googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Tuesday, November 14, 2023
    9:00 am
    [PLUS Course] Implementing the NIST Cybersecurity Framework
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm
    Location / Room: Brecht (4th floor)

     

    Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

    In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) to understand and actively manage their risk posture.

    You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

    • What are the components of the framework?
    • Why is the framework is valuable?
    • What type of organizations can use the framework?

    Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

    You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

    Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

    We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

  • Wednesday, November 15, 2023
    7:30 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:30 am - 4:30 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 4:30 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    A People-Centric Approach to Breaking the Attack Chain
    • session level icon
    speaker photo
    President, ISSA NY Metro Chapter
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:50 am
    Location / Room: Lyceum

    The Cyber Attack Chain is a well-known tenet of cybersecurity professionals. However, breaking the chain can be fraught with complexities and confusion between policies, tactics, controls and solutions. This talk will unravel some of the complexities of breaking the attack chain, specifically focusing on two areas: insider threats and information protection.

    8:00 am
    Advisory Council Roundtable Breakfast – (VIP / Invite only)
    • session level icon
    The State of Cybersecurity in 2023: The Good, the Bad, and the Unknown
    speaker photo
    Executive Director, Americas Region, CREST
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:50 am
    Location / Room: Imperial

    The bad actors are getting more sophisticated. A new “hybrid war” landscape thanks to the Ukraine-Russia war and now the Israel-Hamas war. Current and developing vectors for attacks: BEC, malware, phishing, DDoS, spyware, ransomware, and more.

    Join this VIP roundtable breakfast for SecureWorld New York City Advisory Council members to rub elbows and commiserate with CISO peers and invited guests to share ideas, best practices, and lessons learned in the fight to keep the public and private sectors safe from cybercrime. And let’s not forget the challenge of filling the cybersecurity talent pipeline.

    9:00 am
    [Opening Keynote] Cyber World on Fire: A Look at Internet Security in Today’s Age of Conflict
    • session level icon
    speaker photo
    CNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    Location / Room: Keynote Theater

    This informative session analyses the growing threat of cyberattacks and risks to internet security in today’s world. Col. Leighton explores the various types of attacks and vectors, including how bad actors can impact businesses and individuals. The session also examines the role of governments and international organizations—partnering with public and private businesses—in protecting against cyber threats.

    Col. Leighton describes how nefarious actions are becoming increasingly more sophisticated and widespread, with hackers targeting not just large corporations but also smaller businesses and even individuals. He emphasizes the need for organizations to take proactive measures to protect their networks and data, including investing in advanced security technologies and providing regular training to employees.

    He shares examples of cyber activity—good and bad; offensive and defensive—from Ukraine, China, and around the globe.

    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:15 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    10:15 am
    Guardians of the Vault: Cybersecurity Strategies from Financial Sector Leaders
    • session level icon
    speaker photo
    Director, Cyber Administration, BlackRock
    speaker photo
    SVP & CISO, Pendulum Holdings, LLC
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am
    Location / Room: Alvin/Carnegie
    Delve into the realm of financial cybersecurity as industry leaders take the stage in to share their cutting-edge strategies for threat intelligence and best practices employed to safeguard sensitive data, fortify defenses, and stay steps ahead of cyber threats in a modern world.
    10:15 am
    Securing the Supply Chain
    • session level icon
    speaker photo
    Head of Information and Cyber Risk, Santander Capital Markets
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am
    Location / Room: Lyceum

    The global supply chain is increasingly complex and interconnected, and this has created new opportunities for cybercriminals. This session covers the latest threats to the supply chain and how organizations can protect themselves, including:

    • The most common supply chain attacks
    • How to identify and assess supply chain risks
    • Strategies for mitigating supply chain risks
    • Case studies of organizations that have been hit by supply chain attacks and how they responded

    We will also discuss the role of governments and industry in securing the supply chain.

    10:15 am
    Generative AI in Cloud Security - Security Impacts of Artificial Intelligence
    • session level icon
    speaker photo
    Americas Field CISO Director, SentinelOne
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am
    Location / Room: Edison

    Delve into the transformative power of AI in the cloud and its wide-ranging cybersecurity implications. It introduces the contributions of Generative AI tools and Large Language Models (LLM) to the AI revolution. We examine how AI automation streamlines routine tasks and enables data analysis at scale, leading to improved user experiences and the emergence of new services and business models. We also discuss the crucial aspect of AI-enhanced security defenses and the potential risks posed by AI-based attacks. We emphasize the importance of the human element in shaping AI systems and peer into the future concern and potential of AI.

    11:00 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:00 am - 11:10 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    11:10 am
    Lean on Me: Effective Interdepartmental Communication in Modern Times
    • session level icon
    speaker photo
    Cybersecurity Director, Gannett Fleming
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am
    Location / Room: Edison

    It is now more important than ever for security professionals to communicate effectively with team members and business stakeholders at all levels, both in-person and virtually. Interdepartmental communication and collaboration can increase compliance and maintain a safe and secure organization. This session focuses on fostering effective communication and collaboration across various departments within the organization.

    11:10 am
    Modern Authentication Solutions and Challenges
    • session level icon
    speaker photo
    CISO, SVP of IT Operations and Infrastructure, OTC Markets Group Inc.
    speaker photo
    Head of Information Security, CTBC Bank New York Branch
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am
    Location / Room: Lyceum

    Large tech companies are embracing the FIDO2 alliance and passkeys to remove passwords and replace legacy MFA solutions.  Should you as well?

    In this session we will discuss the following topics:

    • What are passkeys and how are they being adopted for consumer and enterprise applications
    • What are the differences between Synced and Hardware-bound passkeys
    • How to choose the right passkey solution for consumer vs enterprise applications
    • What are some of the concerns with utilizing Synced passkeys in the enterprise
    11:10 am
    [Panel] Symphony of Cyber Defense: Confronting the Crescendo of Threats in the Digital Orchestra
    • session level icon
    Identifying the Current Threat Landscape
    speaker photo
    Vice President of Security & CISO, Drata
    speaker photo
    Director of Solution Architects, Aqua Security
    speaker photo
    Business Development Manager, SSH Communications Security
    speaker photo
    Director, Channel & Sales Engineering, WithSecure
    speaker photo
    Sr. Engineer, Strategic Product Intelligence, Palo Alto Networks
    speaker photo
    CISO, New York State Department of Education
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am
    Location / Room: Alvin/Carnegie

    In the ever-changing symphony of the cyber realm, a cacophony of threats echoes throughout. Ranging from ransomware to data breaches, phishing, and intricate APTs, the orchestra of cyber threats grows in complexity. Emerging risks like IoT, cloud computing’s unpredictability, AI’s deceptiveness, and cryptocurrency add new layers to our musical security tapestry.

    Threat actors—wielding exploit kits and Zero-Day vulnerabilities—orchestrate their attacks, preying on human vulnerabilities in perfect synchronization with state-sponsored cyber operations. To counter this threat, collaboration is essential. Proactive security practices, training cadences, and threat intelligence sharing must happen. The interplay of public and private sectors is key to a resilient digital effort.

    Let us march to the beat of constant vigilance, adaptability, and investment in a fortified infrastructure. Together, we will compose a symphony of cybersecurity, safeguarding the digital soundscape and ensuring a melodious future.

    12:00 pm
    [Lunch Keynote] The Modern SOC, Reimagined: Hear the Future and Fight Tech with Tech
    • session level icon
    speaker photo
    Sr. Engineer, Strategic Product Intelligence, Palo Alto Networks
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm
    Location / Room: Keynote Theater

    Modern applications, workloads, and microservices are generating vast amounts of data faster than most security operations centers (SOCs) can adapt. And security teams operating on a legacy SOC model can spend hours—even days—triaging a single threat event. How can SOC teams outpace modern threats? By fighting technology with technology and leaning into AI to augment analysts, SOC teams can amp up their defenses and focus on more critical issues.So, what’s next for the SOC? Join this keynote with Chris Tillett, SecOps Transformation Advisor, as he discusses today’s advanced adversaries and shares expert views on how SOC teams must adapt to cope with a flood of disconnected data.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Remaining Resilient and Identifying the Next Transformation Facing Cybersecurity Professionals
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 12:45 pm
    Location / Room: Imperial

    Join this invitation-only meeting for SecureWorld New York Advisory Council members to discuss:

    • The next transformation that is going to “bite cybersecurity professionals in the @ss” and the shifts to take note of in the cybersecurity landscape
    • What transformations are coming in the next 5-10 years that cybersecurity professionals, and business leaders in general, should be thinking about
    • Resilience. How do we stress the importance of resilience when it comes to data centers?
    • What keeps cybersecurity professionals like you up at night is what you can’t even imagine is coming next.

    Come prepared to add to the discussion. The more voices, the better.

    12:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:45 pm - 1:15 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    1:15 pm
    Fireside Chat with Sara Ricci: Understanding Resilience to Improve Board-Level Security Conversations
    • session level icon
    speaker photo
    Information Risk, Governance, and Resilience Executive, Hudson's Bay Company (Former)
    speaker photo
    VP, Identity & Access Management for Global Information Security & Compliance, AIG
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:15 pm
    Location / Room: Edison

    Cybersecurity and business disruption are both enterprise-level risks and getting board scrutiny and attention. Why is there increasing focus on resilience?

    Although we often have good cyber Incident Response plans and even real-time monitoring of threats in the CISO’s domain, we find that the holistic handling of an IT disaster (may be caused by a cyber incident, human error, malfunction, or natural disaster) that then disrupts the business is often lacking and response takes place in silos. The linkages and handoffs are often not understood, as they are not documented and there is not a good understanding how a disruption impacts the business and its customers. What does the board need to know?

    The key takeaway will be understanding the concept of resilience and how it can further the conversation about security at the board level.

    1:15 pm
    The New World Order for CISOs: Privacy, the SEC, and Accountability
    • session level icon
    speaker photo
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:15 pm
    Location / Room: Lyceum

    As CISOs become increasingly accountable for their organization’s cybersecurity posture, they must also be mindful of the ever-changing regulatory landscape. One area of particular concern is the intersection of privacy, the SEC, and accountability.

    In this session, we will discuss the following topics:

    • The SEC’s recent cybersecurity regulatory actions and their implications for CISOs
    • The growing importance of privacy in the cybersecurity landscape
    • How CISOs can balance the need to protect privacy with the need to comply with SEC regulations
    • Strategies for CISOs to demonstrate accountability for their organization’s cybersecurity posture
    1:15 pm
    [Panel] Cloud Sonata: Orchestrating Security in the Digital Sky
    • session level icon
    Securing Your Cloud Environment
    speaker photo
    Sr. Director of Solutions, SecureAuth
    speaker photo
    Solutions Engineer, Outshift by Cisco
    speaker photo
    Senior Solutions Engineer, Okta
    speaker photo
    Director, Infrastructure Security, AccessIT Group
    speaker photo
    Enterprise Sales Engineering Manager, Rubrik
    speaker photo
    CISO, Diligent Corporation
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Alvin/Carnegie

    In the symphony of modern cybersecurity, the cloud environment plays a key role as both a conductor of efficiency and a source of potential vulnerabilities. As organizations increasingly embrace the cloud to unlock agility and scalability, it is crucial to harmonize the protective measures that safeguard these virtual landscapes.

    This panel discussion delves into the intricate nuances of securing cloud environments. These experts will share their orchestration of robust security frameworks, best practices, and cutting-edge technologies that fortify the digital sky against threats. From encryption and access controls to identity management and incident response, they will explore the melodies of defense that resonate within the cloud and how they can impact any organization.

    2:15 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 2:30 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    2:30 pm
    Back to the Future: Hot Takes and Rediscovering Cybersecurity Basics
    • session level icon
    speaker photo
    CISO, KnitWell Group
    Registration Level:
    • session level iconConference Pass
    2:30 pm - 3:15 pm
    Location / Room: Alvin/Carnegie

    With all the discussion about the future of cybersecurity and the advent of Artificial Intelligence (AI), it’s time to go “Back to the Future” and rediscover our cybersecurity roots. This session will explore the “Top 5 Basics of Cybersecurity” to ensure you cyber-proof your organization. We’ll also chat through why these basics are still important even as AI evolves in both popularity and usage. Live audience Q&A is welcomed to discuss “hot takes” and lead to thoughtful conversation.

    2:30 pm
    Phishing Tricks and Zero Clicks: Tracking Mobile Threats
    • session level icon
    speaker photo
    Sr. Solutions Engineer, Lookout
    Registration Level:
    • session level iconConference Pass
    2:30 pm - 3:15 pm
    Location / Room: Lyceum

    From 0ktapus’s breaches of major organizations to NSO Group’s espionage of world leaders and civil society, mobile threats have captured credentials and headlines in the past year. While many still consider mobile devices an asset to be managed rather than an endpoint to be protected, recent attacks have proven that phones are ripe targets for exploitation. Join Lookout’s Director of Mobile Threat Intelligence as he dives into trends and reporting on such threats and provides insight into the company’s own intelligence on APT activity targeting this often overlooked vector.

    2:30 pm
    Cybersecurity in Real-Time: Anticipating Threats and Decoding Network Behavior
    • session level icon
    speaker photo
    Chief Evangelist, Team Cymru
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 3:15 pm
    Location / Room: Edison

    In the fast-evolving realm of cybersecurity, professionals must anticipate emerging threats while simultaneously addressing active ones. A proactive defense strategy is paramount, but so is the ability to quickly assess the impact of present threats. By leveraging NetFlow data analysis, they can preemptively counter threats, often before they go live, and efficiently differentiate between regular and malicious network activities. Specialized tools enhance this by uncovering hidden aspects of the IT landscape, fortifying both proactive and reactive defenses. This session explores three major challenges security operations teams face and how we effectively address them.

    3:15 pm
    Networking Break and Dash for Prizes
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 3:45 pm
    Location / Room: Exhibitor Hall

    Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

    Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

    3:45 pm
    [Closing Keynote] Cybersecurity Fusion: Uniting Forces for Modern Digital Defense
    • session level icon
    speaker photo
    CISO, Americas, Louis Vuitton
    speaker photo
    Global CISO, OPKO Health, Inc.
    speaker photo
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 4:30 pm
    Location / Room: Keynote Theater

    Hear from local cybersecurity executives in an electrifying panel discussion on how industry leaders collaborate across sectors, academia, and organizations to tackle evolving cyber threats. You’ll gain valuable insights on innovative strategies, emerging technologies, and interdisciplinary approaches to reinforce digital defenses and protect against cyber risks for your organization. Open Q&A following discussion.

Exhibitors
  • AccessIT Group
    Booth: 175

    AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.

    AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.

  • Aqua Security
    Booth: 130

    Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed. Aqua customers are among the world’s largest enterprises in financial services, software, media, manufacturing and retail, with implementations across a broad range of cloud providers and modern technology stacks spanning containers, serverless functions, and cloud VMs.

  • CREST
    Booth: 280

    CREST is an international not-for-profit accreditation and certification body that represents and supports the technical information security market. CREST provides internationally recognised accreditations for organisations and professional level certifications for individuals providing penetration testing, cyber incident response, threat intelligence, and Security Operations Centre (SOC) services.

  • CybelAngel
    Booth: 270

    CybelAngel is a global leader in cybersecurity solutions focused on External Attack Surface Protection and Management. As an early pioneer in ‘outside-in’ search technology, approaching cybersecurity just as an attacker would carry out infiltration, CybelAngel has developed the industry’s most extensive defense for external attack vectors, where the majority of cyber-attacks are initiated. Combining expanded discovery and analysis, CybelAngel finds unknown assets and exposures to preemptively diffuse attack vectors that cyber criminals use to breach systems and wreak havoc.

    CybelAngel proudly protects some of the largest global enterprises representing various sectors including the Pharmaceutical, Manufacturing, Retail, and Financial Services. CybelAngel’s Xtended External Attack Surface Management (EASMX) is the only solution comprehensive enough to protect an enterprise’s entire external attack surface, regardless of where assets reside.

  • Drata
    Booth: 125

    Replace manual GRC efforts, reduce costs, and save time preparing for audits and maintaining compliance. Drata is the world’s most advanced security and compliance automation platform with the mission to help companies earn and keep the trust of their users, customers, partners, and prospects. We help thousands of companies streamline compliance for SOC 2, ISO 27001, HIPAA, GDPR, your own custom frameworks, and many more through continuous, automated control monitoring and evidence collection. Drata is backed by ICONIQ Growth, Alkeon, Salesforce Ventures, GGV Capital, Okta Ventures, SVCI (Silicon Valley CISO Investments), Cowboy Ventures, Leaders Fund, Basis Set Ventures, SV Angel, and many key industry leaders. Drata is based in San Diego, CA with team members across the globe.

  • Ekran System
    Booth: 135

    Ekran System® insider threat protection platform is a powerful software solution to help security teams with such tasks as employee activity control, third-party vendor control, and incident investigation. This agent-based platform delivers essential functionality of granular access control, identity management, and detailed activity monitoring via lightweight software agents installed on desktops, servers, and jump servers.

    Ekran System platform supports any network architecture, virtual and physical infrastructures, and the broadest operating system set on the market.

  • Endace
    Booth: 250

    Customers choose Endace products for one primary reason: they deliver, where competitor products fail. Whether it is capture accuracy, fidelity of time stamps, write-to-disk performance or speed of traffic retrieval, Endace is famous for delivering the very best performing products. Telcos, broadcasters, governments, defence departments, investment banks and many other large enterprises trust our products to help them manage their critical data networks.

  • Envision Technology Advisors
    Booth: 295

    Envision Technology Advisors is a business and technology consultancy specializing in Digital Transformation, Cybersecurity, Business Continuity, Infrastructure Consulting, Web Design and Development, and much more. With offices in Rhode Island and the Boston area, Envision serves clients throughout New England and beyond.

  • InfraGard NJ
    Booth: TBD

    InfraGard is a partnership between the Federal Bureau of Investigation (FBI) and members of the private sector for the protection of U.S. Critical Infrastructure. Through seamless collaboration, InfraGard connects owners and operators within critical infrastructure to the FBI, to provide education, information sharing, networking, and workshops on emerging technologies and threats. InfraGard’s vetted membership includes: business executives, entrepreneurs, lawyers, security personnel, military and government officials, IT professionals, academia and state and local law enforcement—all dedicated to contributing industry-specific insight and advancing national security.  InfraGard NJ is a nonprofit 501(c)3 organization comprised of members across NJ.

  • InfraGard New York Metro
    Booth: TBD

    The New York City Metro InfraGard Members Alliance (NYM-IMA) is a local program of the INMA. The New York Metro InfraGard Chapter holds regular meetings and provides members with a forum for information sharing within a secure environment, while focusing on protecting the critical infrastructure of New York City and surrounding areas.

    Member’s alliance are part of a national network of FBI-vetted volunteers who are critical infrastructure SME in one or more sectors. It provides a trusted forum for the real-time exchange of information, training and expertise related to the protection of critical infrastructure and key resources from both physical and cyber threats.

  • ISACA New York Metropolitan Chapter
    Booth: 285

    Our Mission: As a leading ISACA chapter, our mission is to serve our membership by providing world-class training, networking opportunities, and guidance while contributing to the profession both locally and internationally. Today, ISACA is a worldwide organization with over 200 chapters and the New York Metropolitan Chapter has grown to be one of the largest ISACA chapters in the world.

    Our Membership: The New York Metropolitan Chapter has over 3,800 members, from the information systems audit/assurance, information security, IT risk management, and governance professions. Our members represent a wide array of industries including financial services, accounting and consulting, legal services, education, entertainment, health care, retail, public utilities, and government/regulatory entities – and hold positions ranging from entry level staff to senior management.

  • Keysight
    Booth: 225

    Keysight’s portfolio of network security solutions simulate threats, eliminate blind spots, taking control of a rapidly-changing attack surface. Be a hero, not a headline, by proving your network is secure simulating attacks, exposing gaps early, and course correct with step-by-step fixes; protecting users and applications with increased the efficiency, performance, and reliability of your security systems;  patrolling every packet eliminating vulnerable blind spots and decrypt threats hiding in SSL traffic; and practice your cyber skills enhancing your security and attack response skills against real-world threats.

  • LogRhythm
    Booth: 140

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • Lookout
    Booth: 160

    Lookout is a cybersecurity company that makes it possible for individuals and enterprises to be both mobile and secure. With 100 million mobile sensors fueling a dataset of virtually all the mobile code in the world, the Lookout Security Cloud can identify connections that would otherwise go unseen—predicting and stopping mobile attacks before they do harm.

  • Okta
    Booth: 115

    Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.

  • Outshift by Cisco
    Booth: 190

    Outshift by Cisco is the incubation engine for Cisco’s emerging technologies exploring innovation in cloud native development, AI/ML, API security, observability, network automation, and more.

    Backed by Cisco’s unrivaled portfolio of end-to-end security solutions, Panoptica offers a differentiated experience for complete code to cloud security coverage.

    Panoptica is Outshift by Cisco’s cloud native application security solution. It secures modern applications and workloads to ensure end-to-end security and compliance in multicloud environments. Utilizing advanced visual contextual insights along attack paths, Panoptica boosts visibility, accurately prioritizes risks, and offers actionable remediation guidance, securing your entire cloud application stack.

  • OWASP – New York City
    Booth: 290

    OWASP Foundation is a 501(c)3 Not for Profit association with local and global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button.

  • Palo Alto Networks
    Booth: 155

    Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before.

  • Ping Identity + MajorKey Technologies
    Booth: 275

    Ping Identity delivers intelligent identity solutions for the enterprise. We enable companies to achieve Zero Trust identity-defined security and more personalized, streamlined user experiences.

    MajorKey improves security performance by reducing user friction and business risk, empowering your people, and protecting your IP. We provide Advisory, Integration, and Managed Services for Identity and Access Management, Application Deployment and Security, Data Security and Governance, and Cloud Security. Delivering at the speed of business to protect our client’s identities, apps, data, and systems without hampering their agility. For more information, go to majorkeytech.com.

  • Probely
    Booth: 215

    Probely is the premier cloud-based application security testing solution designed to empower Security and DevOps teams working efficiently together on a DevSecOps approach built to reduce risk across web applications and RESTful APIs.

    Probely empowers Security and DevOps or Development teams to work together to secure their web applications and APIs. Our goal is to narrow the gap between development, security, and operations by making security an intrinsic characteristic of web applications development life-cycle.

    With over 30,000 vulnerabilities detection capabilities, including SQLi, XSS, Log4j, OS Command Injection, and SSL/TLS issues, Probely reports vulnerabilities that matter, is false-positive free, and includes detailed instructions on fixing them.

  • Rubrik
    Booth: 150

    Rubrik, the Zero Trust Data Security Company, delivers data security and operational resilience for enterprises. Rubrik’s big idea is to provide data security and data protection on a single platform, including Zero Trust Data Protection, ransomware investigation, incident containment, sensitive data discovery and orchestrated application recovery. This means data is ready at all times so you can recover the data you need and avoid paying a ransom. Because when you secure your data, you secure your applications, and you secure your business.

  • Saviynt
    Booth: 240

    Saviynt’s Enterprise Identity Cloud helps modern enterprises scale cloud initiatives and solve the toughest security and compliance challenges in record time. The company brings together identity governance (IGA), granular application access, cloud security, and privileged access to secure the entire business ecosystem and provide a frictionless user experience.

  • SecureAuth
    Booth: 235

    SecureAuth enables the most secure and passwordless, continuous authentication experience for everyone, everywhere. The patented AI/ML technology allows frictionless access to any file and any application across your heterogenous environment. The platform extends the security of your IdP or it can be used as an end-to-end solution.

  • SentinelOne
    Booth: 100

    SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.

  • SSH Communications Security
    Booth: 265

    As the inventor of the SSH protocol, we have a twenty-year history of leading the market in developing advanced security solutions that enable, monitor, and manage encrypted networks. Over 3,000 customers across the globe trust the company’s encryption, access control and encrypted channel monitoring solutions to meet complex compliance requirements, improve their security posture and save on operational costs. SSH Communications Security is headquartered in Helsinki and has offices in the Americas, Europe and Asia. The company’s shares (SSH1V) are quoted on the NASDAQ OMX Helsinki. For more information, visit www.ssh.com

  • Synopsys
    Booth: 220

    Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

  • TechTarget
    Booth: n/a

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Team Cymru
    Booth: 165

    Team Cymru’s mission is to save and improve human lives.  We are unrivalled across three disciplines; digital business risk platforms, free to use community services and support services to over 143 Government CSIRT teams.

    Our business risk and threat intelligence platforms empower global organizations with unmatched Threat Reconnaissance and Attack Surface Management capabilities to meet the challenges of today’s cyber threats.

    Community Services equip those who run the internet to defend it from criminals who wish to disrupt and cause harm, and CSIRT enables Governments the tools to outmaneuver nation state threat actors.

    Since 2005, our reputation remains unchallenged.

  • ThreatLocker
    Booth: 195

    ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com

  • UnderDefense
    Booth: 180

    UnderDefense is a leading global cybersecurity company widely recognized by industry experts, such as Gartner and Clutch. The perfect combination of our expertise and sophisticated technologies allows us to predict, detect, and respond to the most advanced & aggressive cyber threats.

  • WithSecure
    Booth: 110

    WithSecure™ (formerly F-Secure Business) is cybersecurity’s reliable partner. IT service providers, MSSPs and businesses—along with the largest financial institutions, manufacturers, and thousands of the world’s most advanced communications and technology providers—trust us for outcome-based cybersecurity that protects and enables their operations. Our AI-driven protection secures endpoints and cloud collaboration, and our intelligent detection and response are powered by experts who identify business risks by proactively hunting for threats and confronting live attacks. Our consultants partner with enterprises and tech challengers to build resilience through evidence-based security advice. WithSecure™ is part of F-Secure Corporation, founded in 1988, and listed on NASDAQ OMX Helsinki Ltd.

  • WiCyS NY York Metro Affiliate
    Booth: 210
  • ZeroFox
    Booth: 120

    Using diverse data sources and artificial intelligence-based analysis, the ZeroFox Platform identifies and remediates targeted phishing attacks, credential compromise, data exfiltration, brand hijacking, executive and location threats and more. The patented ZeroFox SaaS technology processes and protects millions of posts, messages and accounts daily across the social and digital landscape, spanning LinkedIn, Facebook, Slack, Twitter, Instagram, Pastebin, YouTube, mobile app stores, the deep & dark web, domains, email and more.

    Led by a team of information security and high-growth company veterans, ZeroFox has raised funding from NEA, Highland Capital, Intel Capital, Hercules Capital and others, and has collected top industry awards such as Red Herring Top 100 North America, the SINET16 Champion, Dark Reading’s Top Security Startups to Watch, Tech Council of Maryland’s Technology Company of the Year and the Security Tech Trailblazer of the Year.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Kip Boyle, Instructor
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    John C. Checco
    President, ISSA NY Metro Chapter
  • speaker photo
    Tom Brennan, Moderator
    Executive Director, Americas Region, CREST

    Tom Brennan is the CIO of the national law firm Mandelbaum Barrett PC and leads the U.S. arm of CREST International. In this role, he works with government and commercial organizations to optimize the value of CREST as a cybersecurity accreditation body and industry standards advocate, particularly for companies in the Cybersecurity & Infrastructure Security Agency’s 16 critical infrastructure sectors which are vital to U.S. security, national economy, and public health and safety. As CREST USA Chairman, Brennan spearheads strategic plans for CREST USA’s organizational growth while also serving as an industry evangelist and educator on the value of using accredited cybersecurity products and professionals to improve consumer privacy, security, and protection worldwide.

    As a proud U.S. Marine veteran, Brennan became involved with CREST International in 2016 while serving the Global Board of Directors for the Open Web Application Security Project (OWASP). Seeing similar goals, he became more active in the CREST organization and was nominated to lead the organization’s U.S. Advisory in 2019. Over his career, Brennan has amassed security expertise across the cybersecurity spectrum, including penetration testing, vulnerability assessment, application security, threat intelligence, and more. In addition to being CREST USA Chairman, he is the Chief Information Officer of the national law firm Mandelbaum Barrett, overseeing critical infrastructure, privacy, and security operations. He is also an Advisory Board Member of the information services advisory Gerson Lehrman Group, a Cyber Fellows Advisory Council Member, a Member of the Information Technology Advisory Committee of the County College of Morris, a Senior Advisor and Industry Advisory Board Member of the New Jersey Institute of Technology, and a Cyber Fellows Advisory Council Member of the NYU Tandon School of Engineering.

  • speaker photo
    Col. Cedric Leighton
    CNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC

    Cedric Leighton is a CNN Military Analyst and a retired United States Air Force Colonel. On CNN, he has provided incisive commentaries on the Israel-Hamas War, the War in Ukraine, the U.S. withdrawal from Afghanistan, and numerous other conflicts around the world. His analysis has been seen by millions of viewers around the world and provided much needed context to some of the most pressing national security issues of our time. As a U.S. Air Force officer, Colonel Leighton served at U.S. Special Operations Command, the Joint Staff, and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star. After serving 26 years as a U.S. Air Force Intelligence Officer, Col. Leighton founded a strategic risk consultancy and became the co-founder of CYFORIX, where he advises multinational businesses on developing better cyber strategies designed to reduce risk and unpredictability.

  • speaker photo
    Taylor Milligan Crotty
    Director, Cyber Administration, BlackRock

    Taylor M. Crotty leads Cyber Administration at BlackRock, with responsibility for Cyber Diligence, Cyber Governance, Cyber Partnerships, Cyber Training & Awareness including the Firm's cyber resilience initiatives, and Business Management activities across Information Security, including fiscal management, talent management, and strategic project management.

    Prior to assuming her current role, Taylor was the Global Head of Cyber Resilience & Data Protection, responsible for preparing BlackRock and key partners critical to BlackRock’s business operations to respond to a cyber event, and optimizing the protection of Firm and Client information. Taylor also previously led BlackRock's Supply Chain Security program where she was responsible for improving the security of outsourced workflows through contracting and conducting security assessments. Ms. Crotty earned an Electrical Engineering degree from the University of Michigan College of Engineering.

  • speaker photo
    Arlenee Lopez-Ferguson, Moderator
    SVP & CISO, Pendulum Holdings, LLC

    Arlenee Lopez-Ferguson is a dynamic cybersecurity professional with proven expertise in strategizing, developing, and leading change across organizations.

    She is currently the Chief Information Security Officer at Pendulum Holdings, LLC, a strategic investment and advisory platform that seeks to accelerate opportunity and value creation for founders and leaders of color. Prior to Pendulum, she served as the CISO and Compliance Administration Manager at Summit Trail Advisors, LLC, a Registered Investment Advisory firm. At Summit Trail, Ms. Lopez-Ferguson was responsible for the governance and oversight of the compliance and cybersecurity programs including the development, implementation, and enforcement of the firm's policies and procedures. Further, in 2010, she acted as the Chief of Staff to the Chief Operating Officer of Barclays Wealth, and Secretary to the Global Wealth Investment Committee. She earned a BA in Criminal Justice from John Jay College and, most recently, a Certificate of Cyber Security Risk Management from Harvard.

    Beyond her professional achievements, Arlenee embraces her roles as a wife and proud "boy mom" of two. As a New Yorker, she is passionate about giving back to her often-underserved community. She is an avid mentor, dedicating much of her free time to guiding and supporting young women aspiring to enter the financial, tech, legal, and compliance fields.

  • speaker photo
    Alexander Abramov
    Head of Information and Cyber Risk, Santander Capital Markets

    Alex Abramov is senior leader in Technology and Cyber Governance, Risk, and Compliance with strong track record of accomplishments across all three lines of defense - Controls, Risk, and Audit. He had created and led highly effective IT and Cyber risk management programs that addressed regulatory requirements and enabled business growth, expansion, and acquisitions.

    As the Head of Information and Cyber Risk at Santander Capital Markets, he had built an IRM function and led Information and Cyber Risk team. Previously Alex has served as a Director of Information Risk at Bank of New York Mellon, Technology Risk Controller and Lead IRM at JP Morgan, Practice Leader for IT Governance and Compliance and IT Audit Lead at EY, and a Head of Application Development and a DISO at Bristol-Myers Squibb.

    Alex has served as the President of ISACA New York Metropolitan Chapter 2017-2019, and as a member of the Board of Directors since 2007. He is a recipient of 2022 and 2023 ISACA NYM Helping Hands Awards for “Outstanding Service for the President, Board, and Membership.”

    Alex holds a Masters in Electrical Engineering (Robotics and Automation), an MBA, and CISA, CGEIT, and CRISC certifications. He has co-authored several books (including “Cyber Risk,” “Governance, Compliance and Supervision in the Capital Markets,” and “The Cyber Elephant in the Boardroom”) and has presented at over 30 conferences in North America and Europe on topics of Information and Technology Risk.

  • speaker photo
    Albert Caballero
    Americas Field CISO Director, SentinelOne

    Albert Caballero is a patented cybersecurity expert, systems integrator, and published technologist with a passion for security engineering, cloud computing, and threat intelligence. Currently Field CISO at SentinelOne, he has acted as Global Head of Security Engineering at Warner Bros. Discovery and BISO with WarnerMedia and ATT. Co-founded Trapezoid, a cybersecurity software company focused on firmware integrity management, and was Technical Product Manager in the SIEM space for what is now Tripwire Log Center. He has also run a large security operations center at Terremark, a Verizon managed services provider, helping defend government agencies and corporate entities by leading incident response teams and conducting forensic investigations at scale alongside Kroll and other major security services firms.

  • speaker photo
    Tamika Bass
    Cybersecurity Director, Gannett Fleming

    Tamika Bass is an Information Security professional with more than 17 years’ experience in information security, including information security governance and risk management. Tamika is passionate about improving communication and understanding of information security in the industry. Tamika is an active speaker, college professor and enjoys spending her time educating technical staff on the importance of communicating effectively in the Information Technology space. Tamika holds the following certifications: CISA,CRISC, HCISPP, CBCP.

  • speaker photo
    Vlad Brodsky
    CISO, SVP of IT Operations and Infrastructure, OTC Markets Group Inc.

    Vlad Brodsky is the Chief Information Security Officer and SVP of IT Operations and Infrastructure at OTC Markets Group, a regulated publicly traded financial institution that operates the world’s largest OTC equity electronic marketplace.

    Vlad has a bachelor’s in computer science and economics from Brandeis University, an MBA from NYU Stern and CRISC, CDPSE, CCISO, CISSP, DDN Boardroom QTE, PMP, FINRA Series 7, 24, and 99 certifications and licenses.

    He is also a New Metro InfraGard Board Member, an EC Council CCISO Exam Committee member and an Advisory Board Member at VigiTrust Global and HMG Strategy.

  • speaker photo
    Peter Tse
    Head of Information Security, CTBC Bank New York Branch

    Peter is the head of Information Security for CTBC Bank New York branch, where he oversees the Cyber Security Program. With more than 25 years of experience in financial services, information security, and information technology, Peter has expertise in cybersecurity governance, risk management, and cybersecurity technologies.

  • speaker photo
    Matt Hillary
    Vice President of Security & CISO, Drata

    Matt Hillary is the Vice President of Security and CISO at Drata—a continuous security and compliance automation company—where he oversees Drata’s global security, IT, compliance, and privacy strategy and programs. With 15+ years of security experience, Matt has a track record of building and leading exceptional security programs. He has been in a number of security leadership roles, including Senior Vice President of Systems and Security and CISO at Lumio, CISO at Weave, VP, Security and CISO at Workfront, VP of Security at Instructure, and other lead security roles at MX, Adobe, and Amazon Web Services. Matt’s areas of expertise include risk management, IT governance, security, compliance, identity and access management, application security, data protection, and much more. Outside of work, Matt enjoys traveling with his wife, making fun memories with his four kids, and experiencing all this amazing world has to offer.

  • speaker photo
    Kashif Zaidi
    Director of Solution Architects, Aqua Security
  • speaker photo
    Saketh Machavarapu
    Business Development Manager, SSH Communications Security

    With over 13 years of experience working in Unix and Cybersecurity teams in Fortune 500 companies, Saketh currently is responsible for Pre-sales, Architecture and Strategic Accounts in Americas. Prior to SSH, Saketh spent most of time in enterprise architecture and evaluating solutions that are eventually deployed into Production along with Deployment Strategy. Saketh enjoys talking about security topics, best practices, and user experiences with different software solutions.

  • speaker photo
    Andrew Neville
    Director, Channel & Sales Engineering, WithSecure

    Andrew has more than 10 years of experience in strategic alliances at BitSight and Recorded Future, currently leading the WithSecure Product and Services commercial and sales engineering teams in North America.

  • speaker photo
    Chris Tillett
    Sr. Engineer, Strategic Product Intelligence, Palo Alto Networks

    Chris currently works for Palo Alto Networks in R&D, helping customers stay ahead of threat actors and helping our products stay customer focused. His experience with UEBA and IAM helped drive the ITDR module to not only focus on Identity based attacks, but also the entire Identity lifecycle helping to improve outcomes for customers and detections for Insider Threat programs across the globe. He loves talking to customers about SIEM, Security Operations, and the analyst experience which allows him to learn and adjust accordingly. Never an expert, always a student.

  • speaker photo
    Marlowe Cochran, Moderator
    CISO, New York State Department of Education

    Marlowe Cochran has been working in the IT field for over 30 years, with 20 plus years in information security roles. He has worked in a multitude of sectors from government to health care. In his current role at the New York State Department of Education, he is the Chief Information Security Officer. Marlowe currently collaborates with internal and external stakeholders in regard to modernizing technology and data sharing; he oversees data risk assessment/management, incident response, the development of policies/procedures, and manages the overall risk posture of the agency.

  • speaker photo
    Chris Tillett
    Sr. Engineer, Strategic Product Intelligence, Palo Alto Networks

    Chris currently works for Palo Alto Networks in R&D, helping customers stay ahead of threat actors and helping our products stay customer focused. His experience with UEBA and IAM helped drive the ITDR module to not only focus on Identity based attacks, but also the entire Identity lifecycle helping to improve outcomes for customers and detections for Insider Threat programs across the globe. He loves talking to customers about SIEM, Security Operations, and the analyst experience which allows him to learn and adjust accordingly. Never an expert, always a student.

  • speaker photo
    Tomás Maldonado, Moderator
    CISO, NFL

    Tomás Maldonado is the Chief Information Security Officer (CISO) at the National Football League (NFL).  He is globally responsible for leading the information security program for the League and its entities.  Maldonado has over 23 years of experience in this area, having led global information security teams and programs at several large international organizations.

    Prior to Joining the NFL, Maldonado was the CISO at International Flavors & Fragrances where he was globally responsible for establishing and leading the Cybersecurity & Technology Risk Management business unit.

    Maldonado was also an executive director and CISO for the corporate sector of JPMorgan Chase, where he established and shaped the future direction of the security program and focus for the line of business. He was also a VP of technology risk management at Goldman Sachs where he worked on several key initiatives namely creating and leading the data loss protection program. He had additional opportunities at Schroders where he was the network security officer, Ernst & Young and Bloomberg LP.

    Maldonado serves as an advisory board member to several innovative companies. He has several industry recognizable certifications: he is a CISSP, a CISM, a CDPSE, and a CRISC. He also holds a Bachelor of Science in computer science from Fordham University.

  • speaker photo
    Sara Ricci
    Information Risk, Governance, and Resilience Executive, Hudson's Bay Company (Former)

    Sara Ricci is an accomplished executive with a proven track record in global leadership roles, building new capabilities and enhancing organizational resilience. She is experienced in Risk Management and Technology Enablement in highly regulated financial and energy sectors. Sara excels at building trust and credibility with executives, clearly communicating risk concepts and strategies in non-technical terms to help drive business results.

    As a Risk and Resilience leader, Sara leverages prior experience as Head of Information Risk Governance and Resilience at HBC and senior leadership roles at HCL Technologies, New York Power Authority, JP Morgan Chase, Citi, Bank of America and UBS. She has led global implementations of governance, risk management and compliance programs, aligning risk and reward with business strategy, specializing in Operational Risk, IT Risk, Information Security, Business Continuity, Enterprise Risk, Third Party Risk, Operational Resilience, Enterprise Resource Planning, Software development and Business Process improvements.

    Sara actively collaborates across organizations and helped develop industry guidance for the financial and energy sectors, including maturity models in Resilience and Cybersecurity, whitepapers and benchmarking studies in Risk Appetite and Resiliency. MBA (Finance and Management), CRISC, CDPSE, CBCP, HSEEP, SCR.

  • speaker photo
    Robert Mazzocchi, Moderator
    VP, Identity & Access Management for Global Information Security & Compliance, AIG

    Robert Mazzocchi was the Vice President Identity & Access Management for Global Information Security & Compliance at AIG for 16 years. In this role, he had corporate responsibly for the implementation of the AIG’s Identity & Access Management Strategy and Program across AIG’s global business lines.

    Prior to joining AIG, Mr. Mazzocchi held positions in Financial Services for 24 years as Vice President and CISO for the 16th largest bank in the U.S. Vice President of Loan Origination and Servicing, Payments processing, Retail Support and Operations, Internal and External Fraud detection.

  • speaker photo
    Jordan Fischer
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP

    Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Donovan Blaylock
    Sr. Director of Solutions, SecureAuth
  • speaker photo
    Chris Harding
    Solutions Engineer, Outshift by Cisco
  • speaker photo
    Kartik Maddali
    Senior Solutions Engineer, Okta

    Accomplished Business and Technology professional with over a decade focused on strategic account software sales, advanced enterprise software applications, modeling, business process optimization, solution development and software implementation. Strong technical and business acumen with the ability to execute a wide range of strategies designed to generate impressive results. Skilled at breaking down communication barriers and promoting cross functional cooperation. Broad knowledge of international and cultural backgrounds.

  • speaker photo
    Jeff Edstrom
    Director, Infrastructure Security, AccessIT Group

    Jeff Edstrom is the Director of Infrastructure Security at AccessIT Group (AITG). Jeff is a cybersecurity leader with over twenty years of experience managing infrastructure, security, compliance and support teams across North America and Europe. Jeff enjoys solving complex problems, getting to the root cause and deploying robust solutions that take advantage of his experience and unique insight. His career has led him to work with everything from large multinationals to extreme growth unicorn startups and everything in between. This breadth of experience allows Jeff to do more than suggest solutions to immediate issues, but rather address challenges holistically, saving costs and undue complexity.

  • speaker photo
    Charles Lee
    Enterprise Sales Engineering Manager, Rubrik
  • speaker photo
    Henry Jiang, Moderator
    CISO, Diligent Corporation

    Henry Jiang is a seasoned cybersecurity professional with extensive experience and expertise in securing software-as-a-service (SaaS) companies. As the Chief Information Security Officer (CISO) at Diligent Corporation, Henry is responsible for developing and implementing robust security strategies that protect the company's valuable assets, data, and infrastructure.

    Prior to joining Diligent, Henry held various leadership roles in the financial services industry, serving as the CISO at Oppenheimer & Co. and as the Head of Cyber Risk at Societe Generale Corporate and Investment Banking (USA). He has also contributed to the cybersecurity community as an active member of customer advisory boards for several cybersecurity companies. Henry shares his knowledge and insights through his blog posts, book chapters, and podcasts. Henry holds the Certified Information Systems Security Professional (CISSP) certification, demonstrating his commitment to excellence in the field of cybersecurity.

  • speaker photo
    Robyn Ready
    CISO, KnitWell Group

    With more than 17 years’ experience in the cybersecurity field, Robyn has led five organizations in their transformation from no security program or a minimal security program to a mature security organization. Starting with an organization that needed to achieve NIST compliance to survive, moving to a large financial firm, and then into the retail industry, Robyn has been instrumental in achieving continuous risk reduction for all these organizations. These risk reductions allowed her to move to her next challenge while leaving a team that was set up to succeed and continue their maturity journey. This includes not only cybersecurity but also the IT risk, IT compliance, and when it came, privacy disciplines.

    Currently responsible for security, IT risk, IT compliance, and privacy at the Knitwell Group, Robyn has been asked to lead the IT Operations team, as well. This adds the Service Desk, Identity and Access, Major Incident Response, Production Control, and Operations to her responsibilities, which is a little bit of back to the future for her, as she started her journey on the Help Desk and in Professional Services, prior to making the move into the security field.

  • speaker photo
    Andy Olpin
    Sr. Solutions Engineer, Lookout

    Andy is a seasoned cybersecurity professional with more than 20 years in the field. At the Walt Disney Company, Andy was a compliance and security architect, managing solutions for Disney's broad portfolio of businesses. He moved on to be a solutions architect for MobileIron and now Lookout, where he has been for the past five years.

  • speaker photo
    David Monnier
    Chief Evangelist, Team Cymru

    David has been with Team Cymru since 2007. Prior, he served in the U.S. Marine Corps as a Non-Commissioned Officer. He then worked at Indiana University where he helped to build some of the most powerful computational systems of their day. He transitioned to cybersecurity and helped launch the Research and Education Networking ISAC. At Team Cymru, he has been an engineering leader, a Community Services team member, and a security analyst. David led efforts to secure the firm's intelligence infrastructure and established processes the firm relies on today. Currently, David assists CSIRT teams worldwide and fosters data sharing partnerships.

  • speaker photo
    Davin Darnt
    CISO, Americas, Louis Vuitton

    With a dynamic career spanning 20 years, including seven years at prestigious luxury retail company, Louis Vuitton. Davin Darnt currently excels as the Chief Information Security Officer (CISO) for the Americas region. His journey in the company has been marked by significant leadership roles, including Head of IT Operations and Head of Technical Projects, where he honed his expertise in steering complex IT initiatives and strategies.

    In his current role as CISO, Davin is at the forefront of defining and implementing robust security protocols, safeguarding the company's digital assets against evolving cyber threats. His approach combines cutting-edge technology with a deep understanding of the unique challenges in the luxury retail sector, ensuring both resilience and compliance.

    Previously, Davin has led diverse, high-performing teams across Service Delivery, Systems Engineering, Digital Workplace and Mobile & Collaborative technologies . His leadership style is deeply influenced by his time in the United States Marine Corps (USMC), where he developed an ethos of discipline, adaptability, and unwavering commitment to excellence. He holds multiple certifications including CISSP, CCSP & CSM designations.

    Davin's ability to navigate the complex intersection of technology, security, and luxury retail has not only driven operational efficiencies but has also significantly contributed to the company's reputation for innovation and customer trust. His visionary leadership continues to be a pivotal asset in the company's ongoing success and digital transformation journey.

  • speaker photo
    Afzal Khan
    Global CISO, OPKO Health, Inc.

    Afzal Khan is a distinguished leader in the field of technology security and risk management, bringing over 26 years of expertise to his role. Currently serving at OPKO, he provides strategic direction and guidance on technology risk management, IT, OT, and cybersecurity, ensuring compliance with IT regulatory standards across domestic and international entities. Afzal's extensive experience includes notable positions such as the Global Head of IT Security, Risk Management & Compliance at Everest Reinsurance, where he led critical projects and built robust organizational teams. He holds 7 security and risk management certifications, including CISSP, CISA, and CRISC, underscoring his deep knowledge in the field. Afzal is renowned for his visionary approach, aiming to establish a secure technology platform aligned with business objectives, emphasizing a business-focused and risk-based approach to security decisions. His dedication to operational excellence and adaptability in the face of disruptive technologies have made him a trusted leader in the industry.

  • speaker photo
    Jordan Fischer, Moderator
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP

    Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes