googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Tuesday, September 24, 2019
    9:00 am
    [SecureWorld PLUS] Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    9 a.m. - 3 p.m. • Earn 12 CPEs!
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm
    Location / Room: Harold Square

    The University of Massachusetts has developed a 6-hour SecureWorld PLUS training class that instructs attendees on the best practices for designing, building, and maintaining a cybersecurity program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the Framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program, and a Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M), and Executive Report

    The class will help individuals and organizations acquire knowledge, skills, and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the instructor:

    • Larry Wilson is the CISO for UMass President’s Office since 2009.
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation.
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past five years.
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework.

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
  • Wednesday, September 25, 2019
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:30 am
    Don't WannaDie: Using a Zero Trust Approach to Secure Healthcare
    • session level icon
    speaker photo
    AVP, Information Security, Interfaith Medical Center
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Grammercy Park

    A hospital falling victim to ransomware has become an all too frequent occurrence and one that everyone should be worried about. The WannaCry attack not only took out computer systems at many hospitals worldwide, but also demonstrated that ransomware had the ability to compromise medical devices, proving that ransomware and other cyber threats not only pose a risk to patient information but also to patient safety. These attacks gave a new and wholly unacceptable meaning to the term Denial of Service, and healthcare organizations need to take measures to protect their information systems and medical device deployments against such attacks.

    This session will demonstrate the need for zero trust by walking attendees through how to simulate a mass malware outbreak and will then discuss taking network segmentation to the next level and implementing a zero trust approach to security whereby every device on the network is restricted to just essential communications. The session will also provide an in depth description of the approach used to achieve zero trust in a multi-site medical center.

    8:30 am
    Mitigating Social Engineering Attacks: Knowledge Is Power
    • session level icon
    speaker photo
    Director, Information Risk Management, Verizon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Sutton Place

    Too many of us have called end-users the weakest link in security, and this has been going on for a long time. Now, however, some security practitioners are challenging this concept and championing the user as the strongest link. It is a realization that our primary focus on technology can fall short because of the importance of the human element.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    8:30 am
    Intentional Data Privacy: California Consumer Privacy Act
    • session level icon
    Now is the time to prepare for changes required by California's new privacy law
    speaker photo
    Attorney, Trusted Counsel
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Herold Square
    Michael will be giving away an Echo Show and Echo Dot during this breakout session!

    I. What intentional data privacy means
    II. Background and overview of CCPA
    III. Affected entities and applicability(assume your business must comply)
    IV. New consumer rights under the CCPA
    V. Noncompliance could be costly
    VI. Best practices for compliance ( data, privacy notices and policies, consumer rights, third party service provider, systems training, and process)
    VII. CCPA readiness assessment program (data mapping, gap analysis, revised policies, ongoing privacy compliance plan etc…)

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    [OPENING KEYNOTE] Securing the Enterprise: Challenges and Trends in the Age of Fake News and Real Threats
    • session level icon
    speaker photo
    Director, Cyber Intelligence and Investigations, NYPD
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Enterprise information security vulnerabilities are being created at an accelerating pace by asymmetric migration paths along the route from traditional to cloud-native architectures. As we look to the next five years, this dynamic and the closely related issues around third-party risk, raise significant risks to enterprises across a range of industries. This keynote will set forth some high-level mitigation strategies.

    As enterprise grapples with uneven migration to a cloud-native model, government computing resources are being stretched dangerously thin by a failure to embrace cloud, the Internet of Things, and interconnectivity in a serious way, and are threatened by legacy zero-sum budgetary decisions that have proved disastrous for cities large and small. Local and county governments are particularly challenged as tactical pocket purchases are driving the bus despite an absence of cogent information technology strategies. The result has been the creation of significant vulnerabilities in systems that have grown far more interconnected than ever planned. This keynote will mention some initiatives New York City has taken on to combat these issues, highlighting innovative and effective partnerships. Initiatives include Cyber Critical Services and Infrastructure (CCSI); NYC Cyber Command; and an intensive focus by the NYPD and its law enforcement partners on shoring up its efforts against cyber native and cyber enabled crime.

    Finally, it’s not just local and county governments – states and the US Federal government are faced with very tough choices as nation-state actors continue to show interest in, at a minimum, probing, if not interfering with, US systems. It’s a great time to be in the cyber security business!

    10:30 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:30 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: Gaps in the Cybersecurity Workforce
    speaker photo
    Director, Audit and Compliance, CipherTechs, Inc.
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: VIP Skylounge
    11:15 am
    [Trend Micro] Automate Prevention, Detection and Response in the Cloud
    • session level icon
    speaker photo
    Lead Cybersecurity Consultant, Trend Micro
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Sutton Place

    Today’s advanced threats are designed to bypass traditional cybersecurity defenses and compromise sensitive corporate data. Technologies such as EDR, MDR paired with the Mitre Atta&ck knowledge base allow, organizations to go beyond traditional anti-malware testing and never fall a step behind evolving threat actors. Join us for a high-level beginner talk that will be hosted by Tim Miller, Sales Engineer at Trend Micro.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    11:15 am
    [OneTrust] CCPA: 5-Step Guide to California Consumer Privacy Act Compliance
    • session level icon
    speaker photo
    Solutions Engineer, OneTrust
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Grammercy Park
    With the clock ticking down until the California Consumer Privacy Act (CCPA) comes into effect on Jan. 1, 2020, many companies are struggling to understand the sweeping new privacy law, its impact on the business, and how to manage compliance across a matrix of global privacy laws. While there are still amendments to be settled before 2020, there are several few key ways to get ready for the CCPA’s privacy governance and consumer rights requirements. In this session, we’ll outline what this new law means for your business, detail what changes to expect to see before it’s put into effect, and lay out a 5-step guide to demonstrating on-going compliance the CCPA. We’ll also share findings from research conducted with the International Association of Privacy Professionals (IAPP) on how ready (or not) businesses are for the CCPA, what factors are driving compliance and how the GDPR fits into CCPA readiness.

    Presentation Level: TECHNICAL (deeper dive including TTPs)

    11:15 am
    [Avanan] How Hackers Bypass Email Security: An Attack Guide for the Uninitiated
    • session level icon
    speaker photo
    Co-Founder & Chief Privacy Officer, Avanan
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Herold Square

    The scale of email migration to the cloud requires a strategic shift in security for collaboration suites. The Office 365 inbox and user credentials are the #1 target for hackers. 90% of breaches start with email and the security incident orchestration, automation and response workload drains resources from the SOC team.  Sharing insights from research, Michael will demonstrate the techniques attackers use to bypass Microsoft’s defenses, fool filters, and launch attacks.
    We will discuss how CISOs have started to adopt a continuous adaptive risk and trust assessment mindset to protect inboxes from the evolving threats including phishing, account takeover and business email compromise.

     

    12:15 pm
    Zero to 60: Making Security Programmatic and Cultural at Princeton University
    • session level icon
    speaker photo
    CISO, Princeton University
    speaker photo
    Information Security Awareness and Training Program Manager, Princeton University
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Join members of Princeton University’s Information Security Office as they discuss their mission, focus, and critical successes. Princeton’s multi-year program has already made an impact on the campus’s security mindset, including risk reduction, implementing new technologies, broadening security knowledge, and strengthening campus partnerships. From position papers, a secure password manager, and a creative awareness model, find out how this Ivy League institution went from zero to 60. Learn about Princeton’s approach to making security thinking both programmatic and cultural, and learn about ideas you can apply to your own organization.

    Presentation level: MANAGERIAL (security and business leaders)

    1:15 pm
    Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Sutton Place

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
    Panelists:
    Jeff Miller, Arctic Wolf
    Eddie Doyle, Check Point Security
    John Linzy, Bitdefender
    Roman Garber, Security Innovation
    Moderator: Julian Cohen, CISO, Tagomi

    1:15 pm
    Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Grammercy Park

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
    Panelists:
    Michael Landewe, Avanan
    Denis Calderone, TBG Security
    Ross Dyer, Trend Micro
    Marija Strazdas, Alert Logic
    Moderator: Sandy Bacik, Bacik Enterprises

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Networking Break — Dash for Prizes and CyberHunt winners announced
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have your badge scanned with participating exhibitors throughout the day. Past prizes have included Kindles, Bose wireless headphones, gift cards, iPads, drones, and more! *Must be present to win.

    3:00 pm
    A Survey of U.S. Domestic Security and Privacy Laws: The Evolving Landscape
    • session level icon
    speaker photo
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Sutton Place

    The U.S. legal framework for cybersecurity and data privacy continues to evolve, trying to stay abreast of the ever-evolving and changing technologies. In the past year, state and federal regulatory changes have altered the legal and compliance obligations of many companies across a variety of industries. Additionally, the courts are starting to adopt opinions that are placing more liability on companies for the protection of sensitive personal data. This presentation will provide an overview of key regulatory and legal changes both at the state and federal level, and discuss how companies should prepare to meet these evolving obligations.

    3:00 pm
    What Type of Security Assessment Is Best for Your Environment: Risk, Gap, Vulnerability, Penetration, or Audit?
    • session level icon
    speaker photo
    Director, Audit and Compliance, CipherTechs, Inc.
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Grammercy Park

    Many new regulations are requiring security assessments and testing be performed within the organization operational environment. Today’s budgetary constraints are requiring organizations to be effective and efficient in determining work load and external engagements. This session will walk through different types of security assessments and tests. We will present tips as to the best for your environment when and value added engagement features to assist in selecting the proper external vendor to perform the work.  Once the assessment is performed, the organization will then need to prioritize the results to ensure remediations are implemented properly and completely to limit the risk to the enterprise assets. What you will learn:

    • What are the types of security reviews and tests, and what can they encompass
    • How to define an engagement
    • Working with internal staff and external partners
    • Getting the most out of the findings and recommendations
    • Gotchas
    3:00 pm
    Things We Should Be Aware of Before Adopting SDP (Software Defined Perimeter)
    • session level icon
    speaker photo
    Director, Security Architecture, Bank of Montreal
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Herold Square

    Software Defined Perimeter (SDP) is the new buzzword, and indeed it brings a lot of cost savings, operational simplicity, and significant security benefits over traditional VPN solutions. But is it that easy? Is there any hidden thing or preparatory need that is not highlighted by the vendors? Is there any crack that we are opening by turning on SDP? This presentation will cover the caution and preparations needed for getting the secure and full benefits of SDP.
    Presentation Level: TECHNICAL (deeper dive including TTPs)

Exhibitors
  • 1TOUCH.io
    Booth: 212

    1TOUCH.io is a purpose-built security solution for sensitive data management, whether you are dealing with data governance and security, operationalizing GDPR, or need to address CCPA with an automated process around SRR. 1TOUCH.io helps companies know and reduce their privacy and security risk by automatically discovering unknown uses of sensitive data.  Unlike other solutions, 1TOUCH.io‘s network-analytics approach ensures you don’t have know where to look for your sensitive data, we find it for you. For more information, visit https://1touch.io or follow on https://www.linkedin.com/company/1touch-io.

  • Alert Logic
    Booth: 210

    Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.

  • Arctic Wolf Networks
    Booth: 208

    Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOC™ service is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting, and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit  https://www.arcticwolf.com.

  • Avanan
    Booth: 500

    Avanan: Email Security—Reinvented.

    Avanan catches the advanced phishing attacks that evade default and advanced security. The invisible, multi-layered solution enables full-suite protection for cloud collaboration software such as Office 365™, G-Suite™, and Slack™. Deploying in one click via API, the platform prevents Business Email Compromise and blocks phishing, malware, data leakage, account takeover, and shadow IT across the enterprise. Avanan replaces the need for legacy solutions like Secure Email Gateways and Cloud Access Security Brokers with a patented solution that goes far beyond any other Cloud Email Security Supplement.

  • Bitdefender
    Booth: 204

    Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.

    From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.

  • Check Point Software Technologies
    Booth: 214

    Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • Cobalt
    Booth: 310

    Cobalt’s Pentest as a Service (PtaaS) platform is modernizing traditional pentesting. By combining a SaaS platform with an exclusive community of testers, we deliver the real-time insights you need to remediate risk quickly and innovate securely.

  • Code42
    Booth: 300

    Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.

  • Comodo Cybersecurity
    Booth: 104

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • CREST
    Booth:

    CREST is an international not-for-profit accreditation and certification body that represents and supports the technical information security market. CREST provides internationally recognised accreditations for organisations and professional level certifications for individuals providing penetration testing, cyber incident response, threat intelligence, and Security Operations Centre (SOC) services.

  • Critical Infrastructure Association of America (CIAOA)
    Booth:
    The Critical Infrastructure Association of America, Inc. (CIAOA) is a 501(c)6 not for profit shining lights into the dark places of security.

    Critical infrastructure describes the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety.  The nation’s critical infrastructure provides the essential services that underpin American society.

    In order to succeed in our mission we need to:

    • Facilitate a secure technology member and provider marketplace.
    • Increase awareness and education across the ecosystem
    • Promote innovation at the edge of the network to prevent, detect, and mitigate automated, and targetted attacks.
    • Collaborate with technical communities domestically and globally.
  • Darktrace
    Booth: 218

    Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.

    The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.

  • DeSales University Cyber Security Program
    Booth: 306

    DeSales University offers an exciting digital forensics certificate program, composed of four courses, that teaches students how to recover evidence from various types of electronic devices. Students receive hands-on experience with popular forensic tools and are prepared to address the legal and investigative issues involved with seizing and handling digital evidence. Graduates of the certificate program can add more courses toward a master’s degree in criminal justice or information systems. All courses are online, allowing students with busy schedules greater flexibility.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Egnyte
    Booth: 312

    Egnyte is the only secure content platform that is designed specifically for business. Egnyte provides teams with secure file sharing capability and access to content delivered at hyper-speed, regardless of file size, location, device or bandwidth.  More than 15,000 of the world’s most demanding and regulated businesses in more than 120 countries around the globe trust Egnyte to manage their content on the cloud.

  • Fidelis Cybersecurity
    Booth: 108

    Fidelis Cybersecurity is a leading provider of threat detection, hunting and response solutions. Fidelis combats the full spectrum of cyber-crime, data theft and espionage by providing full visibility across hybrid cloud / on-prem environments, automating threat and data theft detection, empowering threat hunting and optimizing incident response with context, speed and accuracy.

    By integrating bi-directional network traffic analysis across your cloud and internal networks with email, web, endpoint detection and response, and automated deception technology, the Fidelis Elevate platform captures rich metadata and content that enables real-time and retrospective analysis, giving security teams the platform to effectively hunt for threats in their environment. Fidelis solutions are delivered as standalone products, an integrated platform, or as a 24×7 Managed Detection and Response service that augments existing security operations and incident response capabilities. Fidelis is trusted by Global 1000s and Governments as their last line of defense. Get in the hunt. For more information go to www.fidelissecurity.com.

  • FireMon
    Booth: 110

    FireMon is the only agile network security policy platform for hybrid cloud enterprises. FireMon delivers persistent network security for multi-cloud environments through a powerful fusion of real-time asset visibility, compliance and automation. Since creating the first-ever network security policy management solution, FireMon has delivered command and control over complex network security infrastructures for more than 1,700 customers located in nearly 70 countries around the world. For more information, visit www.firemon.com.

  • InfraGard New York Metro
    Booth:

    The New York City Metro InfraGard Members Alliance (NYM-IMA) is a local program of the INMA. The New York Metro InfraGard Chapter holds regular meetings and provides members with a forum for information sharing within a secure environment, while focusing on protecting the critical infrastructure of New York City and surrounding areas.

    Member’s alliance are part of a national network of FBI-vetted volunteers who are critical infrastructure SME in one or more sectors. It provides a trusted forum for the real-time exchange of information, training and expertise related to the protection of critical infrastructure and key resources from both physical and cyber threats.

  • ISACA New York Metropolitan Chapter
    Booth:

    Our Mission: As a leading ISACA chapter, our mission is to serve our membership by providing world-class training, networking opportunities, and guidance while contributing to the profession both locally and internationally. Today, ISACA is a worldwide organization with over 200 chapters and the New York Metropolitan Chapter has grown to be one of the largest ISACA chapters in the world.

    Our Membership: The New York Metropolitan Chapter has over 3,800 members, from the information systems audit/assurance, information security, IT risk management, and governance professions. Our members represent a wide array of industries including financial services, accounting and consulting, legal services, education, entertainment, health care, retail, public utilities, and government/regulatory entities – and hold positions ranging from entry level staff to senior management.

  • ISC2 New York
    Booth:

    ISC2 is based out of Palm Harbor, Florida and consists of over 80,000 members worldwide.  Our chapter program provides members a forum to facilitate the exchange of knowledge and ideas, development of leadership and professional skills, and advancement of information systems security.  We also provide our members with access to a variety of industry resource and educational programs to keep our members informed of the latest advances in technology and techniques.

    Membership
    Our members consist of ISC2 credentialed professionals who hold either a SSCP, CAP, CSSLP, and/or a CISSP or advanced concentration certification. Our chapter program is focused on sharing knowledge and exchanging ideas among security professionals in the local area.  Ultimately, we want to advance the field of information security by educating practitioners and the public at large on how to protect and defend against security threats.  Learn more about the benefits of becoming a Chapter Member, visit our Membership page.

  • Ixia, a Keysight Business
    Booth: 106

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Jazz Networks
    Booth: 302

    Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.

  • OneTrust
    Booth: 200

    OneTrust is the leading and fastest growing privacy management software platform used by hundreds of organizations globally to comply with data privacy regulations across sectors and jurisdictions, including the EU GDPR and Privacy Shield.

  • OWASP – New York City
    Booth:

    OWASP Foundation is a 501(c)3 Not for Profit association with local and global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button.

  • PKA Technologies, Inc.
    Booth: 108

    PKA Technologies, a certified woman-owned business has been supplying IT Solutions, products and services for organizations across diverse business sectors since 1996. Fortune 50 companies, K12/Higher Education, small-midsize businesses, and Government Agencies turn to PKA for Enterprise-Class Solutions.  PKA has strong alliances with Hewlett-Packard Enterprise and other industry leaders, and is committed to customer service and clients’ success.

  • Security Innovation
    Booth: 400

    For almost two decades, global clients have trusted Security Innovation to help them learn how to defend software applications and sensitive data from cyber-threats and attacks. We understand the challenges facing today’s enterprise, where reputation and customer trust is on the front lines. That’s why we continually work to discover and overcome the latest security threats with our Centers of Excellence, and integrate this knowledge into every training and assessment solution we deliver.

  • Sonatype
    Booth: 304

    Every day, developers rely on millions of third party and open source building blocks – known as components – to build the software that runs our world. Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don’t have to make the tradeoff between going fast and being secure. More than 120,000 organizations use Sonatype’s Nexus solutions to support agile, Continuous Delivery, and DevOps practices globally

  • Spirent Communications
    Booth: 314

    As a leader in test, measurement, assurance, and security solutions for next-generation devices and networks, Spirent empowers cyber security champions to tame the complexity of balancing security with high availability business demands. We provide expert guidance and methodologies to help our customers find clarity in the face of complexity, overcome the challenges of a fast-approaching future, and ultimately deliver on their promise to their own customers.

  • TBG Security
    Booth: 100

    TBG Security is your trusted advisor when it comes to cybersecurity. We have been providing risk management solutions since 2003 to ensure your business is minimizing uncertainty in an increasingly hostile information environment. Whatever the IT security goal, TBG Security’s Information Security Advisors work with you to determine your requirements and tailor a straightforward plan of action to improve your organizations overall security posture. Our continuous commitment to new technologies and decades of threat avoidance experience make us the first choice of Fortunre 1000 companies for cybersecurity consulting services.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Thales
    Booth: 216

    As the global leader in cloud and data protection, we help the most trusted brands and largest organizations in the world protect their most sensitive data and software, secure the cloud and achieve compliance through our industry-leading data encryption, access management, and software licensing solutions.

  • Trend Micro
    Booth: 102

    Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.

  • Zscaler
    Booth: 206

    Zscaler’s Cloud-delivered security solution provides policy-based secure internet access for any employee, on any device, anywhere. Our proxy and scanning scalability ensures ultra-low latency in a 100% SaaS security solution requiring no hardware, software or desktop all while providing complete control over security, policy and DLP.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Christopher Frenz
    AVP, Information Security, Interfaith Medical Center

    Christopher Frenz is the AVP of Information Security for Interfaith Medical Center, where he worked to develop the hospital’s information security program and infrastructure. Under his leadership, the hospital has been one of the first in the country to embrace a zero trust model for network security. Christopher has also played a role in pushing for the adoption of improved security standards within hospitals and is the author of the OWASP Secure Medical Device Deployment Standard as well as the OWASP Anti-Ransomware Guide. Christopher has been recognized as a Rising Star amongst healthcare executives and also a top healthcare IT leader by Becker’s Hospital Review. He has also been recognized as a top healthcare IT leader by Health Data Management. Christopher’s security expertise has been highlighted in The Financial Times, CSO Magazine, SC Magazine and many other publications. Christopher shares his expertise at conferences around the world including presentations at VMworld, ASIS GSX, Defcon, HIMSS, and many others. He is also the author of the computer programming books “Pro Perl Parsing” and “Visual Basic and Visual Basic .NET for Scientists and Engineers."

  • speaker photo
    Rod Aday, Moderator
    Director, Information Risk Management, Verizon

    Rod Aday is an experienced security professional with many years of experience in information security/cybersecurity, business continuity, operational risk and information technology. As a CISO in the financial services sector, Rod has built Information Security and Business Continuity Programs from the ground up at three different financial institutions, bringing their cybersecurity maturity to the level appropriate for each institution’s risk profile and in-line with regulatory guidance. He was formerly the CISO, Head of Operational Risk and Information Security, for Dexia Credit Local, NY Branch. Rod holds a CISSP certification as well as the concentrations CISSP-ISSAP and CISSP-ISSMP. He is currently pursuing his Masters in Information Security with the University of London, International program.

  • speaker photo
    Michael Jones
    Attorney, Trusted Counsel

    Michael is a corporate attorney with a strong background in intellectual property and business-oriented technology. As an Attorney with Trusted Counsel, Michael handles licensing and commercial agreement issues. He advises clients on IP and technology licensing, outsourcing and services agreements. He is responsible for negotiating complex technology transactions involving software licensing, data analytics services, cloud hosting services, R&D, data privacy and data security. He also manages a large volume and variety of other transactions, negotiates standard and complex corporate and commercial agreements, and balances legal and business risks for clients. He is currently spearheading Trusted Counsel's initiative to help its clients understand and comply with the European Union's GDPR and other recent privacy developments. He helps them to understand and map the data flowing in and out of their organizations, and then guides them through the process of updating their internal and external privacy policies, online terms and other third party agreements. Michael is a very seasoned attorney with 14 years of experience in the legal profession. Most recently, he served as Associate General Counsel in the Technology, Intellectual Property & Strategic Sourcing Group at New York Life Insurance Company, where he negotiated and drafted strategic and tactical technology agreements with all major suppliers as well as other related services agreements and routinely advised internal clients on technology- and privacy-related issues. He also served as the Legal Officer and Secretary of the New York Life Foundation. Prior to that, he was an Associate at a number of New York firms, among them Loeb & Loeb LLP; Patterson Belknap Webb & Tyler LLP; and Skadden, Arps, Slate, Meagher & Flom LLP. Michael graduated from Emory University with a B.A. in classics and French, followed by a Master of Arts degree in classical philology as well as Master of Philosophy and Doctor of Philosophy degrees from Yale University. He then earned his J.D. from Emory University.

  • speaker photo
    Nick Selby
    Director, Cyber Intelligence and Investigations, NYPD

    Nick is the Director of Cyber Intelligence and Investigations for the New York City Police Department. He serves the NYPD's Intelligence Bureau, helping advise the strategy and policies that govern how the Bureau assesses and manages investigations and intelligence in the Cyber domain. For nearly a decade Nick has served the public as a Texas police officer and detective investigating Internet crimes against children. He created an intelligence sharing system connecting more than 1100 regional investigators, produced law enforcement intelligence conferences, and created technologies that helped law enforcement agencies and officers become more efficient and effective. In the private sector, as Chief Information Security Officer, and as a strategic information security consultant for Bishop Fox, CJX, Inc., and Secure Ideas, Nick has provided leadership in the creation and security architecture of traditional and cloud computing environments in the financial services, manufacturing, publishing, retail, and entertainment verticals. He is author or co-author of several books, including “Cyber Survival Manual: From Identity Theft to The Digital Apocalypse and Everything in Between (2017, Weldon Owen); "In Context: Understanding Police Killings" (2016, Contextual Press/Calibre Press); "Blackhatonomics: An Inside Look at the Economics of Cybercrime (Syngress, 2012)", and was technical editor of "Investigating Internet Crimes" (Syngress, 2013).

  • speaker photo
    Sandy Bacik
    Director, Audit and Compliance, CipherTechs, Inc.

    Sandy Bacik, CISSP, ISSMP, CGEIT, CISA, CDPSE, PCI QSA, is CipherTechs’ Director Audit & Compliance, has over 20 years’ direct information security and operational experience in the areas of IT Audit and Compliance, BCP/DR, Incident Response, Physical security, Privacy, Regulatory Compliance and Audit, Policies/Procedures, Operations, and Management and is a former CISO. With an additional 15 years in Information Technology Operations. Ms. Bacik has been heavily involved with local, national, and international security industry events. Ms. Bacik is the author of Building an Effective Security Policy Architecture and a contributing author to the past years of Information Security Management Handbook.

  • speaker photo
    Tim Miller
    Lead Cybersecurity Consultant, Trend Micro

    Tim has over 10 years’ experience in Information Security and 33 years working with computer technology. He started his career with the Apple IIe in his first computer class, through achieving his master’s degree in Network Communications Management. Tim has been with Trend Micro for three years, and his experience in Information Security includes Endpoint Protection, CEH (Certified Ethical Hacker), risk assessments, Endpoint Detection and Response, IDS/IPS, malware prevention, and teaching others about threats.

  • speaker photo
    Doug Boykin
    Solutions Engineer, OneTrust

    Doug Boykin serves as a Privacy Engineer at OneTrust – the #1 most widely used privacy, security and third-party risk technology platform. In his role, Boykin advises many of the world's leading organizations on CCPA, GDPR and ePrivacy (Cookie Law) solution implementations, focused on formulating efficient and effective responses to data protection requirements as well as building and scaling global privacy programs.
    With over eight years of professional technology experience, Boykin's background combines extensive cross-functional solution implementations, as well as program management and business process design. Boykin is a Certified Information Privacy Professional (CIPP/E, CIPM) and earned a B.S. in Info Systems from Kennesaw State University. He's a Nation Science Foundation Scholar and member of the Technology Association of Georgia.

  • speaker photo
    Michael Landewe
    Co-Founder & Chief Privacy Officer, Avanan

    Before cofounding Avanan in 2014, Michael Landewe had over 20 years of internet startup experience, starting with cofounding an ISP in 1996. He was an early employee of Network Physics, an internet traffic performance company that was one of the first technology companies to develop detection response for the Blaster worm. As a research engineer at ForeScout Technologies, he was part of the team that transitioned the company from intrusion prevention and worm protection to network access control and insider threat defense. Michael currently serves as Avanan's Chief Privacy Officer and head of business development.

  • speaker photo
    David Sherry
    CISO, Princeton University

    David Sherry is the CISO at Princeton University, with university-wide responsibility and authority regarding matters of information security and information risk. He is tasked with the development and maintenance of Princeton's information security strategy, policies and best practices, security training and awareness programs, as well as ongoing risk assessment and compliance tasks. David came to Princeton in 2016 with over 20 years of experience in information technology across several verticals. David sits on a number of committees that fall under the EDUCAUSE Higher Education Information Security Council, and is a faculty member for the Educause Management Institute.

  • speaker photo
    Tara Schaufler
    Information Security Awareness and Training Program Manager, Princeton University

    Tara Schaufler is the Information Security Awareness and Training Program Manager at Princeton University. Tara has worked at Princeton for 17 years, spending the last 10 focusing on training and technical communications, and over the past five years has built a robust security awareness and training program from the ground up. She is a member of the Educause Higher Education Information Security Council Awareness and Training Working Group and a frequent speaker at Educause events. Tara is CompTIA Security+ certified and is a Certified Professional in Accessibility Core Competencies (CPACC). She also holds a Bachelor of Arts degree in the social sciences from Thomas Edison State University and a Master of Administrative Science degree from Fairleigh Dickinson University.

  • speaker photo
    Panel Discussion
  • speaker photo
    Panel Discussion
  • speaker photo
    Jordan Fischer, Instructor
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP

    Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Sandy Bacik
    Director, Audit and Compliance, CipherTechs, Inc.

    Sandy Bacik, CISSP, ISSMP, CGEIT, CISA, CDPSE, PCI QSA, is CipherTechs’ Director Audit & Compliance, has over 20 years’ direct information security and operational experience in the areas of IT Audit and Compliance, BCP/DR, Incident Response, Physical security, Privacy, Regulatory Compliance and Audit, Policies/Procedures, Operations, and Management and is a former CISO. With an additional 15 years in Information Technology Operations. Ms. Bacik has been heavily involved with local, national, and international security industry events. Ms. Bacik is the author of Building an Effective Security Policy Architecture and a contributing author to the past years of Information Security Management Handbook.

  • speaker photo
    Parthasarathi Chakraborty
    Director, Security Architecture, Bank of Montreal

    Partha has over 20 years of cyber security leadership experience in financial services industry. An active speaker and panelist in cyber security conferences around the world. Very much passionate about learning new technologies and writing on recent cyber trends. Currently heading up infrastructure security architecture for Bank of Montreal. Prior to BMO, Partha held executive leadership roles with Merrill Lynch, Bank of America, JP Morgan Chase & Guardian Life Insurance Company. A CISSP, CCSP, CEH, CHFI certified security evangelist holding a Bachelors degree in engineering from NIT Rourkela ,a Masters in Cyber Security from Western Governors University, another Masters in Technology Management from Columbia University and a cyber security professional certificate from Stanford University. Currently researching on security challenges in API, Microservices and Serverless space. Partha sits in the Rutgers University's Cyber Security Advisory Board and in board of visitors at New Jersey Institute of Technology's School of Science & Liberal Arts.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes