- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, November 13, 20248:30 amExhibitor Hall openRegistration Level:
- Open Sessions
8:30 am - 3:00 pmLocation / Room: Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
9:00 am[Opening Keynote] Drag Racing & Cybersecurity: The CrossoverAssociate CISO, St. Luke's University Health NetworkRegistration Level:- Open Sessions
9:00 am - 9:45 amYou’d be amazed what you can learn from everyday hobbies or obstacles to help you become a better practitioner. Krista Arndt shares a very personal story of survival after a bad drag racing accident in 2015. It was a life-altering experience and provided perspective on her personal and professional life that drives her every day as a loving mom and wife, volunteer, and successful CISO.
9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:00 amLocation / Room: Exhibitor FloorVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:00 amSocial Engineering: Training the Human FirewallTeam Leader of Information Security, GarminRegistration Level:- Open Sessions
10:00 am - 10:45 amPhishing is one of the leading cyberattacks worldwide, resulting in numerous social engineering training exercises to train average users to defend against these attacks. This discussion focuses on research that took a pool of users with three different phishing campaigns. Each campaign progressively has a phish that should be more advanced to spot than the previous phish presented. The research shows the psychological reasoning behind why a user will interact with a phish, regardless of educational awareness. Results include why a 0% or 100% report rate is unrealistic and how to use phishing metrics to quantify risk in a business.
10:00 amPig Butchering, BEC, and Artificial Intelligence: What the Secret Service Wants You to KnowRegistration Level:- Open Sessions
10:00 am - 10:45 amSession description to come.
10:00 amConverged Identity Platforms: The Power of OneRegistration Level:- Open Sessions
10:00 am - 10:45 amIdentity security has quickly become the keystone for strong cybersecurity programs. But many identity security programs suffer from the same challenges as others – a series of disjointed point solutions that do little to simplify management and governance, limiting overall program effectiveness. Lack of cohesive programs increase costs, complicate tech stacks, and limit buy-in from the rest of the organization which does little to minimize enterprise risk.
In this presentation, Saviynt Vice President of Product Management John Wang will discuss the key concepts that have proven successful for organizations adopting converged identity platforms and how they can streamline security programs, limit enterprise risk, and reduce total cost of ownership – all while increasing ROI.
Discussion topics for this session will include:
- Today’s identity security challenges
- Drawbacks of point solutions
- Defining convergence
- The business benefits of CIPs
- Choosing the right CIP for you
10:45 amNetworking BreakRegistration Level:- Open Sessions
10:45 am - 11:00 amVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
11:00 amThe Future of Quantum Computing and AISecurity ResearcherRegistration Level:- Open Sessions
11:00 am - 11:45 amSession description coming soon.
11:00 amSecuring Your Sensitive Assets in a Cloud-First WorldRegistration Level:- Open Sessions
11:00 am - 11:45 amKey take-away:
How to rethink database security controls in a cloud-first world.For most organizations, data repositories hold our most sensitive, mission critical assets. As enterprises continue their digital transformation journeys, data repositories and the sensitive assets within are more exposed than ever before for several reasons, including a dramatic rise in the:
- Amount of data created, collected, and stored
- Number of repositories storing sensitive data across clouds
- Number of users and applications that need access to data
11:00 amDemystifying Zero Trust and Its Role in CybersecurityRegistration Level:- Open Sessions
11:00 am - 11:45 am11:45 amNetworking BreakRegistration Level:- Open Sessions
11:45 am - 12:00 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
12:00 pmSecuring the Supply ChainRegistration Level:- Open Sessions
12:00 pm - 12:45 pmA discussion of managing third-party risk and how to manage expectations and contracts with vendors.
12:00 pmLessons from a CISO: Increasing Your Cybersecurity Footprint Despite Worn SolesRegistration Level:- Open Sessions
12:00 pm - 12:45 pmIn a time of decreasing budgets, CISOs are increasingly faced with the challenge of doing more with less. In this informative keynote, Michael Gregg discusses how he grew his state’s cyber coverage from 25,000 to 250,000 endpoints. Learn how he optimized SOC operations and embraced AI to increase efficiencies and improve response times while reducing costs.
12:00 pmTelling Your Cybersecurity Story: Meeting the SEC’s New Disclosure RequirementsRegistration Level:- Open Sessions
12:00 pm - 12:45 pmGroundbreaking new cybersecurity regulations from the U.S. Securities and Exchange Commission (SEC) now require companies to disclose critical information about their cybersecurity programs to investors and shareholders.
How can technology leaders effectively tell their company’s cybersecurity story now? What do investors want — and need — to know about cybersecurity?
This session will help attendees understand the new requirements, learn real-world examples of effective cybersecurity disclosure, and identify future initiatives.
12:45 pmNetworking BreakRegistration Level:- Open Sessions
12:45 pm - 1:00 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:00 pmISACA Chapter MeetingRegistration Level:- Open Sessions
1:00 pm - 1:45 pmOpen to all attendees. Hear from leaders of your local ISACA chapter.
1:00 pmSecure by Default: Evolving Security ExpectationsRegistration Level:- Open Sessions
1:00 pm - 1:45 pmCISA recently released their paper on “Secure by Design, Secure by Default” software that has support from seven major governments. It is meant to make significant, achievable improvements in software security. We will discuss the Secure by Default concept, why it is important, and what customers and vendors can do about it today.
1:00 pmHow to Manage AI Risk to Let Innovation ProsperRegistration Level:- Open Sessions
1:00 pm - 1:45 pmJoin this risk-and-compliance-crossover session to learn how to navigate the complexities of AI risk and create a secure environment for innovation. While AI is often seen for its tremendous benefits or doomsday scenarios, attorneys and regulators actually advocate for a balanced approach that treats AI risk like any other risk assessment—considering priorities, efficiencies, security, and more. This session will examine AI risk from legal, regulatory, technical, and cultural perspectives, offering strategies to balance these without hindering AI-driven advancements. We all aim to be the “first out of the gate” in AI, but we must get there safely.
1:00 pmCybersecurity as a Business DriverRegistration Level:- Open Sessions
1:00 pm - 1:45 pmSavvy would-be customers be research companies and typically prefer to do business with those who have good cyber hygiene. How can a strong security posture be a business driver for your organization?
1:45 pmNetworking BreakRegistration Level:- Open Sessions
1:45 pm - 2:00 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:00 pmCyber Intel BriefingCNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLCFounding Partner, CYFORIX (Former CISO & Sr. Executive at Keurig Dr Pepper, Comcast, HD Supply, and GE)Registration Level:- Open Sessions
2:00 pm - 2:45 pmSession description to come.
2:00 pmReading the Tea Leaves: What to Expect from Your 2025 Cyber Insurance RenewalVice President, Cyber Liability, Woodruff SawyerCISO, The Anschutz CorporationAdjunct Professor, Baylor School of Law; AVP, Cyber Solutions Team Leader, Crum & ForsterRegistration Level:- Open Sessions
2:00 pm - 2:45 pmThe claims environment remains fraught with cyber threats, particularly ransomware. At the same time, privacy concerns continue to escalate, with a heightened focus on data protection, biometric security, and non-breach privacy claims. Regulatory scrutiny from the FTC and State Privacy Regulators further emphasizes the need for robust cybersecurity measures.
To effectively mitigate risks, organizations must prioritize controls such as EDR, DLP, privileged account management, and technology product risk management. A proactive approach to third-party risk management and supply chain resilience is also essential. Culture and awareness training play a pivotal role in fostering a security-conscious workforce.
Maximizing cyber insurance efforts requires collaboration across departments. CISOs should engage with risk managers and legal teams to ensure alignment in coverage discussions and budget allocation. Cyber underwriting exercises can provide valuable insights for business impact assessments and audit committee reviews, fostering a shared understanding of risk and mitigation strategies.
- AutomoxBooth:
Automox tackles one of today’s biggest cybersecurity challenges: misconfigured and out-of-date systems that can easily be exploited. Legacy tools simply cannot remediate known vulnerabilities as efficiently as modern IT demands. Automox is rewriting those rules with a cloud-native endpoint hardening platform that delivers unprecedented speed, simplicity, and automation—whether it is on-prem, in the cloud, or on the move.
- ISACABooth:
As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.
- Krista ArndtAssociate CISO, St. Luke's University Health Network
Krista Arndt is the Associate CISO at SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day to day operational effectiveness. Krista has been working in information security in various capacities for more than 15 years. In her previous roles, Krista assisted with developing and leading security programs in national healthcare, crypto, finance, and the Department of Defense. She currently holds her CISM and CRISC certifications and NHRA competition driver's license.
Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council, and is Marketing Committee Chair for Women in CyberSecurity (WiCyS) Delaware Valley Affiliate. Through this service, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.
When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.
- Reanna SchultzTeam Leader of Information Security, Garmin
Reanna Schultz is from Kansas City, MO, and attended the University of Central Missouri (UCM). She graduated in 2018 with her Bachelor of Science in Cybersecurity: Secure Software Development and in 2020 for Master of Science in Cybersecurity: Information Assurance. While being in the industry, Reanna has been exposed to numerous SANS hosted classes. Reanna volunteers as a National Cyber League coach and provides her industry expertise by doing guest speaker talks for numerous colleges and high schools across the Midwest to STEM students. Reanna currently works as a Team Lead at Garmin and directly reports out of their SOC.
- John OMalleySecurity Researcher
- Col. Cedric LeightonCNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC
Cedric Leighton is a CNN Military Analyst and a retired United States Air Force Colonel. On CNN, he has provided incisive commentaries on the Israel-Hamas War, the War in Ukraine, the U.S. withdrawal from Afghanistan, and numerous other conflicts around the world. His analysis has been seen by millions of viewers around the world and provided much needed context to some of the most pressing national security issues of our time. As a U.S. Air Force officer, Colonel Leighton served at U.S. Special Operations Command, the Joint Staff, and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star. After serving 26 years as a U.S. Air Force Intelligence Officer, Col. Leighton founded a strategic risk consultancy and became the co-founder of CYFORIX, where he advises multinational businesses on developing better cyber strategies designed to reduce risk and unpredictability.
- VJ ViswanathanFounding Partner, CYFORIX (Former CISO & Sr. Executive at Keurig Dr Pepper, Comcast, HD Supply, and GE)
VJ Viswanathan is a seasoned technology executive recognized and awarded for innovation, business capability transformation, and thoughtful mentorship. Most recently, VJ is the founding partner at CYFORIX, a global cybersecurity research, advisory, and strategic consulting firm delivering solutions to public and private sectors. He also serves as the CEO at TORQE, a specialized advisory firm focused on analytics, automation, and convergent technologies. VJ is the co-host of ELEVATEINTEL, a podcast series at the nexus of technology, social, and defense.
With more than 25 years of pioneering enterprise technology, cybersecurity, privacy, and compliance & risk management experience, VJ has a detailed track record of designing, implementing, and leading highly successful programs, products, and services at multinational Fortune 100 brands spanning CPG, telecom, media, supply chain, healthcare, and finance segments. As a strategic thought leader, VJ has delivered the first of its kind "Supply Chain Security" & “Omni-channel Risk Management” frameworks. As a published author and featured keynote speaker at global industry events, he approaches disruptive digital paradigms with innovation, creativity, and active collaboration with his key industry peers, researchers, national & international law enforcement, and defense groups.
VJ is an active mentor at various incubators and accelerators groups, serves as an advisory board member for growth stage companies. As a strategic adviser to VC & PE firms, he specializes in developing market analysis, competitive product road maps, and guides in opportunity mapping. As a board member and subject matter advisor to CEOs and corporate directors, VJ evaluates and audits enterprise technology and cybersecurity programs for veracity and operational effectiveness.
VJ is passionate about animal rights and giving back to the technology and security industry. He has created a rescue and foster care group for large breed dogs. He is actively engaged with academic institutions and purpose-driven professional groups like Minorities in Cyber Security, where he serves as a board member and chair of mentorship programs to develop the next generation talent through coaching and facilitating scholarships for technology and cybersecurity education.
- David AndersonVice President, Cyber Liability, Woodruff Sawyer
David focuses on complex cyber, privacy, technology, and professional liability issues and is a dedicated and fierce advocate for his clients.
- Sam MasielloCISO, The Anschutz Corporation
Sam Masiello has been working with email, messaging, and fighting internet pollution for over 25 years. Prior to The Anschutz Corporation, he served as the CISO at Gates Corporation, where he was responsible for the company's data security, risk, and global compliance initiatives. Before that, he was CISO at TeleTech, where he oversaw the protection of employee, consumer, and customer data for all of the organization's clients, which included many Fortune 500 companies.
Sam has also been the Chief Security Officer, Head of Application Security, and Head of Security Research at companies such as Groupon, Return Path, and McAfee. He currently serves as Director-at-Large of The Coalition Against Unsolicited Commercial Email (CAUCE), National Advisory Board Member for SecureWorld, and is an Executive Board Member of Colorado Cyber. He has previously served as a member of the Board of Directors for the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG), the Steering Committee of the Online Trust Alliance (OTA), and a member of the Anti-Phishing Working Group (APWG).
- Violet SullivanAdjunct Professor, Baylor School of Law; AVP, Cyber Solutions Team Leader, Crum & Forster
Violet Sullivan works with insurance carriers, trade associations, and individual business clients from around the world providing expert guidance on cybersecurity threat management and response. She represents Crum & Forster within the legal, insurance, and risk management channels to develop long-term relationships, recurring revenue, and new business growth. Ms. Sullivan is a licensed attorney in Texas and Pennsylvania and a Certified Information Privacy Professional (CIPP/US), with her JD and MBA degrees from Baylor University. In addition to her full-time role, Violet serves as a professor of Cybersecurity & Privacy Law for Baylor Law School’s LL.M. Degree in Litigation Management, the first of its kind nationwide. Her diverse practice experience at both the individual and policy levels has prepared her for developing new tools and approaches to solving what is fast-becoming a pervasive and costly challenge in modern industry: how to respond to a cybersecurity incident.
Early in her career, Violet worked on the incident responses for some of the largest and most notable data breaches to date, including: Home Depot, Sony, and Anthem. Her experience in managing scaled breach responses led to her expertise and proficiency in proactively preparing organizations for cyber incidents. In the past eight years, she has facilitated over 450 cyber incident simulations (tabletops) for public and private sector companies, including many Fortune 100 companies.
As a cybersecurity and privacy attorney, Violet provides consulting services to respond to the needs of various cybersecurity programs. She reviews and develops customized incident response plans to ensure organizations are prepared to respond efficiently and effectively to a data breach. Violet also helps improve internal coordination by facilitating customized tabletop simulations focused on "pressure-testing" an organization's incident response procedures and protocols. Each of these customer-facing services mentioned has been built and developed for the purpose of creating long-standing relationships that turn to Violet for guidance, referrals, questions, and future projects.
As a cybersecurity and privacy professor, Violet developed the entire curriculum for an innovative course on cybersecurity and privacy law for licensed attorneys working toward their LL.M. degree. The specific focus on litigation management has made Sullivan’s course and her lecture series uniquely valuable to experts across the United States.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Learn from cyber leaders on relevant, timely security topics. Reserve your spot today!