will arise when conducting threat-detection and attribution.

    In this session, you’ll see your future and what to expect managing your public cloud-based datacenter. You’ll learn why Gartner says “Through 2023, at least 99% of cloud security failures will be the customer’s fault.” We will highlight the top challenges you will face and show you what you should prepare for before you scale. We will also detail recommended best practices for securing and maintaining compliance in your public cloud data center.

    10:00 am
    A Modern Approach to Information Protection
    • session level icon
    speaker photo
    Global Director, Cloud and Information Protection, Proofpoint
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    Data Loss Prevention (DLP) solutions alone can no longer address today’s data privacy requirements. Customer PII data is the most often lost or stolen data, and more than half of these breaches involve malicious attacks. Challenges like increasing threat activity, difficulty protecting a remote workforce, and accelerating migration of data to cloud platforms make it harder to secure data and comply with privacy regulations—especially when analysts need multiple tools to investigate data leakages. So how can you better protect your company in 2021?

    10:30 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:30 am - 10:45 am

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    10:45 am
    Multi-Cloud Identity Management
    • session level icon
    speaker photo
    Chief Risk and Innovation Officer, MRS BPO, LLC
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am
    Location / Room: 103

    Join this session as CISO Michael Meyer discusses and debunks the common myths about Multi-Cloud Identity Authorization Management (IAM). He will also delve into the inherent risks that are present, and discuss key strategies to reduce them and increase your organization’s security posture.

    10:45 am
    Incredible Email Hacks You'd Never Expect
    • session level icon
    speaker photo
    Data-Driven Defense Evangelist, KnowBe4
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    Email is still the #1 attack vector the bad guys use. A whopping 91% of cyberattacks start with a phishing email, but email hacking is much more than phishing and launching malware! Join us as we explore 10 ways hackers use social engineering to trick your end-users into revealing sensitive data or enabling malicious code to run.

    You will learn:

    •  How silent malware launches, remote password hash capture, and how rogue rules work
    •  Why rogue documents, establishing fake relationships and getting you to compromise your ethics are so effective
    •  Details behind clickjacking and web beacons
    •  Actionable steps on how to defend against them all

    If all you were worried about were phishing attempts, think again!

    10:45 am
    Get Beyond Compliance and Achieve Real Data Security
    • session level icon
    speaker photo
    SVP, Strategy and Imperva Fellow, Imperva
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    To keep pace with the database activity explosion that has accompanied recent rapid technology innovations, organizations must rethink their strategy for securing their data assets. A strategy designed to meet compliance requirements is not enough. Organizations need to develop new approaches that augment traditional agent-based monitoring to achieve real data security today and in the future.

    We’ll provide insight into how you can automate data collection and monitoring so you may apply more resources to identifying non-compliant behavior and orchestrating rapid responses, regardless of where your data is or the size of your data estate.

    10:45 am
    Code on Code Warfare
    • session level icon
    speaker photo
    Sr. Director, Sales Engineering, SentinelOne
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    During this talk we will review some security metrics from 2020, which includes common ways organizations are approaching complex security issues such as ransomware and advanced threat groups. During the discussion, we will provide some insight into alternative methods or considerations whereby we can use the power of compute to prevent, discover, and recover from advanced attacks.

    11:15 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 11:30 am

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    11:30 am
    Artificial Intelligence: Applicable Rules and Regulations
    • session level icon
    speaker photo
    Attorney at Law, Law Offices of Salar Atrizadeh
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    This presentation is on the topic of Artificial Intelligence and the related state, federal, or international laws. Salar Atrizadeh will discuss the technology and how it affects intellectual property rights and privacy laws. He will also cover which technologies are being affected and how the courts are handling the legal disputes.

    The audience will take away the following:

    • What is artificial intelligence?
    • What are the applicable rules and regulations?
    • How does AI affect intellectual property rights?
    • How does AI affect privacy laws?
    • What technologies are being affected?
    • How are the courts handling the legal disputes?
    • What are the European Commission and United States doing about it?
    11:30 am
    Observability at Scale in All-Remote Environments: Principles and Practice
    • session level icon
    speaker photo
    Sr. Security Automation Engineer, GitLab Inc.
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    InfoSec practitioners understand that observability and time-to-detection are crucial pieces of the security puzzle. However, data is often collected indiscriminately, stored unnormalized, retained for arbitrary periods of time, and sometimes even poorly understood. These issues make processing, baselining, and alerting on data sources harder than it should be.

    In this session, Jayson Salazar, Sr. Security Automation Engineer @GitLab, will discuss in detail the principles, best practices, and tooling he’s relied on to continuously improve GitLab’s observability capabilities into its infrastructure. We will discuss technical, architectural, procedural, and compliance aspects surrounding successful logging, monitoring, and alerting operations for all-remote environments at scale. From Terraform, Serverless, Data-Store alternatives and Python as building blocks, over finding an architecture that meets your needs, all the way to Alert Triaging and Compliance, this is meant to be a guiding companion for Security departments at the beginning or midst of their observability journey.

    11:30 am
    The Implementation Journey of Zero Trust and SASE: Realizing the Benefits
    • session level icon
    speaker photo
    CSO & VP, Cloud Security Transformation, Netskope
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    Most organizations have a hybrid implementation of cloud and on-prem services. With the rapid adoption of business digitalization and expanding remote work force, how do we consolidate controls and enhance the security of the systems?

    In this hybrid mode, enterprises need speed, visibility, security, and reliability without compromise. Enter the secure access service edge, better known as SASE. It’s inevitable that SASE implementations and Zero Trust implementations will provide a more comprehensive security capability to truly support digital transformation. How can your organization best position itself for the transition?

    In this session, James Christianson will discuss:
    ·  How to migrate your security controls to take advantage of SASE
    ·  Reducing cost while increasing your security posture
    ·  Implementing a road map for SASE / Zero Trust

    11:30 am
    Hacking Exposed: Learning from the Adversaries
    • session level icon
    A look inside the techniques of OceanLotus / APT32
    speaker photo
    Chief Evangelist & Sr. Director, Product Marketing, BlackBerry
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    Fileless attacks and fileless malware have grown in sophistication, especially in their ability to obfuscate and hide from both traditional and next-generation anti-virus. With this ever growing threat, how do you train your systems to defend against it?

    In this session, you will learn techniques to make your own weaponized document that is designed to not just bypass AV but also human threat hunters through a sophisticated method of obfuscation and the use of built-in trusted tools. The document is capable of allowing the attacker to gain remote access to the victim system and exfiltrate sensitive data. You will get to see, firsthand, the attack compromise both a Windows PC and a MacOS.

    Join Blackberry’s Brian Robison to discover the techniques being used by APT32/OceanLotus to attack their victims and learn how to replicate them to better test your defenses.

    12:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    12:15 pm
    [Lunch Keynote] Stop Slouching! Correct the Top 5 Weak Spots in Your Cloud Security Posture
    • session level icon
    speaker photo
    Director of Cloud Services, AccessIT Group
    speaker photo
    Growth Technologies Evangelist, Check Point Software Technologies
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm

    It’s time to “sit up straight” and make the proper adjustments to correct weak cloud security posture and keep your cloud workloads secure. In this presentation, cloud security experts from AccessIT Group and Check Point will focus on five of the most common weak spots that they are seeing and the corrections needed to strengthen your cloud security posture. Learn from the experts on how to identify and mitigate your cloud security weaknesses.

    1:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    1:15 pm
    Making Your Risk Management Program a Key Line of Defense
    • session level icon
    speaker photo
    Sr. Director, Information Security Risk Management, The College Board
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    This session will explain how to build a Security Risk Management Program and how to raise awareness to your key stakeholders. You’ll learn where to start your lines of defense, and most importantly, how to mature the program where your stakeholders are comfortable discussing and making risk-based decisions.

    1:15 pm
    Continuous Security Validation: Exercise Your Environment More than the Adversary
    • session level icon
    speaker photo
    Technical Director of NA, Sales Engineering, AttackIQ
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    With Incident Response as the new normal, ensuring that our systems and processes support that effort and threat hunting are working as expected. We will discuss why and how to establish a Continuous Security Validation (CSV) program within your organization. Specifically, how such a program evolves beyond Breach and Attack Simulation (BAS) and provides teams a continuous feedback loop to understand their posture and identify gaps as they arise.

    1:15 pm
    [Panel] Workforce 2.0: The New Normal
    • session level icon
    speaker photo
    Sr. Solutions Engineer, Okta
    speaker photo
    Sr. Director, Threat Research, Agari
    speaker photo
    Sr. Director, Product Management, Synopsys
    speaker photo
    M.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    Our panelists will discuss the continued challenges with managing the remote workforce securely. Whether people go back to an office again is up in the air, but InfoSec and Operations must have processes and technology in place to keep the business running with an acceptable risk. Bring your questions for our panel.

    1:15 pm
    [Panel] We Need a New Plan: Business Continuity, GRC, and Privacy
    • session level icon
    speaker photo
    Director, Risk Management Services, AccessIT Group
    speaker photo
    Solutions Architect, Siemplify
    speaker photo
    Cyber Attorney, Global Leader of Privacy Practice Group, Beckage Law
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    The pandemic has taught InfoSec many lessons; among them, your IR/BC/DR plans must be scalable and flexible. Compliance and regulations still matter, and many states are initiating new data privacy and security laws. Our panel will go over some of the items you may have missed over the last year. Our experts will let you know which ones you need to really be concerned with and provide some guidance on what to include in your future Incident Response, Business Continuity, and Disaster Recovery plans.

    1:15 pm
    Executive Roundtable [VIP invite only]
    • session level icon
    Topic: Security Challenges with Digital Coworkers
    speaker photo
    Vice President, Global IAM Strategy, One Identity
    Registration Level:
    • session level iconVIP / Exclusive
    1:15 pm - 2:00 pm

    Discussion forum for executive leaders and SecureWorld Advisory Council members (10-15, by invite only).

    Moderated by Larry Chinski, the discussion will cover:
    • Increased adoption of BPA tools (Hyperautomation)
    • RPA and the use of BOTS
    • Threats that BOTS pose in an organization
    • How to manage and secure BOTS

    Sponsored by One Identity.

    2:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    2:15 pm
    Human Resilience: A Myth
    • session level icon
    speaker photo
    Founder and CEO, CyberSN and Secure Diversity
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm

    Humans are not resilient—they get sick, die, retire, and can choose not to work for an organization. Currently, a CISO changes jobs on average every 18 months. Burnout is at an all-time high. Cybersecurity professionals feel undervalued and underutilized. Diversity continues to fight for its place on the team. While the cybersecurity industry is full of useful cyber resiliency insights and research, the human role in the resiliency chain is often overlooked. Together, we will define human resilience and the four-part solutions to create human resilience: individual, team, company, and industry.

    Cybersecurity managers and leaders will leave this talk with a proactive talent resilience approach plan that will keep their talent from being vulnerable and/or from nullifying their overall resilience plans.

    Presentation level: MANAGERIAL (security and business leaders)

    2:15 pm
    [Panel] Ransomware, BEC Attacks, and Insider Threats - What's Next?
    • session level icon
    speaker photo
    Vice President of Security, Code42
    speaker photo
    Global Principal Engineer, Corelight
    speaker photo
    VP, Global Services Technical Operations, BlackBerry
    speaker photo
    Director, Solution Architect , Armis
    speaker photo
    Sr. Presales Systems Engineer, Arctic Wolf Networks
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm

    Even a pandemic didn’t slow the roll of hackers and other nefarious groups. Ransomware and BEC attacks are at an all-time high, and insider threats (malicious and unknowing) are on the rise, as well. It seems if a dollar is to be had, someone is trying to take it. So, how do we arm our clients, partners, and coworkers with the tools they need to identify these next-level threats?

    2:15 pm
    [Panel] Let's Talk About Clouds
    • session level icon
    speaker photo
    Director of Technology - Office of the CTO, Imperva
    speaker photo
    Cloud Overlay Sales Engineer, Gigamon
    speaker photo
    Chief Security Strategist, Tenable, Inc.
    speaker photo
    Application Security Solution Architect, Contrast Security
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm

    It’s been a year now since many companies were forced to adopt cloud services or perish. For many, this was a huge shift and a leap of faith. This discussion will cover lessons learned, positives we have uncovered, and some of the new alphabet soup relating to cloud—CASB, SaaS, IaaS, etc.

    3:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    3:15 pm
    Cloud Security Checklist Manifesto
    • session level icon
    speaker photo
    Sr. Solutions Architect , The Vanguard Group
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 4:00 pm

    Inspired by the best-selling book “The Checklist Manifesto” by surgeon Dr. Atul Gawande, this talk will focus on identifying and focusing on a Cloud Security checklist. Like the medical field where checklists are necessary to make complex life and death situations a little more manageable, we need a robust set of tasks that are absolutely required for any cloud infrastructure. This session will also provide information to build up a starter checklist that can grow with the cloud workload. This will also help organizations meet their audit and compliance requirements.

    3:15 pm
    Data Breaches: Two Tales, Two Motives - Financial vs. Espionage
    • session level icon
    speaker photo
    Head of Research, Development, Innovation, Verizon Threat Research Advisory Center
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 4:00 pm

    Financially motivated data breaches are similar to yet different from espionage motived data breaches. In this session, Verizon—producers of the annual Data Breach Investigations Report (DBIR)—will compare and contrast financially-motived and espionage-motived data breaches. Verizon will present this session through the lens of VERIS (Vocabulary for Event Recording and Information Sharing) Framework, to include the A4 Threat Model: Actors, Actions, Attributes, and Assets, and highlight key controls to counter data breaches.

    Industry accepted frameworks and tools can help improve capabilities to better prevent, mitigate, detect, and respond to data breaches with Financial motives or Espionage motives. These frameworks and tools include the VERIS framework, VIPR phases, NIST Cybersecurity Framework, and Center for Internet Security (CIS) Critical Security Controls (CSCs).

    Join this session and discover:

    • A4 Threat Models aspects of Financial Motive Breaches
    • A4 Threat Models aspects of Espionage Motive Breaches
    • Comparison between motives and the countermeasures to take

    3:15 pm
    Reducing Complexity While Increasing Data Protection in Financial Services
    • session level icon
    speaker photo
    VP, Security and Privacy, PKWARE
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 4:00 pm

    Financial service firms have a responsibility to provide fool-proof security to instill faith in customers, and send a strong message that combating threats is a prime objective. They cannot afford to be complacent, especially when the majority of information produced or utilized in financial services is private and sensitive, not to mention highly regulated. All this adds up to make cybersecurity vital to business.

    Building sustainable ongoing security starts with all-inclusive optics into the sensitivity of data and automated organization-wide control of it. Organizations can assemble all this with multiple solutions, but doing so is time-consuming, expensive, and can be fraught with integration woes.

    There’s a better way. This session takes a deep dive into reducing complexity in sensitive and private data protection, including:

    • How to dig deep across the enterprise into every place sensitive data may be stored, from data lakes to endpoint devices
    • The benefit of automatic policy-specific remediation, including masking, redaction, deletion, and encryption
    • How to scale data protection and compliance as data volumes increase
    3:15 pm
    Examining the CMMC and the Reasoning Behind It
    • session level icon
    speaker photo
    Chairman of the Board, CMMC Center of Excellence
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 4:00 pm

    The Deputy Principal Cyber Advisor for the DoD recently told the Senate Armed Services Cybersecurity Subcommittee that the Cybersecurity Maturity Model Certification (CMMC) is part of a crucial effort: “Our goal must be to complicate and frustrate adversary planning and operations such that they cannot conduct them with impunity or at scale.”

    In this session, join the Chairman of the Board at the CMMC Center of Excellence as he explores the logic behind the Cybersecurity Maturity Model Certification, its objectives, and its security benchmarks.

    4:00 pm
    [Closing Keynote] The Resilient Enterprise: Securing the Virtual Workforce
    • session level icon
    speaker photo
    Chief Risk Officer & CISO, Paycor
    Registration Level:
    • session level iconOpen Sessions
    4:00 pm - 4:45 pm

    Throughout the course of 2020, organizations have seen a transformational shift in the way that businesses operate. As we adapt to new realities, digital transformation has been accelerated in many areas, including how we protect our information assets. From entirely new threats to exacerbating existing threats, Information Security teams are at the forefront of enabling businesses to operate efficiently and securely in the new virtual-first world. We’ll deep dive into considerations that your organization should be making in technology, process, and policy as you work to secure your virtual workforce.

Exhibitors
  • AccessIT Group
    Booth: Pavilion Sponsor

    AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.

    AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.

  • Agari
    Booth:

    Agari is transforming the legacy Secure Email Gateway with its next-generation Secure Email Cloud powered by predictive AI. Leveraging data science and real-time intelligence from trillions of emails, the Agari Identity Graph™ detects, defends and deters costly advanced email attacks including business email compromise, spear phishing and account takeover.

  • Arctic Wolf Networks
    Booth:

    Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOC™ service is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting, and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit  https://www.arcticwolf.com.

  • Armis, Inc
    Booth:

    Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust Armis’ unique out-of-band sensing technology to discover and analyze all managed and unmanaged devices, analyze endpoint behavior to identify risks and attacks, and protect information and systems.

  • AttackIQ
    Booth:

    AttackIQ, the leading independent vendor of breach and attack simulation solutions, built the industry’s first Security Optimization Platform for continuous security control validation and improving security program effectiveness and efficiency. AttackIQ is trusted by leading organizations worldwide to identify security improvements and verify that cyberdefenses work as expected, aligned with the MITRE ATT&CK framework. The Company is committed to giving back to the cybersecurity community through its free AttackIQ Academy, open Preactive Security Exchange, and partnership with MITRE Engenuity’s Center for Threat Informed Defense.

  • BitSight
    Booth:

    BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog or follow @BitSight on Twitter

  • BlackBerry
    Booth:

    BlackBerry provides intelligent security software and services to enterprises and governments around the world. The company secures more than 500M endpoints including more than 175M cars on the road today. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy solutions, and is a leader in the areas of endpoint security management, encryption, and embedded systems. BlackBerry’s vision is clear—to secure a connected future you can trust.

    BlackBerry. Intelligent Security. Everywhere.

    For more information, visit BlackBerry.com and follow @BlackBerry.

  • Check Point Software Technologies Inc.
    Booth:

    Check Point Software Technologies Inc. is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • Checkmarx Inc.
    Booth:

    Checkmarx is the global leader in software security solutions for modern enterprise software development. Checkmarx delivers the industry’s most comprehensive software security platform that unifies with DevOps and provides static and interactive application security testing, SCA and developer AppSec training to reduce and remediate risk from software vulnerabilities. www.checkmarx.com

  • Cloud Security Alliance – Delaware Valley Chapter
    Booth:

    Cloud Security Alliance Delaware Valley Chapter (CSA-DV) is a not-for-profit organization for people interested in education, training and possible certification in cloud security. We seek to improve the understanding of cloud security and to promote the interaction of both professionals and students in order to discuss current trends and topics within the industry.

    OUR PURPOSE:

    To promote cloud security best practices within the Greater Philadelphia region, to educate about cloud computing, identify its risks, methods to secure it, and to continually provide opportunities for the development of cloud security professionals.

  • Code42
    Booth:

    Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.

  • Contrast Security
    Booth:

    Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast’s patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.

  • Corelight
    Booth:

    Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com

  • Cybercrime Support Network
    Booth:

    Cybercrime Support Network (CSN) is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime. CSN’s mission is to improve the plight of Americans facing the ever growing impact of cybercrime by bringing together national partners to support cybercrime victims before, during, and after.

  • Darktrace
    Booth:

    Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.

    The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.

  • DeSales University Cyber Security Program
    Booth:

    DeSales University offers an exciting digital forensics certificate program, composed of four courses, that teaches students how to recover evidence from various types of electronic devices. Students receive hands-on experience with popular forensic tools and are prepared to address the legal and investigative issues involved with seizing and handling digital evidence. Graduates of the certificate program can add more courses toward a master’s degree in criminal justice or information systems. All courses are online, allowing students with busy schedules greater flexibility.

  • Gigamon
    Booth:

    Gigamon is the first company to deliver unified network visibility and analytics on all information-in-transit, from raw packets to apps, across physical, virtual and cloud infrastructure. We aggregate, transform and analyze network traffic to solve for critical performance and security needs, including rapid threat detection and response, freeing your organization to drive digital innovation. Gigamon has been awarded over 75 technology patents and enjoys industry-leading customer satisfaction with more than 3,000 organizations, including over 80 percent of the Fortune 100. Headquartered in Silicon Valley, Gigamon operates globally. For the full story on how Gigamon can help you to run fast, stay secure and innovate, please visit www.gigamon.com.

  • Imperva
    Booth:

    Imperva is a leading provider of data and application security solutions that protect business-critical information in the cloud and on-premises. Cybercriminals constantly change their tactics. But what they are after, and how they ultimately make money, doesn’t change. They are after data. They make their money through extortion, via DDoS and ransomware, and through theft via data breaches. Today, data and applications are the fundamental assets of any enterprise. Data are the intellectual property and apps are what run the business. Imperva has a singular purpose: protect these critical assets from the ever-changing attacks of the cybercrime industry.

  • KnowBe4
    Booth:

    We are a leader in the Gartner Magic Quadrant and the fastest-growing vendor in this space.

    KnowBe4 is the world’s largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering.

    The KnowBe4 platform is user-friendly and intuitive. It was built to scale for busy IT pros that have 16 other fires to put out. Our goal was to design the most powerful, yet easy-to-use platform available.

    Customers of all sizes can get the KnowBe4 platform deployed into production twice as fast as our competitors. Our Customer Success team gets you going in no time, without the need for consulting hours.

  • Netskope
    Booth:

    The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.

  • Okta
    Booth:

    Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

  • PKWARE
    Booth:

    PKWARE protects the world’s data with smart encryption software and solutions. In use by more than 35,000 customers, including government agencies and global corporations, PKWARE’s easy-to-use security armors data itself and eliminates vulnerabilities wherever data is used, shared or stored.

    PKWARE offers the only data discovery and protection solution that locates and secures sensitive data to minimize organizational risks and costs, regardless of device or environment. Our software enables visibility and control of personal data, even in complex environments, making PKWARE a global leader in data discovery, security, and compliance.

  • Proofpoint
    Booth:

    Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.

    Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.

  • Quest One Identity
    Booth:

    One Identity, a Quest Software business, helps organizations achieve an identity-centric security strategy with a uniquely broad and integrated portfolio of identity management offerings developed with a cloud-first strategy including AD account lifecycle management, identity governance and administration and privileged access management. One Identity empowers organizations to reach their full potential, unimpeded by security, yet safeguarded against threats without compromise regardless of how they choose to consume the services. One Identity and its approach is trusted by customers worldwide, where more than 7,500 organizations worldwide depend on One Identity solutions to manage more than 125 million identities, enhancing their agility and efficiency while securing access to their systems and data – on-prem, cloud or hybrid.

  • Rapid7
    Booth:

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • Recorded Future
    Booth:

    Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.

  • SentinelOne
    Booth:

    SentinelOne is the future of Endpoint Protection. It unifies prevention, detection and response in a single platform driven by sophisticated machine learning and intelligent automation. With SentinelOne, organizations can detect malicious behavior across multiple vectors, rapidly eliminate threats with fully-automated, integrated response capabilities, and adapt their defenses against the most advanced cyber attacks.

  • Siemplify
    Booth:

    The  Siemplify  team is comprised of cyber-security professionals, veterans of Israeli intelligence agencies. We bring rich experience in security analysis,  management  and operations and are backed by experts in data science and applied mathematics.

    WE BELIEVE In the modern world of cyber threat analysis, investigation and management should be more holistic, intuitive and simple. Technology and data science should serve cyber security experts by providing all the relevant information about the threat in real-time and focus them  in  rapid decision making.

  • Synopsys
    Booth:

    Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tenable
    Booth:

    Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Michael Meyer
    Chief Risk and Innovation Officer, MRS BPO, LLC

    Michael Meyer, MPSTM, CISSP, CIPP/US, CIPM, FIP, CISM, CRVPM II, CRISC, CISA, is the Chief Risk and Innovation Officer of MRS BPO. He is responsible for overseeing the company’s enterprise innovation, risk management and security initiatives for its Fortune clients. Michael has been with MRS for over 20 years and previously served in the Chief Security and Chief Information Officer roles. He has a Master’s degree in Technology Management from Georgetown University and a Bachelor’s degree in Computer Science from Rutgers University. Prior to MRS, he owned a consulting company, taught secure government systems globally and was in Military Intelligence.

  • speaker photo
    Robert Wilner
    President, Delaware Valley Chapter, Cloud Security Alliance
  • speaker photo
    Bob Rudis
    Sr. Director, Chief Security Data Scientist, Rapid7

    Bob Rudis has over 20 years of experience using data to help defend global Fortune 100 companies and is currently [Master] Chief Data Scientist at Rapid7, where he specializes in research on internet-scale exposure. He was formerly a Security Data Scientist & Managing Principal at Verizon, overseeing the team that produces the annual Data Breach Investigations Report. Bob is a serial tweeter (@hrbrmstr), avid blogger (rud.is), R (#rstats) avunculur, author (Data-Driven Security), speaker, and regular contributor to the open source community.

  • speaker photo
    Stephen Gates
    Security Evangelist & Sr. Solution Specialist, Checkmarx Inc.

    Stephen Gates brings more than 15 years of information security experience to his role as Security Evangelist and Senior Solution Specialist at Checkmarx. He is an SME with an extensive hands-on background in security and is a well-known writer, blogger, presenter, and published author who is dedicated to conveying facts, figures, and information that brings awareness to the security issues all organizations face.

  • speaker photo
    Mark Eggleston
    VP, Chief Information Security and Privacy Officer, Health Partners Plans

    Mark Eggleston is a senior executive specializing in security and privacy programs. His unique background and expertise in IT program and people management, combined with his diverse experience in healthcare, has positioned him as a thought leader and frequent speaker.

    Mark currently serves as Vice President, Chief Information Security Officer and Privacy Officer, at Health Partners Plans, a Philadelphia-based health insurance company. He leads the maturation of various security technologies and privacy initiatives and manages a business continuity and disaster recovery program.

    He started his professional career serving as a Program Manager and Psychotherapist at a hospital serving children and adolescents. Later, he helped develop a HIPAA privacy and security compliance program for a geographically dispersed health care provider organization and later, a local health plan.

    Mark has an undergrad degree in Psychology, a Masters in Social Work, and a Post Baccalaureate Certificate in MIS, and maintains GSEC, CHPS, and CISSP certifications. He is also a founding chair adviser for the CyberEdBoard Global Community.

  • speaker photo
    Anahi Santiago
    CISO, ChristianaCare Health System

    Anahi Santiago is the Chief Information Security Officer at ChristianaCare Health System, the largest healthcare provider in the state of Delaware. Prior to CCHS, she spent over 10 years as the Information Security and Privacy Officer at Einstein Healthcare Network. In her role as CISO, Anahi has overall responsibility for the organization's cybersecurity and assurance program. She leads a team of information security professionals in supporting CCHS's strategic initiatives by collaborating with clinical and business leaders, managing cybersecurity risks, implementing policies and controls, generating overall awareness, and fostering a culture of security and safety.

  • speaker photo
    Joshua Cloud
    Director of Information Security, NFI

    Joshua Cloud is currently serving as the director of information security for NFI. He has over 20 years of infrastructure and security leadership experience spanning professional services, manufacturing, retail, and logistics industries in countries all over the world. Cloud is a transformational security leader with a business focus who evangelizes the value of pragmatic cyber risk management and executive alignment. He currently leads a team of security professionals at the new NFI headquarters on the Camden, NJ, waterfront.

  • speaker photo
    Nick Falcone
    CISO, University of Pennsylvania
  • speaker photo
    Todd Bearman
    VP & CISO, Global Infrastructure and Security Solutions, TE Connectivity
  • speaker photo
    Sajed Naseem
    CISO, New Jersey Courts

    Sajed Naseem ("Saj") is the Chief Information Security Officer (CISO) of New Jersey Courts. He has over 20 years of experience with information security and IT across many industries. As the CISO of the New Jersey Courts, he has focused on Cybersecurity Readiness & Performance, Information Governance, and Network Security. Sajed holds Masters degrees from St. John's University and Columbia University. He routinely speaks at cybersecurity conferences nationally, in Europe, and with the New Jersey Bar Association. Sajed is also an Adjunct Professor at St. John's University in Information Security since 2010 and a native of New York City.

  • speaker photo
    Rebecca Rakoski
    Co-Founder & Managing Partner, XPAN Law Partners

    Rebecca L. Rakoski, Esq., is the managing partner at XPAN Law Partners. Rebecca counsels and defends public and private corporations, and their boards, during data breaches and responds to state/federal regulatory compliance and enforcement actions. She manages the intersection of state, federal, and international regulations that affect the transfer, storage, and collection of data to aggressively mitigate her client's litigation risks. As an experienced litigator, she has handled hundreds of matters in state and federal courts. Rebecca advises her clients on a proactive, multi-jurisdictional approach to identify and address data privacy and cybersecurity compliance gaps and potential liabilities. She works with clients to create and tailor a security and privacy governance program that fits their specific needs in order to limit their regulatory exposure.

    As a thought leader in the area of data privacy and cybersecurity, Rebecca serves on the New Jersey State Bar Association's Cyber Task Force. Rebecca is Vice-Chair Elect for the New Jersey State Bar Association's Bankruptcy Law Section, and also served on the Complex Business Litigation Committee that drafted and revised the Court Rules involving electronic discovery in complex litigation matters. She has been appointed in several litigation matters by the New Jersey Superior Court as a Discovery Special Master.

    Rebecca is on the Board of Governors for Temple University Health Systems, and is an adjunct professor at Drexel University’s Thomas R. Kline School of Law and Rowan University.

  • speaker photo
    Mariana Pereira
    Director, Email Security Products, Darktrace

    Mariana is the Director of Email Security Products at Darktrace, with a primary focus on the capabilities of AI cyber defenses against email-borne attacks. Mariana works closely with the development, analyst, and marketing teams to advise technical and non-technical audiences on how best to augment cyber resilience within the email domain, and how to implement AI technology as a means of defense. She speaks regularly at international events, with a specialty in presenting on sophisticated, AI-powered email attacks. She holds an MBA from the University of Chicago, and speaks several languages including French, Italian, and Portuguese.

  • speaker photo
    Grant Asplund
    Growth Technologies Evangelist, Check Point Software Technologies

    For more than 20 years, Grant Asplund has been sharing his insights on how businesses can best protect themselves from sophisticated cyber attacks in an increasingly complex world. As Check Point’s chief evangelist, he travels the world enthralling audiences with his passionate and relational storytelling at conferences like RSA and Next100 CIOs and numerous media interviews. Grant’s wide range of cybersecurity experience informs his talks, having served in diverse roles ranging from sales, marketing, business development, and senior management for Dome 9, Blue Coat Systems, Neustar, and Altor Networks. As CEO of MetalInfo, he led its acquisition by Neustar. Grant is the host of the TalkingCloud podcast (www.talkingcloud.podbean.com) on cloud security.

  • speaker photo
    Mike Stacy
    Global Director, Cloud and Information Protection, Proofpoint

    Mike Stacy is the Global Cloud and Information Protection Director at Proofpoint. Mike works with customers and oversees technical strategy for areas which include cloud security, advanced email defense, SOAR, browsing security, and SDP. Prior to joining Proofpoint, Mike held numerous technical leadership and product strategy roles across a variety of solutions.

  • speaker photo
    Michael Meyer
    Chief Risk and Innovation Officer, MRS BPO, LLC

    Michael Meyer, MPSTM, CISSP, CIPP/US, CIPM, FIP, CISM, CRVPM II, CRISC, CISA, is the Chief Risk and Innovation Officer of MRS BPO. He is responsible for overseeing the company’s enterprise innovation, risk management and security initiatives for its Fortune clients. Michael has been with MRS for over 20 years and previously served in the Chief Security and Chief Information Officer roles. He has a Master’s degree in Technology Management from Georgetown University and a Bachelor’s degree in Computer Science from Rutgers University. Prior to MRS, he owned a consulting company, taught secure government systems globally and was in Military Intelligence.

  • speaker photo
    Roger Grimes
    Data-Driven Defense Evangelist, KnowBe4

    Roger Grimes is a 30-year computer security consultant, instructor, holder of dozens of computer certifications and an award-winning author of 10 books and over 1,000 magazine articles on computer security. He has worked at some of the world’s largest computer security companies, including Foundstone, McAfee and Microsoft. Grimes holds a bachelor’s degree from Old Dominion University. He has been the weekly security columnist for InfoWorld and CSO magazines since 2005.

  • speaker photo
    Terry Ray
    SVP, Strategy and Imperva Fellow, Imperva

    Terry Ray is the SVP and Imperva Fellow for Imperva Inc. As a technology fellow, Terry supports all of Imperva’s business functions with his years of industry experience and expertise. Previously he served as Chief Technology Officer where he was responsible for developing and articulating the company’s technical vision and strategy, as well as, maintaining a deep knowledge of the Application and Data Security Solution and Threats Landscape.

    Earlier in his tenure at Imperva, he held the role of Chief Product Strategist where he consulted directly with Imperva’s strategic global customers on industry best practices, threat landscape, application and data security implementation and industry regulations. He continues to operate as an executive sponsor to strategic customers who benefit from having a bridge between both company’s executive teams. He was the first U.S.-based employee, and during his 15 years at Imperva, he has worked hundreds of data security projects to meet the security requirements of customers and regulators from every industry.

    Terry is a frequent speaker for RSA, ISSA, OWASP, ISACA, IANS, CDM, NLIT, The American Petroleum Institute, and other professional security and audit organizations in the Americas and abroad. Terry also provides expert commentary to the media and has been quoted in Security Week, SC Magazine, CBS News, the BBC, and others.

  • speaker photo
    David Gold
    Sr. Director, Sales Engineering, SentinelOne
  • speaker photo
    Salar Atrizadeh, Esq.
    Attorney at Law, Law Offices of Salar Atrizadeh

    Salar Atrizadeh, Esq. is an attorney and IT expert with an extensive background in technology and computer information services. He has conducted seminars before legal and non-legal organizations on similar topics. Salar is licensed to practice in the State of California, District of Columbia, and the United States District and Bankruptcy Courts and holds a bachelor's of science degree in computer information systems with a minor in database management systems.

  • speaker photo
    Jayson Salazar
    Sr. Security Automation Engineer, GitLab Inc.

    Former software engineer and penetration tester, nowadays Sr. Security Automation Engineer at GitLab.

  • speaker photo
    James Christiansen
    CSO & VP, Cloud Security Transformation, Netskope

    James Christiansen is Netskope’s vice president of cloud security transformation and leader of the Global Chief Strategy Office. He is focused on enhancing Netskope’s global clients understand the challenges and solutions of cloud deployments by helping drive thought leadership in cloud security transformation.

    James brings extensive expertise as a global leader in information security. Prior to joining Netskope, he was vice president CISO at Teradata where he led the global security, physical, and information security teams. Previously, James was vice president of information risk management at Optiv, chief information risk officer for Evantix, and CISO at Experian Americas, General Motors, and Visa International.

    As a sought-after expert speaker on security, James has been featured at numerous prestigious events, including the Business Roundtable, Research Board, American Bar Association, American Banker, the RSA Conference, BankInfoSecurity, ISSA, ISACA, HIMSS, and MIS Training Institute. He has also been featured in The New York Times and quoted as an expert in USA Today, The Wall Street Journal, Reuters, United States Cybersecurity Magazine, Bloomberg, and Healthcare IT News.

    James is a patent inventor and has received three innovation awards in cyber security, GRC, and cloud computing. He is the author of the Internet Survival Series and contributing author of CISO Essentials, as well as numerous industry papers.

  • speaker photo
    Brian Robison
    Chief Evangelist & Sr. Director, Product Marketing, BlackBerry

    Brian Robison is the Senior Director, Product Marketing and Chief Evangelist at BlackBerry (formerly Cylance), where he educates the world that preventing cybersecurity threats is actually possible and a much better approach than detecting and responding after an attack. With over 20 years' of cybersecurity experience, Robison is a regular speaker at industry events such as RSA, Black Hat, and thought leadership forums. Prior to joining BlackBerry, Robison worked to defend organizations from mobile security threats—three years as a director at Citrix XenMobile and two years driving enterprise strategy at Good Technology. Robison also spent over six years at McAfee with a special focus on end-point security leading efforts. During this time, he also managed vulnerability and policy compliance solutions.

  • speaker photo
    Michael Lopez
    Director of Cloud Services, AccessIT Group

    Mike Lopez, Director of Cloud Services at AccessIT Group, has a history of designing cloud architecture with a security focused approach for government and fortune 500 clients. He has worked with private and public cloud environments including AWS, Azure, Oracle, and Google Cloud. Mike leads AccessIT Group’s Cloud practice by helping its customers create strategies for their cloud adoption through a vendor agnostic holistic approach to cloud security. Because of his mixed background, he bridges the traditional gap between security and development teams, helping them work together in the cloud journey. Prior to his role at AccessIT Group, Mike was the Lead Consultant of Professional Services at Check Point Software Technologies and served as the subject matter expert for their cloud security products. As a cloud specialist, Mike is AWS and Azure certified and maintains Check Point CCSE and CCVSE certifications.

  • speaker photo
    Grant Asplund
    Growth Technologies Evangelist, Check Point Software Technologies

    For more than 20 years, Grant Asplund has been sharing his insights on how businesses can best protect themselves from sophisticated cyber attacks in an increasingly complex world. As Check Point’s chief evangelist, he travels the world enthralling audiences with his passionate and relational storytelling at conferences like RSA and Next100 CIOs and numerous media interviews. Grant’s wide range of cybersecurity experience informs his talks, having served in diverse roles ranging from sales, marketing, business development, and senior management for Dome 9, Blue Coat Systems, Neustar, and Altor Networks. As CEO of MetalInfo, he led its acquisition by Neustar. Grant is the host of the TalkingCloud podcast (www.talkingcloud.podbean.com) on cloud security.

  • speaker photo
    Piyali Das
    Sr. Director, Information Security Risk Management, The College Board

    Piyali Das has a proven 16-year track record of leading Information Security and Information Technology enterprise-wide initiatives. This includes success in risk-based prioritization of security initiatives and the resolution of complex issues cost effectively. She has also directed complex cross-functional projects across the enterprise resulting in exceptional operational outcomes. Her core competencies include Information Security Risk Management, Risk and Compliance Frameworks (NIST, ISO, PCI, SOC, SOX, COBIT, OWASP, SIG), Third-party Risk Management, Risk Metrics and Dashboards, Risk-based Prioritization, Collaboration and Communication, Process Improvements, Customer-Focus, Vendors and Personnel Management, Security Awareness Training and Phishing Simulation, and AWS Cloud Security Controls.

  • speaker photo
    Jose Barajas
    Technical Director of NA, Sales Engineering, AttackIQ

    Jose Barajas is Technical Director, NA Sales Engineering AttackIQ. He has over a decade of experience as a security researcher reverse-engineering malware and developing security controls and analytics. At AttackIQ, he now focuses on improving security control efficacy through attacker behavior emulation and establishing continuous security validation programs. Jose has presented at Black Hat, Globaltek Security Conference, and ISACA Security Conference.

  • speaker photo
    Jay Venkatraj
    Sr. Solutions Engineer, Okta
  • speaker photo
    Crane Hassold
    Sr. Director, Threat Research, Agari
  • speaker photo
    Meera Rao
    Sr. Director, Product Management, Synopsys

    Ms. Meera Rao is a Senior Director of Product Management, focusing on DevOps solutions at Synopsys, Inc. Ms. Meera has over 20 years of experience in software development organizations in a variety of roles including Architect, Lead Developer, and Project Manager, and Security Architect. Ms. Meera has been working as a trusted adviser to Fortune 500 companies, helping them achieve realistic goals for practical CI/CD & DevSecOps. She advises organizations in defining, implementing, maturing, scaling and measuring DevSecOps. Ms. Meera is very passionate about getting more women working in the technology industry. Ms. Meera participates, presents, and speaks at several conferences, spreading her knowledge of security and the importance of women in the technology workforce. Meera was awarded the SecDevOps Trailblazer award from SecuritySerious in London in 2018. Meera was a finalist in the Computing Women in IT Excellence Awards 2019 for Role Model of the Year.

  • speaker photo
    Joe Walsh
    M.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University

    Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for 13 years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor's degree in Information Systems, a master's degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D. in Information Systems with a concentration in Cybersecurity.

  • speaker photo
    Jason LeDuc
    Director, Risk Management Services, AccessIT Group
  • speaker photo
    Harrison Parker
    Solutions Architect, Siemplify

    Harrison holds a Bachelor's in Computer Science from Harvard University.

  • speaker photo
    Jordan Fischer
    Cyber Attorney, Global Leader of Privacy Practice Group, Beckage Law

    Jordan Fischer leads Beckage's Global Privacy Team, where she represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Moderator: Larry Chinski
    Vice President, Global IAM Strategy, One Identity
  • speaker photo
    Deidre Diamond
    Founder and CEO, CyberSN and Secure Diversity

    Talent and technology veteran, Deidre Diamond has created the largest cybersecurity talent acquisition service and technology firm in the U.S. This vision is now a revolutionary job platform called KnowMore. Deidre is also the founder of Secure Diversity, an organization which empowers all genders, specifically women, to find career opportunities in cybersecurity. Prior, Deidre was CEO of Percussion Software, the first VP of Sales at Rapid7, and VP of Staffing and Recruiting for Motion Recruitment.

  • speaker photo
    Tommy Todd
    Vice President of Security, Code42

    Tommy Todd is Vice President of Security at Code42 with over 20 years of cybersecurity experience, primarily focused on data privacy and data protection strategies. Prior to Code42, Tommy served in security roles at Symantec, Ionic Security, and Optiv as well as many other firms. Throughout his career, he has acted as a leader, mentor, engineer, architect, and consultant to solve difficult data protection challenges. Tommy is passionate about data – both consumer and commercial – and strives to improve the security posture in organizations he works with.

    Tommy earned his CISSP certification in 2007 and is an active member of the security community, both as a participant and as a public speaker, providing thought leadership on a wide range of security topics. He has spoken at his local DEF CON chapter meetings and regularly speaks on behalf of Code42 to help educate security professionals around collaboration-focused security solutions and practices.

  • speaker photo
    Alex Kirk
    Global Principal Engineer, Corelight

    Alex Kirk is an open source security veteran, with a combined 17 years at Sourcefire, Cisco, Tenable, and now Corelight, where he serves as Global Principal for Suricata. Formerly a malware zookeeper and IDS signature writer, today he spends his time helping SOC analysts and advising on security policy for government agencies, universities, and large corporations around the world.

  • speaker photo
    Tony Lee
    VP, Global Services Technical Operations, BlackBerry
  • speaker photo
    Ryan Aleman
    Director, Solution Architect , Armis

    Ryan Aleman is a Director of Solutions Architect at Armis. In this role, Ryan is at the forefront of the developing landscape of unagentable devices. With an extensive background in security and technical environment management, Ryan has worked extensively to find passive, agentless security solutions in the medical, industrial, and IoT spaces, along with traditional enterprise environments.

  • speaker photo
    Kevin Santarina
    Sr. Presales Systems Engineer, Arctic Wolf Networks
  • speaker photo
    Peter Klimek
    Director of Technology - Office of the CTO, Imperva
  • speaker photo
    Bruno Almeida
    Cloud Overlay Sales Engineer, Gigamon

    Bruno Almeida is a Sales Engineer at Gigamon, where he partners with customers to help them ensure continuous security and monitoring of cloud and data center services during their digital transformation journeys. He has over a decade of experience in the IT infrastructure space. Before joining Gigamon, Bruno worked for several firms in the managed service provider space, including Regra SA and Alphaserve Technologies. Bruno holds several industry certifications including AWS Solutions Architect, Azure Fundamentals, and VMware Certified Professional. He received his bachelor's degree in Electrotechnical and Computers Engineering from Instituto Superior Técnico in Lisbon, Portugal.

  • speaker photo
    Nathan Wenzler
    Chief Security Strategist, Tenable, Inc.

    Nathan Wenzler is the Chief Security Strategist at Tenable, the Cyber Exposure company. Nathan has over two decades of experience designing, implementing, and managing both technical and non-technical security solutions for IT and information security organizations. He has helped government agencies and Fortune 1000 companies alike build new information security programs from scratch, as well as improve and broaden existing programs with a focus on process, workflow, risk management, and the personnel side of a successful security program.

    Nathan brings his expertise in vulnerability management and Cyber Exposure to executives and security professionals around the globe in order to help them mature their security strategy, understand their cyber risk, and measurably improve their overall security posture.

  • speaker photo
    Paul Kitor
    Application Security Solution Architect, Contrast Security
  • speaker photo
    Vana Khurana
    Sr. Solutions Architect , The Vanguard Group

    Vana Khurana is CISSP, AWS Certified Architect (A), CCSP, CCSK, GSEC, and TOGAF certified. Vana serves as Director of Training and a Board Member of Cloud Security Alliance Delaware Valley Chapter. She is also an Adjunct Faculty at Temple University, Philadelphia. Vana has authored the book "IT Process Management," available on Amazon.

  • speaker photo
    John Grim
    Head of Research, Development, Innovation, Verizon Threat Research Advisory Center

    John has over 17 years of experience investigating, and leading teams investigating, data breaches and cybersecurity incidents within the government and civilian security sectors. Currently, John heads the Verizon Threat Research Advisory Center (VTRAC) research, development, and innovation effort. In this role, he focuses on researching cybersecurity incidents, performing digital forensic examinations, advising on data breach containment and eradication efforts, and creating data breach response preparedness training and breach simulation exercises for customers worldwide. Prior to joining Verizon, John served 12 years with the U.S. Army investigating security-related incidents with eight years specifically focused on network intrusion investigations and forensic examinations.

  • speaker photo
    Chris Pin
    VP, Security and Privacy, PKWARE

    Chris Pin serves as PKWARE’s VP, Security and Privacy. In this role, Chris drives value and awareness for all PKWARE customers regarding the various challenges that both privacy and security regulations bring to the data-driven world. He works closely with all customers and potential customers to help them better understand how PKWARE solutions best fit into their environments and processes. He also works very closely with many other departments such as Sales, Marketing, Partners, and Product to help build brand awareness and product insights.

    With over 15 years of experience, Chris’s career began at the Pentagon where he supported the Army Headquarters as a Systems Engineer. Following his tenure at the Pentagon, he transitioned into global architecture and engineering for SOCOM, focusing on global networks and security. This is where he developed a deep understanding of what it takes to operate global networks at scale while ensuring the best security and privacy without jeopardizing the end-user experience.

    Prior to joining PKWARE as part of the Dataguise acquisition, Chris spent four years at Costco leading the data center migration of the e-commerce domain before transitioning into Privacy and Compliance where he was a PCI-ISA and assisted through yearly PCI assessments. Most notably, Chris also led Costco’s GDPR and CCPA efforts on a global scale, working with teams across the company, Infosec, development, policy, legal, employee education, change review, marketing, HR, buyers, and more.

    Chris has a CIPM certification and studied Aviation Management at Dowling College. When not working, he enjoys spending time with family, flying drones, kayaking, and adventuring the Pacific Northwest.

  • speaker photo
    John Weiler
    Chairman of the Board, CMMC Center of Excellence

    John Weiler is currently the CEO and CIO of a congressionally charted IT "do tank" called IT-AAC. He has forged partnerships with two dozen leading non-profits and federal agencies committed to the Digital Transformation of the federal IT sector.

    He has 40 years of IT Management, Solution Engineering, and Architecture experiences, covering both private and public sectors. His expertise has taken him from senior leadership roles in Fortune 1000 companies (May Dept Stores, Giant Food, Boeing) to non-profit (Object Management Group, Interop. Clearinghouse), to high technology companies (Oracle, Excalibur, ParcPlace, Kodak, BAH, CACI).

  • speaker photo
    Adam Leisring
    Chief Risk Officer & CISO, Paycor

    Adam is the Chief Information Security Officer for Paycor, one of the largest independently held Human Capital Management companies in America. He oversees Information Security for Paycor’s 1,400 associates, as well as Paycor’s 30,000 clients of their award-winning SaaS product. In past positions, he has served in leadership roles including Technical Services and Operations, Enterprise Architecture, and Software Engineering. Adam holds CISSP and CISM certifications, as well as a Master’s Certificate in Corporate Information Security. Adam is a volunteer in ISC(2)'s Safe and Secure Online program, which spreads security awareness to children at local schools. He also plays jazz trumpet in non-profit “Jump and Jive” big band in Cincinnati, donating proceeds to area schools for music education.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store