- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Tuesday, November 14, 20239:00 am[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0vCISO, Cyber Risk Opportunities LLCRegistration Level:
- SecureWorld Plus
9:00 am - 3:00 pmLocation / Room: Brecht (4th floor)Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
- Wednesday, November 15, 20237:30 amRegistration openRegistration Level:
- Open Sessions
7:30 am - 4:30 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 4:30 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amA People-Centric Approach to Breaking the Attack ChainPresident, ISSA NY Metro ChapterRegistration Level:- Open Sessions
8:00 am - 8:50 amLocation / Room: LyceumThe Cyber Attack Chain is a well-known tenet of cybersecurity professionals. However, breaking the chain can be fraught with complexities and confusion between policies, tactics, controls and solutions. This talk will unravel some of the complexities of breaking the attack chain, specifically focusing on two areas: insider threats and information protection.
8:00 amAdvisory Council Roundtable Breakfast – (VIP / Invite only)The State of Cybersecurity in 2023: The Good, the Bad, and the UnknownExecutive Director, Americas Region, CRESTRegistration Level:- VIP / Exclusive
8:00 am - 8:50 amLocation / Room: ImperialThe bad actors are getting more sophisticated. A new “hybrid war” landscape thanks to the Ukraine-Russia war and now the Israel-Hamas war. Current and developing vectors for attacks: BEC, malware, phishing, DDoS, spyware, ransomware, and more.
Join this VIP roundtable breakfast for SecureWorld New York City Advisory Council members to rub elbows and commiserate with CISO peers and invited guests to share ideas, best practices, and lessons learned in the fight to keep the public and private sectors safe from cybercrime. And let’s not forget the challenge of filling the cybersecurity talent pipeline.
9:00 am[Opening Keynote] Cyber World on Fire: A Look at Internet Security in Today’s Age of ConflictCNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLCRegistration Level:- Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterThis informative session analyses the growing threat of cyberattacks and risks to internet security in today’s world. Col. Leighton explores the various types of attacks and vectors, including how bad actors can impact businesses and individuals. The session also examines the role of governments and international organizations—partnering with public and private businesses—in protecting against cyber threats.
Col. Leighton describes how nefarious actions are becoming increasingly more sophisticated and widespread, with hackers targeting not just large corporations but also smaller businesses and even individuals. He emphasizes the need for organizations to take proactive measures to protect their networks and data, including investing in advanced security technologies and providing regular training to employees.
He shares examples of cyber activity—good and bad; offensive and defensive—from Ukraine, China, and around the globe.
9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:15 amGuardians of the Vault: Cybersecurity Strategies from Financial Sector LeadersDirector, Cyber Administration, BlackRockSVP & CISO, Pendulum Holdings, LLC; CISO, MarcyPen Capital Partners, LLCRegistration Level:- Conference Pass
10:15 am - 11:00 amLocation / Room: Alvin/CarnegieDelve into the realm of financial cybersecurity as industry leaders take the stage in to share their cutting-edge strategies for threat intelligence and best practices employed to safeguard sensitive data, fortify defenses, and stay steps ahead of cyber threats in a modern world.10:15 amSecuring the Supply ChainHead of Information and Cyber Risk, Santander Capital MarketsRegistration Level:- Conference Pass
10:15 am - 11:00 amLocation / Room: LyceumThe global supply chain is increasingly complex and interconnected, and this has created new opportunities for cybercriminals. This session covers the latest threats to the supply chain and how organizations can protect themselves, including:
- The most common supply chain attacks
- How to identify and assess supply chain risks
- Strategies for mitigating supply chain risks
- Case studies of organizations that have been hit by supply chain attacks and how they responded
We will also discuss the role of governments and industry in securing the supply chain.
10:15 amGenerative AI in Cloud Security - Security Impacts of Artificial IntelligenceAmericas Field CISO Director, SentinelOneRegistration Level:- Open Sessions
10:15 am - 11:00 amLocation / Room: EdisonDelve into the transformative power of AI in the cloud and its wide-ranging cybersecurity implications. It introduces the contributions of Generative AI tools and Large Language Models (LLM) to the AI revolution. We examine how AI automation streamlines routine tasks and enables data analysis at scale, leading to improved user experiences and the emergence of new services and business models. We also discuss the crucial aspect of AI-enhanced security defenses and the potential risks posed by AI-based attacks. We emphasize the importance of the human element in shaping AI systems and peer into the future concern and potential of AI.
11:00 amNetworking BreakRegistration Level:- Open Sessions
11:00 am - 11:10 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
11:10 amLean on Me: Effective Interdepartmental Communication in Modern TimesCybersecurity Director, Gannett FlemingRegistration Level:- Conference Pass
11:10 am - 11:55 amLocation / Room: EdisonIt is now more important than ever for security professionals to communicate effectively with team members and business stakeholders at all levels, both in-person and virtually. Interdepartmental communication and collaboration can increase compliance and maintain a safe and secure organization. This session focuses on fostering effective communication and collaboration across various departments within the organization.
11:10 amModern Authentication Solutions and ChallengesSVP, CIO, and CISO, OTC Markets Group Inc.Head of Information Security, CTBC Bank New York BranchRegistration Level:- Conference Pass
11:10 am - 11:55 amLocation / Room: LyceumLarge tech companies are embracing the FIDO2 alliance and passkeys to remove passwords and replace legacy MFA solutions. Should you as well?
In this session we will discuss the following topics:
- What are passkeys and how are they being adopted for consumer and enterprise applications
- What are the differences between Synced and Hardware-bound passkeys
- How to choose the right passkey solution for consumer vs enterprise applications
- What are some of the concerns with utilizing Synced passkeys in the enterprise
11:10 am[Panel] Symphony of Cyber Defense: Confronting the Crescendo of Threats in the Digital OrchestraIdentifying the Current Threat LandscapeVice President of Security & CISO, DrataDirector of Solution Architects, Aqua SecurityBusiness Development Manager, SSH Communications SecurityDirector, Channel & Sales Engineering, WithSecureSr. Engineer, Strategic Product Intelligence, Palo Alto NetworksCISO, New York State Department of EducationRegistration Level:- Open Sessions
11:10 am - 11:55 amLocation / Room: Alvin/CarnegieIn the ever-changing symphony of the cyber realm, a cacophony of threats echoes throughout. Ranging from ransomware to data breaches, phishing, and intricate APTs, the orchestra of cyber threats grows in complexity. Emerging risks like IoT, cloud computing’s unpredictability, AI’s deceptiveness, and cryptocurrency add new layers to our musical security tapestry.
Threat actors—wielding exploit kits and Zero-Day vulnerabilities—orchestrate their attacks, preying on human vulnerabilities in perfect synchronization with state-sponsored cyber operations. To counter this threat, collaboration is essential. Proactive security practices, training cadences, and threat intelligence sharing must happen. The interplay of public and private sectors is key to a resilient digital effort.
Let us march to the beat of constant vigilance, adaptability, and investment in a fortified infrastructure. Together, we will compose a symphony of cybersecurity, safeguarding the digital soundscape and ensuring a melodious future.
12:00 pm[Lunch Keynote] The Modern SOC, Reimagined: Hear the Future and Fight Tech with TechSr. Engineer, Strategic Product Intelligence, Palo Alto NetworksRegistration Level:- Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterModern applications, workloads, and microservices are generating vast amounts of data faster than most security operations centers (SOCs) can adapt. And security teams operating on a legacy SOC model can spend hours—even days—triaging a single threat event. How can SOC teams outpace modern threats? By fighting technology with technology and leaning into AI to augment analysts, SOC teams can amp up their defenses and focus on more critical issues.
So, what’s next for the SOC? Join this keynote with Chris Tillett, SecOps Transformation Advisor, as he discusses today’s advanced adversaries and shares expert views on how SOC teams must adapt to cope with a flood of disconnected data.12:00 pmAdvisory Council Lunch Roundtable – (VIP / Invite Only)Remaining Resilient and Identifying the Next Transformation Facing Cybersecurity ProfessionalsCISO, NFLRegistration Level:- VIP / Exclusive
12:00 pm - 12:45 pmLocation / Room: ImperialJoin this invitation-only meeting for SecureWorld New York Advisory Council members to discuss:
- The next transformation that is going to “bite cybersecurity professionals in the @ss” and the shifts to take note of in the cybersecurity landscape
- What transformations are coming in the next 5-10 years that cybersecurity professionals, and business leaders in general, should be thinking about
- Resilience. How do we stress the importance of resilience when it comes to data centers?
- What keeps cybersecurity professionals like you up at night is what you can’t even imagine is coming next.
Come prepared to add to the discussion. The more voices, the better.
12:45 pmNetworking BreakRegistration Level:- Open Sessions
12:45 pm - 1:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pmFireside Chat with Sara Ricci: Understanding Resilience to Improve Board-Level Security ConversationsInformation Risk, Governance, and Resilience Executive, Hudson's Bay Company (Former)VP, Identity & Access Management for Global Information Security & Compliance, AIGRegistration Level:- Conference Pass
1:15 pm - 2:15 pmLocation / Room: EdisonCybersecurity and business disruption are both enterprise-level risks and getting board scrutiny and attention. Why is there increasing focus on resilience?
Although we often have good cyber Incident Response plans and even real-time monitoring of threats in the CISO’s domain, we find that the holistic handling of an IT disaster (may be caused by a cyber incident, human error, malfunction, or natural disaster) that then disrupts the business is often lacking and response takes place in silos. The linkages and handoffs are often not understood, as they are not documented and there is not a good understanding how a disruption impacts the business and its customers. What does the board need to know?
The key takeaway will be understanding the concept of resilience and how it can further the conversation about security at the board level.
1:15 pmThe New World Order for CISOs: Privacy, the SEC, and AccountabilityCEO & Founder, Fischer Law, LLCRegistration Level:- Conference Pass
1:15 pm - 2:15 pmLocation / Room: LyceumAs CISOs become increasingly accountable for their organization’s cybersecurity posture, they must also be mindful of the ever-changing regulatory landscape. One area of particular concern is the intersection of privacy, the SEC, and accountability.
In this session, we will discuss the following topics:
- The SEC’s recent cybersecurity regulatory actions and their implications for CISOs
- The growing importance of privacy in the cybersecurity landscape
- How CISOs can balance the need to protect privacy with the need to comply with SEC regulations
- Strategies for CISOs to demonstrate accountability for their organization’s cybersecurity posture
1:15 pm[Panel] Cloud Sonata: Orchestrating Security in the Digital SkySecuring Your Cloud EnvironmentSr. Director of Solutions, SecureAuthSolutions Engineer, Outshift by CiscoSenior Solutions Engineer, OktaDirector, Infrastructure Security, AccessIT GroupEnterprise Sales Engineering Manager, RubrikCISO, Therapy BrandsRegistration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: Alvin/CarnegieIn the symphony of modern cybersecurity, the cloud environment plays a key role as both a conductor of efficiency and a source of potential vulnerabilities. As organizations increasingly embrace the cloud to unlock agility and scalability, it is crucial to harmonize the protective measures that safeguard these virtual landscapes.
This panel discussion delves into the intricate nuances of securing cloud environments. These experts will share their orchestration of robust security frameworks, best practices, and cutting-edge technologies that fortify the digital sky against threats. From encryption and access controls to identity management and incident response, they will explore the melodies of defense that resonate within the cloud and how they can impact any organization.
2:15 pmNetworking BreakRegistration Level:- Open Sessions
2:15 pm - 2:30 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:30 pmBack to the Future: Hot Takes and Rediscovering Cybersecurity BasicsCISO, KnitWell GroupRegistration Level:- Conference Pass
2:30 pm - 3:15 pmLocation / Room: Alvin/CarnegieWith all the discussion about the future of cybersecurity and the advent of Artificial Intelligence (AI), it’s time to go “Back to the Future” and rediscover our cybersecurity roots. This session will explore the “Top 5 Basics of Cybersecurity” to ensure you cyber-proof your organization. We’ll also chat through why these basics are still important even as AI evolves in both popularity and usage. Live audience Q&A is welcomed to discuss “hot takes” and lead to thoughtful conversation.
2:30 pmPhishing Tricks and Zero Clicks: Tracking Mobile ThreatsSr. Solutions Engineer, LookoutRegistration Level:- Conference Pass
2:30 pm - 3:15 pmLocation / Room: LyceumFrom 0ktapus’s breaches of major organizations to NSO Group’s espionage of world leaders and civil society, mobile threats have captured credentials and headlines in the past year. While many still consider mobile devices an asset to be managed rather than an endpoint to be protected, recent attacks have proven that phones are ripe targets for exploitation. Join Lookout’s Director of Mobile Threat Intelligence as he dives into trends and reporting on such threats and provides insight into the company’s own intelligence on APT activity targeting this often overlooked vector.
2:30 pmCybersecurity in Real-Time: Anticipating Threats and Decoding Network BehaviorChief Evangelist, Team CymruRegistration Level:- Open Sessions
2:30 pm - 3:15 pmLocation / Room: EdisonIn the fast-evolving realm of cybersecurity, professionals must anticipate emerging threats while simultaneously addressing active ones. A proactive defense strategy is paramount, but so is the ability to quickly assess the impact of present threats. By leveraging NetFlow data analysis, they can preemptively counter threats, often before they go live, and efficiently differentiate between regular and malicious network activities. Specialized tools enhance this by uncovering hidden aspects of the IT landscape, fortifying both proactive and reactive defenses. This session explores three major challenges security operations teams face and how we effectively address them.
3:15 pmNetworking Break and Dash for PrizesRegistration Level:- Open Sessions
3:15 pm - 3:45 pmLocation / Room: Exhibitor HallVisit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.
Participating sponsors will announce their Dash for Prizes winners. Must be present to win.
3:45 pm[Closing Keynote] Cybersecurity Fusion: Uniting Forces for Modern Digital DefenseCISO, Americas, Louis VuittonGlobal CISO, OPKO Health, Inc.Founding Partner & Owner, Fischer Law, LLCRegistration Level:- Open Sessions
3:45 pm - 4:30 pmLocation / Room: Keynote TheaterHear from local cybersecurity executives in an electrifying panel discussion on how industry leaders collaborate across sectors, academia, and organizations to tackle evolving cyber threats. You’ll gain valuable insights on innovative strategies, emerging technologies, and interdisciplinary approaches to reinforce digital defenses and protect against cyber risks for your organization. Open Q&A following discussion.
- AccessIT GroupBooth: 175
AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.
AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.
- Aqua SecurityBooth: 130
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed. Aqua customers are among the world’s largest enterprises in financial services, software, media, manufacturing and retail, with implementations across a broad range of cloud providers and modern technology stacks spanning containers, serverless functions, and cloud VMs.
- CRESTBooth: 280
CREST is an international not-for-profit accreditation and certification body that represents and supports the technical information security market. CREST provides internationally recognised accreditations for organisations and professional level certifications for individuals providing penetration testing, cyber incident response, threat intelligence, and Security Operations Centre (SOC) services.
- CybelAngelBooth: 270
CybelAngel is a global leader in cybersecurity solutions focused on External Attack Surface Protection and Management. As an early pioneer in ‘outside-in’ search technology, approaching cybersecurity just as an attacker would carry out infiltration, CybelAngel has developed the industry’s most extensive defense for external attack vectors, where the majority of cyber-attacks are initiated. Combining expanded discovery and analysis, CybelAngel finds unknown assets and exposures to preemptively diffuse attack vectors that cyber criminals use to breach systems and wreak havoc.
CybelAngel proudly protects some of the largest global enterprises representing various sectors including the Pharmaceutical, Manufacturing, Retail, and Financial Services. CybelAngel’s Xtended External Attack Surface Management (EASMX) is the only solution comprehensive enough to protect an enterprise’s entire external attack surface, regardless of where assets reside.
- DrataBooth: 125
Replace manual GRC efforts, reduce costs, and save time preparing for audits and maintaining compliance. Drata is the world’s most advanced security and compliance automation platform with the mission to help companies earn and keep the trust of their users, customers, partners, and prospects. We help thousands of companies streamline compliance for SOC 2, ISO 27001, HIPAA, GDPR, your own custom frameworks, and many more through continuous, automated control monitoring and evidence collection. Drata is backed by ICONIQ Growth, Alkeon, Salesforce Ventures, GGV Capital, Okta Ventures, SVCI (Silicon Valley CISO Investments), Cowboy Ventures, Leaders Fund, Basis Set Ventures, SV Angel, and many key industry leaders. Drata is based in San Diego, CA with team members across the globe.
- Ekran SystemBooth: 135
Ekran System® insider threat protection platform is a powerful software solution to help security teams with such tasks as employee activity control, third-party vendor control, and incident investigation. This agent-based platform delivers essential functionality of granular access control, identity management, and detailed activity monitoring via lightweight software agents installed on desktops, servers, and jump servers.
Ekran System platform supports any network architecture, virtual and physical infrastructures, and the broadest operating system set on the market.
- EndaceBooth: 250
Customers choose Endace products for one primary reason: they deliver, where competitor products fail. Whether it is capture accuracy, fidelity of time stamps, write-to-disk performance or speed of traffic retrieval, Endace is famous for delivering the very best performing products. Telcos, broadcasters, governments, defence departments, investment banks and many other large enterprises trust our products to help them manage their critical data networks.
- Envision Technology AdvisorsBooth: 295
Envision Technology Advisors is a business and technology consultancy specializing in Digital Transformation, Cybersecurity, Business Continuity, Infrastructure Consulting, Web Design and Development, and much more. With offices in Rhode Island and the Boston area, Envision serves clients throughout New England and beyond.
- InfraGard NJBooth: TBD
InfraGard is a partnership between the Federal Bureau of Investigation (FBI) and members of the private sector for the protection of U.S. Critical Infrastructure. Through seamless collaboration, InfraGard connects owners and operators within critical infrastructure to the FBI, to provide education, information sharing, networking, and workshops on emerging technologies and threats. InfraGard’s vetted membership includes: business executives, entrepreneurs, lawyers, security personnel, military and government officials, IT professionals, academia and state and local law enforcement—all dedicated to contributing industry-specific insight and advancing national security. InfraGard NJ is a nonprofit 501(c)3 organization comprised of members across NJ.
- InfraGard New York MetroBooth: TBD
The New York City Metro InfraGard Members Alliance (NYM-IMA) is a local program of the INMA. The New York Metro InfraGard Chapter holds regular meetings and provides members with a forum for information sharing within a secure environment, while focusing on protecting the critical infrastructure of New York City and surrounding areas.
Member’s alliance are part of a national network of FBI-vetted volunteers who are critical infrastructure SME in one or more sectors. It provides a trusted forum for the real-time exchange of information, training and expertise related to the protection of critical infrastructure and key resources from both physical and cyber threats.
- ISACA New York Metropolitan ChapterBooth: 285
Our Mission: As a leading ISACA chapter, our mission is to serve our membership by providing world-class training, networking opportunities, and guidance while contributing to the profession both locally and internationally. Today, ISACA is a worldwide organization with over 200 chapters and the New York Metropolitan Chapter has grown to be one of the largest ISACA chapters in the world.
Our Membership: The New York Metropolitan Chapter has over 3,800 members, from the information systems audit/assurance, information security, IT risk management, and governance professions. Our members represent a wide array of industries including financial services, accounting and consulting, legal services, education, entertainment, health care, retail, public utilities, and government/regulatory entities – and hold positions ranging from entry level staff to senior management.
- KeysightBooth: 225
Keysight’s portfolio of network security solutions simulate threats, eliminate blind spots, taking control of a rapidly-changing attack surface. Be a hero, not a headline, by proving your network is secure simulating attacks, exposing gaps early, and course correct with step-by-step fixes; protecting users and applications with increased the efficiency, performance, and reliability of your security systems; patrolling every packet eliminating vulnerable blind spots and decrypt threats hiding in SSL traffic; and practice your cyber skills enhancing your security and attack response skills against real-world threats.
- LogRhythmBooth: 140
LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.
- LookoutBooth: 160
Lookout is a cybersecurity company that makes it possible for individuals and enterprises to be both mobile and secure. With 100 million mobile sensors fueling a dataset of virtually all the mobile code in the world, the Lookout Security Cloud can identify connections that would otherwise go unseen—predicting and stopping mobile attacks before they do harm.
- OktaBooth: 115
Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.
- Outshift by CiscoBooth: 190
Outshift by Cisco is the incubation engine for Cisco’s emerging technologies exploring innovation in cloud native development, AI/ML, API security, observability, network automation, and more.
Backed by Cisco’s unrivaled portfolio of end-to-end security solutions, Panoptica offers a differentiated experience for complete code to cloud security coverage.
Panoptica is Outshift by Cisco’s cloud native application security solution. It secures modern applications and workloads to ensure end-to-end security and compliance in multicloud environments. Utilizing advanced visual contextual insights along attack paths, Panoptica boosts visibility, accurately prioritizes risks, and offers actionable remediation guidance, securing your entire cloud application stack.
- OWASP – New York CityBooth: 290
OWASP Foundation is a 501(c)3 Not for Profit association with local and global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button.
- Palo Alto NetworksBooth: 155
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before.
- Ping Identity + MajorKey TechnologiesBooth: 275
Ping Identity delivers intelligent identity solutions for the enterprise. We enable companies to achieve Zero Trust identity-defined security and more personalized, streamlined user experiences.
MajorKey improves security performance by reducing user friction and business risk, empowering your people, and protecting your IP. We provide Advisory, Integration, and Managed Services for Identity and Access Management, Application Deployment and Security, Data Security and Governance, and Cloud Security. Delivering at the speed of business to protect our client’s identities, apps, data, and systems without hampering their agility. For more information, go to majorkeytech.com.
- ProbelyBooth: 215
Probely is the premier cloud-based application security testing solution designed to empower Security and DevOps teams working efficiently together on a DevSecOps approach built to reduce risk across web applications and RESTful APIs.
Probely empowers Security and DevOps or Development teams to work together to secure their web applications and APIs. Our goal is to narrow the gap between development, security, and operations by making security an intrinsic characteristic of web applications development life-cycle.
With over 30,000 vulnerabilities detection capabilities, including SQLi, XSS, Log4j, OS Command Injection, and SSL/TLS issues, Probely reports vulnerabilities that matter, is false-positive free, and includes detailed instructions on fixing them.
- RubrikBooth: 150
Rubrik, the Zero Trust Data Security Company, delivers data security and operational resilience for enterprises. Rubrik’s big idea is to provide data security and data protection on a single platform, including Zero Trust Data Protection, ransomware investigation, incident containment, sensitive data discovery and orchestrated application recovery. This means data is ready at all times so you can recover the data you need and avoid paying a ransom. Because when you secure your data, you secure your applications, and you secure your business.
- SaviyntBooth: 240
Saviynt’s Enterprise Identity Cloud helps modern enterprises scale cloud initiatives and solve the toughest security and compliance challenges in record time. The company brings together identity governance (IGA), granular application access, cloud security, and privileged access to secure the entire business ecosystem and provide a frictionless user experience.
- SecureAuthBooth: 235
SecureAuth enables the most secure and passwordless, continuous authentication experience for everyone, everywhere. The patented AI/ML technology allows frictionless access to any file and any application across your heterogenous environment. The platform extends the security of your IdP or it can be used as an end-to-end solution.
- SentinelOneBooth: 100
SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.
- SSH Communications SecurityBooth: 265
As the inventor of the SSH protocol, we have a twenty-year history of leading the market in developing advanced security solutions that enable, monitor, and manage encrypted networks. Over 3,000 customers across the globe trust the company’s encryption, access control and encrypted channel monitoring solutions to meet complex compliance requirements, improve their security posture and save on operational costs. SSH Communications Security is headquartered in Helsinki and has offices in the Americas, Europe and Asia. The company’s shares (SSH1V) are quoted on the NASDAQ OMX Helsinki. For more information, visit www.ssh.com
- SynopsysBooth: 220
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
- TechTargetBooth: n/a
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- Team CymruBooth: 165
Team Cymru’s mission is to save and improve human lives. We are unrivalled across three disciplines; digital business risk platforms, free to use community services and support services to over 143 Government CSIRT teams.
Our business risk and threat intelligence platforms empower global organizations with unmatched Threat Reconnaissance and Attack Surface Management capabilities to meet the challenges of today’s cyber threats.
Community Services equip those who run the internet to defend it from criminals who wish to disrupt and cause harm, and CSIRT enables Governments the tools to outmaneuver nation state threat actors.
Since 2005, our reputation remains unchallenged.
- ThreatLockerBooth: 195
ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com
- UnderDefenseBooth: 180
UnderDefense is a leading global cybersecurity company widely recognized by industry experts, such as Gartner and Clutch. The perfect combination of our expertise and sophisticated technologies allows us to predict, detect, and respond to the most advanced & aggressive cyber threats.
- WithSecureBooth: 110
WithSecure™ (formerly F-Secure Business) is cybersecurity’s reliable partner. IT service providers, MSSPs and businesses—along with the largest financial institutions, manufacturers, and thousands of the world’s most advanced communications and technology providers—trust us for outcome-based cybersecurity that protects and enables their operations. Our AI-driven protection secures endpoints and cloud collaboration, and our intelligent detection and response are powered by experts who identify business risks by proactively hunting for threats and confronting live attacks. Our consultants partner with enterprises and tech challengers to build resilience through evidence-based security advice. WithSecure™ is part of F-Secure Corporation, founded in 1988, and listed on NASDAQ OMX Helsinki Ltd.
- WiCyS NY Metro AffiliateBooth: 210
Women in CyberSecurity (WiCyS) NY Metro Chapter was established in 2019 to promote engagement, encouragement and support for women in cybersecurity throughout NY, NJ, and CT. We are the local chapter of the premier organization with national reach dedicated to bringing together women and allies in cybersecurity from academia, research and industry to share knowledge, experience, networking and mentoring. Once a month, people in the information security community gather to discuss the latest trends in the industry and forge connections with other individuals in the community.
- ZeroFoxBooth: 120
Using diverse data sources and artificial intelligence-based analysis, the ZeroFox Platform identifies and remediates targeted phishing attacks, credential compromise, data exfiltration, brand hijacking, executive and location threats and more. The patented ZeroFox SaaS technology processes and protects millions of posts, messages and accounts daily across the social and digital landscape, spanning LinkedIn, Facebook, Slack, Twitter, Instagram, Pastebin, YouTube, mobile app stores, the deep & dark web, domains, email and more.
Led by a team of information security and high-growth company veterans, ZeroFox has raised funding from NEA, Highland Capital, Intel Capital, Hercules Capital and others, and has collected top industry awards such as Red Herring Top 100 North America, the SINET16 Champion, Dark Reading’s Top Security Startups to Watch, Tech Council of Maryland’s Technology Company of the Year and the Security Tech Trailblazer of the Year.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Tom Brennan, ModeratorExecutive Director, Americas Region, CREST
Tom Brennan is the CIO of the national law firm Mandelbaum Barrett PC and leads the U.S. arm of CREST International. In this role, he works with government and commercial organizations to optimize the value of CREST as a cybersecurity accreditation body and industry standards advocate, particularly for companies in the Cybersecurity & Infrastructure Security Agency’s 16 critical infrastructure sectors which are vital to U.S. security, national economy, and public health and safety. As CREST USA Chairman, Brennan spearheads strategic plans for CREST USA’s organizational growth while also serving as an industry evangelist and educator on the value of using accredited cybersecurity products and professionals to improve consumer privacy, security, and protection worldwide.
As a proud U.S. Marine veteran, Brennan became involved with CREST International in 2016 while serving the Global Board of Directors for the Open Web Application Security Project (OWASP). Seeing similar goals, he became more active in the CREST organization and was nominated to lead the organization’s U.S. Advisory in 2019. Over his career, Brennan has amassed security expertise across the cybersecurity spectrum, including penetration testing, vulnerability assessment, application security, threat intelligence, and more. In addition to being CREST USA Chairman, he is the Chief Information Officer of the national law firm Mandelbaum Barrett, overseeing critical infrastructure, privacy, and security operations. He is also an Advisory Board Member of the information services advisory Gerson Lehrman Group, a Cyber Fellows Advisory Council Member, a Member of the Information Technology Advisory Committee of the County College of Morris, a Senior Advisor and Industry Advisory Board Member of the New Jersey Institute of Technology, and a Cyber Fellows Advisory Council Member of the NYU Tandon School of Engineering.
- Col. Cedric LeightonCNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC
Cedric Leighton is a CNN Military Analyst and a retired United States Air Force Colonel. On CNN, he has provided incisive commentaries on the Israel-Hamas War, the War in Ukraine, the U.S. withdrawal from Afghanistan, and numerous other conflicts around the world. His analysis has been seen by millions of viewers around the world and provided much needed context to some of the most pressing national security issues of our time. As a U.S. Air Force officer, Colonel Leighton served at U.S. Special Operations Command, the Joint Staff, and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star. After serving 26 years as a U.S. Air Force Intelligence Officer, Col. Leighton founded a strategic risk consultancy and became the co-founder of CYFORIX, where he advises multinational businesses on developing better cyber strategies designed to reduce risk and unpredictability.
- Taylor Milligan CrottyDirector, Cyber Administration, BlackRock
Taylor M. Crotty leads Cyber Administration at BlackRock, with responsibility for Cyber Diligence, Cyber Governance, Cyber Partnerships, Cyber Training & Awareness including the Firm's cyber resilience initiatives, and Business Management activities across Information Security, including fiscal management, talent management, and strategic project management.
Prior to assuming her current role, Taylor was the Global Head of Cyber Resilience & Data Protection, responsible for preparing BlackRock and key partners critical to BlackRock’s business operations to respond to a cyber event, and optimizing the protection of Firm and Client information. Taylor also previously led BlackRock's Supply Chain Security program where she was responsible for improving the security of outsourced workflows through contracting and conducting security assessments. Ms. Crotty earned an Electrical Engineering degree from the University of Michigan College of Engineering.
- Arlenee Lopez-Ferguson, ModeratorSVP & CISO, Pendulum Holdings, LLC; CISO, MarcyPen Capital Partners, LLC
Arlenee Lopez-Ferguson is a dynamic cybersecurity professional with proven expertise in strategizing, developing, and leading change across organizations.
She is currently the Chief Information Security Officer at Pendulum Holdings, LLC, a strategic investment and advisory platform that seeks to accelerate opportunity and value creation for founders and leaders of color. Prior to Pendulum, she served as the CISO and Compliance Administration Manager at Summit Trail Advisors, LLC, a Registered Investment Advisory firm. At Summit Trail, Ms. Lopez-Ferguson was responsible for the governance and oversight of the compliance and cybersecurity programs including the development, implementation, and enforcement of the firm's policies and procedures. Further, in 2010, she acted as the Chief of Staff to the Chief Operating Officer of Barclays Wealth, and Secretary to the Global Wealth Investment Committee. She earned a BA in Criminal Justice from John Jay College and, most recently, a Certificate of Cyber Security Risk Management from Harvard.
Beyond her professional achievements, Arlenee embraces her roles as a wife and proud "boy mom" of two. As a New Yorker, she is passionate about giving back to her often-underserved community. She is an avid mentor, dedicating much of her free time to guiding and supporting young women aspiring to enter the financial, tech, legal, and compliance fields.
- Alexander AbramovHead of Information and Cyber Risk, Santander Capital Markets
Alex Abramov is senior leader in Technology and Cyber Governance, Risk, and Compliance with strong track record of accomplishments across all three lines of defense - Controls, Risk, and Audit. He had created and led highly effective IT and Cyber risk management programs that addressed regulatory requirements and enabled business growth, expansion, and acquisitions.
As the Head of Information and Cyber Risk at Santander Capital Markets, he had built an IRM function and led Information and Cyber Risk team. Previously Alex has served as a Director of Information Risk at Bank of New York Mellon, Technology Risk Controller and Lead IRM at JP Morgan, Practice Leader for IT Governance and Compliance and IT Audit Lead at EY, and a Head of Application Development and a DISO at Bristol-Myers Squibb.
Alex has served as the President of ISACA New York Metropolitan Chapter 2017-2019, and as a member of the Board of Directors since 2007. He is a recipient of 2022 and 2023 ISACA NYM Helping Hands Awards for “Outstanding Service for the President, Board, and Membership.”
Alex holds a Masters in Electrical Engineering (Robotics and Automation), an MBA, and CISA, CGEIT, and CRISC certifications. He has co-authored several books (including “Cyber Risk,” “Governance, Compliance and Supervision in the Capital Markets,” and “The Cyber Elephant in the Boardroom”) and has presented at over 30 conferences in North America and Europe on topics of Information and Technology Risk.
- Albert CaballeroAmericas Field CISO Director, SentinelOne
Albert Caballero is a patented cybersecurity expert, systems integrator, and published technologist with a passion for security engineering, cloud computing, and threat intelligence. Currently Field CISO at SentinelOne, he has acted as Global Head of Security Engineering at Warner Bros. Discovery and BISO with WarnerMedia and ATT. Co-founded Trapezoid, a cybersecurity software company focused on firmware integrity management, and was Technical Product Manager in the SIEM space for what is now Tripwire Log Center. He has also run a large security operations center at Terremark, a Verizon managed services provider, helping defend government agencies and corporate entities by leading incident response teams and conducting forensic investigations at scale alongside Kroll and other major security services firms.
- Tamika BassCybersecurity Director, Gannett Fleming
Tamika Bass is an Information Security professional with more than 17 years’ experience in information security, including information security governance and risk management. Tamika is passionate about improving communication and understanding of information security in the industry. Tamika is an active speaker, college professor and enjoys spending her time educating technical staff on the importance of communicating effectively in the Information Technology space. Tamika holds the following certifications: CISA,CRISC, HCISPP, CBCP.
- Vlad BrodskySVP, CIO, and CISO, OTC Markets Group Inc.
Vlad Brodsky serves as the Senior Vice President, Chief Information Officer, and Chief Information Security Officer at OTC Markets Group, a regulated publicly traded financial institution that operates the world’s largest OTC equity electronic marketplace. In this role, Vlad leads the firm's information security strategy, program, and processes, while also overseeing IT operations and infrastructure. With expertise in Information Security, Risk Management, IT Infrastructure Management, and Financial Services, Vlad brings a wealth of knowledge to the organization. Additionally, Vlad is an Advisor at Pellonium, a continuous and comprehensive Risk Management Platform.
- Peter TseHead of Information Security, CTBC Bank New York Branch
Peter is the head of Information Security for CTBC Bank New York branch, where he oversees the Cyber Security Program. With more than 25 years of experience in financial services, information security, and information technology, Peter has expertise in cybersecurity governance, risk management, and cybersecurity technologies.
- Matt HillaryVice President of Security & CISO, Drata
Matt Hillary is the Vice President of Security and CISO at Drata—a continuous security and compliance automation company—where he oversees Drata’s global security, IT, compliance, and privacy strategy and programs. With 15+ years of security experience, Matt has a track record of building and leading exceptional security programs. He has been in a number of security leadership roles, including Senior Vice President of Systems and Security and CISO at Lumio, CISO at Weave, VP, Security and CISO at Workfront, VP of Security at Instructure, and other lead security roles at MX, Adobe, and Amazon Web Services. Matt’s areas of expertise include risk management, IT governance, security, compliance, identity and access management, application security, data protection, and much more. Outside of work, Matt enjoys traveling with his wife, making fun memories with his four kids, and experiencing all this amazing world has to offer.
- Saketh MachavarapuBusiness Development Manager, SSH Communications Security
With over 13 years of experience working in Unix and Cybersecurity teams in Fortune 500 companies, Saketh currently is responsible for Pre-sales, Architecture and Strategic Accounts in Americas. Prior to SSH, Saketh spent most of time in enterprise architecture and evaluating solutions that are eventually deployed into Production along with Deployment Strategy. Saketh enjoys talking about security topics, best practices, and user experiences with different software solutions.
- Andrew NevilleDirector, Channel & Sales Engineering, WithSecure
Andrew has more than 10 years of experience in strategic alliances at BitSight and Recorded Future, currently leading the WithSecure Product and Services commercial and sales engineering teams in North America.
- Chris TillettSr. Engineer, Strategic Product Intelligence, Palo Alto Networks
Chris currently works for Palo Alto Networks in R&D, helping customers stay ahead of threat actors and helping our products stay customer focused. His experience with UEBA and IAM helped drive the ITDR module to not only focus on Identity based attacks, but also the entire Identity lifecycle helping to improve outcomes for customers and detections for Insider Threat programs across the globe. He loves talking to customers about SIEM, Security Operations, and the analyst experience which allows him to learn and adjust accordingly. Never an expert, always a student.
- Marlowe Cochran, ModeratorCISO, New York State Department of Education
Marlowe Cochran has been working in the IT field for over 30 years, with 20 plus years in information security roles. He has worked in a multitude of sectors from government to health care. In his current role at the New York State Department of Education, he is the Chief Information Security Officer. Marlowe currently collaborates with internal and external stakeholders in regard to modernizing technology and data sharing; he oversees data risk assessment/management, incident response, the development of policies/procedures, and manages the overall risk posture of the agency.
- Chris TillettSr. Engineer, Strategic Product Intelligence, Palo Alto Networks
Chris currently works for Palo Alto Networks in R&D, helping customers stay ahead of threat actors and helping our products stay customer focused. His experience with UEBA and IAM helped drive the ITDR module to not only focus on Identity based attacks, but also the entire Identity lifecycle helping to improve outcomes for customers and detections for Insider Threat programs across the globe. He loves talking to customers about SIEM, Security Operations, and the analyst experience which allows him to learn and adjust accordingly. Never an expert, always a student.
- Tomás Maldonado, ModeratorCISO, NFL
Tomás Maldonado is the Chief Information Security Officer (CISO) at the National Football League (NFL). He is globally responsible for leading the information security program for the League and its entities. Maldonado has over 23 years of experience in this area, having led global information security teams and programs at several large international organizations.
Prior to Joining the NFL, Maldonado was the CISO at International Flavors & Fragrances where he was globally responsible for establishing and leading the Cybersecurity & Technology Risk Management business unit.
Maldonado was also an executive director and CISO for the corporate sector of JPMorgan Chase, where he established and shaped the future direction of the security program and focus for the line of business. He was also a VP of technology risk management at Goldman Sachs where he worked on several key initiatives namely creating and leading the data loss protection program. He had additional opportunities at Schroders where he was the network security officer, Ernst & Young and Bloomberg LP.
Maldonado serves as an advisory board member to several innovative companies. He has several industry recognizable certifications: he is a CISSP, a CISM, a CDPSE, and a CRISC. He also holds a Bachelor of Science in computer science from Fordham University.
- Sara RicciInformation Risk, Governance, and Resilience Executive, Hudson's Bay Company (Former)
Sara Ricci is an accomplished executive with a proven track record in global leadership roles, building new capabilities and enhancing organizational resilience. She is experienced in Risk Management and Technology Enablement in highly regulated financial and energy sectors. Sara excels at building trust and credibility with executives, clearly communicating risk concepts and strategies in non-technical terms to help drive business results.
As a Risk and Resilience leader, Sara leverages prior experience as Head of Information Risk Governance and Resilience at HBC and senior leadership roles at HCL Technologies, New York Power Authority, JP Morgan Chase, Citi, Bank of America and UBS. She has led global implementations of governance, risk management and compliance programs, aligning risk and reward with business strategy, specializing in Operational Risk, IT Risk, Information Security, Business Continuity, Enterprise Risk, Third Party Risk, Operational Resilience, Enterprise Resource Planning, Software development and Business Process improvements.
Sara actively collaborates across organizations and helped develop industry guidance for the financial and energy sectors, including maturity models in Resilience and Cybersecurity, whitepapers and benchmarking studies in Risk Appetite and Resiliency. MBA (Finance and Management), CRISC, CDPSE, CBCP, HSEEP, SCR.
- Robert Mazzocchi, ModeratorVP, Identity & Access Management for Global Information Security & Compliance, AIG
Robert Mazzocchi was the Vice President Identity & Access Management for Global Information Security & Compliance at AIG for 16 years. In this role, he had corporate responsibly for the implementation of the AIG’s Identity & Access Management Strategy and Program across AIG’s global business lines.
Prior to joining AIG, Mr. Mazzocchi held positions in Financial Services for 24 years as Vice President and CISO for the 16th largest bank in the U.S. Vice President of Loan Origination and Servicing, Payments processing, Retail Support and Operations, Internal and External Fraud detection.
- Jordan FischerCEO & Founder, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP) - Kartik MaddaliSenior Solutions Engineer, Okta
Accomplished Business and Technology professional with over a decade focused on strategic account software sales, advanced enterprise software applications, modeling, business process optimization, solution development and software implementation. Strong technical and business acumen with the ability to execute a wide range of strategies designed to generate impressive results. Skilled at breaking down communication barriers and promoting cross functional cooperation. Broad knowledge of international and cultural backgrounds.
- Jeff EdstromDirector, Infrastructure Security, AccessIT Group
Jeff Edstrom is the Director of Infrastructure Security at AccessIT Group (AITG). Jeff is a cybersecurity leader with over twenty years of experience managing infrastructure, security, compliance and support teams across North America and Europe. Jeff enjoys solving complex problems, getting to the root cause and deploying robust solutions that take advantage of his experience and unique insight. His career has led him to work with everything from large multinationals to extreme growth unicorn startups and everything in between. This breadth of experience allows Jeff to do more than suggest solutions to immediate issues, but rather address challenges holistically, saving costs and undue complexity.
- Henry JiangCISO, Therapy Brands
Henry is a seasoned executive with over 20 years of experience in IT and cybersecurity. With a strong vision for disruptive technologies, he has extensive hands-on experience and is a champion for businesses that prioritize risk management. He is able to define and develop KPIs and KRIs to communicate the effectiveness of the cybersecurity program with all reporting levels and report regularly to executive committees and regulatory bodies.
As an expert in information security and technology risk, he excels in identifying and clarifying risks and leading remediation efforts. He is a creative problem solver and strategic decision-maker, capable of leading and directing teams in fast-paced environments. He is an empowering leader who trains and guides my team members to achieve their full potential.
He is involved with the cybersecurity community and loves to contribute, active as a public speaker, author, and mentor. His technical core competencies include proficiency in the domains of cybersecurity frameworks and industry standards, security engineering, and operations, risk assessment, physical security, and secure software development. He is familiar with a wide range of cybersecurity controls, including SIEM, network and system security, identify management such as IAM and PAM, end-point security, DDoS remediation, cyber intelligence information sharing, cloud security, and much more.
- Robyn ReadyCISO, KnitWell Group
With more than 17 years’ experience in the cybersecurity field, Robyn has led five organizations in their transformation from no security program or a minimal security program to a mature security organization. Starting with an organization that needed to achieve NIST compliance to survive, moving to a large financial firm, and then into the retail industry, Robyn has been instrumental in achieving continuous risk reduction for all these organizations. These risk reductions allowed her to move to her next challenge while leaving a team that was set up to succeed and continue their maturity journey. This includes not only cybersecurity but also the IT risk, IT compliance, and when it came, privacy disciplines.
Currently responsible for security, IT risk, IT compliance, and privacy at the Knitwell Group, Robyn has been asked to lead the IT Operations team, as well. This adds the Service Desk, Identity and Access, Major Incident Response, Production Control, and Operations to her responsibilities, which is a little bit of back to the future for her, as she started her journey on the Help Desk and in Professional Services, prior to making the move into the security field.
- Andy OlpinSr. Solutions Engineer, Lookout
Andy is a seasoned cybersecurity professional with more than 20 years in the field. At the Walt Disney Company, Andy was a compliance and security architect, managing solutions for Disney's broad portfolio of businesses. He moved on to be a solutions architect for MobileIron and now Lookout, where he has been for the past five years.
- David MonnierChief Evangelist, Team Cymru
David has been with Team Cymru since 2007. Prior, he served in the U.S. Marine Corps as a Non-Commissioned Officer. He then worked at Indiana University where he helped to build some of the most powerful computational systems of their day. He transitioned to cybersecurity and helped launch the Research and Education Networking ISAC. At Team Cymru, he has been an engineering leader, a Community Services team member, and a security analyst. David led efforts to secure the firm's intelligence infrastructure and established processes the firm relies on today. Currently, David assists CSIRT teams worldwide and fosters data sharing partnerships.
- Davin DarntCISO, Americas, Louis Vuitton
With a dynamic career spanning 20 years, including seven years at prestigious luxury retail company, Louis Vuitton. Davin Darnt currently excels as the Chief Information Security Officer (CISO) for the Americas region. His journey in the company has been marked by significant leadership roles, including Head of IT Operations and Head of Technical Projects, where he honed his expertise in steering complex IT initiatives and strategies.
In his current role as CISO, Davin is at the forefront of defining and implementing robust security protocols, safeguarding the company's digital assets against evolving cyber threats. His approach combines cutting-edge technology with a deep understanding of the unique challenges in the luxury retail sector, ensuring both resilience and compliance.
Previously, Davin has led diverse, high-performing teams across Service Delivery, Systems Engineering, Digital Workplace and Mobile & Collaborative technologies . His leadership style is deeply influenced by his time in the United States Marine Corps (USMC), where he developed an ethos of discipline, adaptability, and unwavering commitment to excellence. He holds multiple certifications including CISSP, CCSP & CSM designations.
Davin's ability to navigate the complex intersection of technology, security, and luxury retail has not only driven operational efficiencies but has also significantly contributed to the company's reputation for innovation and customer trust. His visionary leadership continues to be a pivotal asset in the company's ongoing success and digital transformation journey.
- Afzal KhanGlobal CISO, OPKO Health, Inc.
Afzal Khan is a distinguished leader in the field of technology security and risk management, bringing over 26 years of expertise to his role. Currently serving at OPKO, he provides strategic direction and guidance on technology risk management, IT, OT, and cybersecurity, ensuring compliance with IT regulatory standards across domestic and international entities. Afzal's extensive experience includes notable positions such as the Global Head of IT Security, Risk Management & Compliance at Everest Reinsurance, where he led critical projects and built robust organizational teams. He holds 7 security and risk management certifications, including CISSP, CISA, and CRISC, underscoring his deep knowledge in the field. Afzal is renowned for his visionary approach, aiming to establish a secure technology platform aligned with business objectives, emphasizing a business-focused and risk-based approach to security decisions. His dedication to operational excellence and adaptability in the face of disruptive technologies have made him a trusted leader in the industry.
- Jordan Fischer, ModeratorFounding Partner & Owner, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP)
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes