SecureWorld New York City 2024

Senior Cyber Security, Technology Risk and Audit Professional with over 18 years of result-oriented experience in financial services and manufacturing focused on Cyber Security, Technology Risk Management, Third Party Risk Management and IT Audits. Problem solver with proven ability for team building, process enhancements, professional mentoring and enhance team value to the business. Cyber Security thought leader and speaker at CISO/Security Conferences.

Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

Vlad Brodsky serves as the Senior Vice President, Chief Information Officer, and Chief Information Security Officer at OTC Markets Group, a regulated publicly traded financial institution that operates the world’s largest OTC equity electronic marketplace. In this role, Vlad leads the firm's information security strategy, program, and processes, while also overseeing IT operations and infrastructure. With expertise in Information Security, Risk Management, IT Infrastructure Management, and Financial Services, Vlad brings a wealth of knowledge to the organization. Additionally, Vlad is an Advisor at Pellonium, a continuous and comprehensive Risk Management Platform.

Arlenee Lopez-Ferguson is a dynamic cybersecurity professional with proven expertise in strategizing, developing, and leading change across organizations.

She is currently the Chief Information Security Officer at Pendulum Holdings, LLC, a strategic investment and advisory platform that seeks to accelerate opportunity and value creation for founders and leaders of color. Prior to Pendulum, she served as the CISO and Compliance Administration Manager at Summit Trail Advisors, LLC, a Registered Investment Advisory firm. At Summit Trail, Ms. Lopez-Ferguson was responsible for the governance and oversight of the compliance and cybersecurity programs including the development, implementation, and enforcement of the firm's policies and procedures. Further, in 2010, she acted as the Chief of Staff to the Chief Operating Officer of Barclays Wealth, and Secretary to the Global Wealth Investment Committee. She earned a BA in Criminal Justice from John Jay College and, most recently, a Certificate of Cyber Security Risk Management from Harvard.

Beyond her professional achievements, Arlenee embraces her roles as a wife and proud "boy mom" of two. As a New Yorker, she is passionate about giving back to her often-underserved community. She is an avid mentor, dedicating much of her free time to guiding and supporting young women aspiring to enter the financial, tech, legal, and compliance fields.

Matthew Webster's IT and cybersecurity journey began in 1997, quickly rising through the ranks at a university computer center. Soon, he was navigating federal cybersecurity at the Center for Medicare and Medicaid Services, mastering frameworks like NIST SP 800-53 and IRS 1075. This rigorous environment, with up to 8 audits annually, prepared him for his first CISO role at Healthix, where he built the cybersecurity program from the ground up, using frameworks like SOC 2 and HITRUST to protect millions of records.

Matthew holds a Master's degree and more than 20 industry certifications, including CISSP, CISA, and CRISC. He stays up-to-date by attending key industry events like RSA and HIMSS, ensuring he’s well-versed in the latest threats and solutions.

In addition to his CISO roles, he spent years in cybersecurity sales, gaining invaluable insights from evaluating hundreds of products. This unique experience gives him a sharp understanding of both organizational needs and the capabilities of cutting-edge security tools.

Matthew bridges the gap between innovation and regulation, bringing a balanced and insightful approach to building secure, compliant programs and implementing advanced solutions.

Senior professional with broad experience designing, building and securing high-availability mission critical infrastructures for the infosec, financial services, energy, healthcare, travel, media and retail sectors.

Afzal Khan is a distinguished leader in the field of technology security and risk management, bringing over 26 years of expertise to his role. Currently serving at OPKO, he provides strategic direction and guidance on technology risk management, IT, OT, and cybersecurity, ensuring compliance with IT regulatory standards across domestic and international entities. Afzal's extensive experience includes notable positions such as the Global Head of IT Security, Risk Management & Compliance at Everest Reinsurance, where he led critical projects and built robust organizational teams. He holds 7 security and risk management certifications, including CISSP, CISA, and CRISC, underscoring his deep knowledge in the field. Afzal is renowned for his visionary approach, aiming to establish a secure technology platform aligned with business objectives, emphasizing a business-focused and risk-based approach to security decisions. His dedication to operational excellence and adaptability in the face of disruptive technologies have made him a trusted leader in the industry.

Dimitri McKay is a Principal Security Strategist and CISO Advisor for Splunk with 20+ years of infosec experience, ranging from penetration testing, vulnerability assessment work, security program creation and maturation. His role today focuses on all aspects of Security: people, process and technology, and has a breadth of knowledge built upon years of customer engagements in the Fortune 500. Dimitri McKay has held a list of positions in the security space through his twenty-five plus years of working with Fortune 500 companies in and around security best practices, program maturity and design. His education began at Harvard University and continued with a number of acronymed certifications. He is an avid public speaker, author and proponent for security best practices, compliance and risk reduction. Currently he’s a Principal Security Strategist for Splunk. Prior to that he did penetration testing and vulnerability assessment consulting work. You can follow Dimitri on X (Twitter) @Dimitri McKay

Mario has 20+ years of experience as a security professional working in the tech, retail, health care, and financial sectors. He has built and managed security teams and developed and implemented security programs for private and public organizations. He serves as an advisory board member at several cybersecurity companies as well as an investor for early stage startups in the cybersecurity space.

Danny Manimbo is a Principal with Schellman based in Denver, Colorado. As a member of Schellman’s West Coast / Mountain region management team, Danny is primarily responsible for leading Schellman's AI and ISO practices as well as the development and oversight of Schellman's attestation services. Danny has been with Schellman for 10 years and has over 13 years of experience in providing information security and data privacy audit and compliance services. Danny has achieved the following certifications relevant to the fields of accounting, auditing, and information systems security and privacy: • Certified Public Accountant (CPA) • Certified Information Systems Security Professional (CISSP) • Certified Information Systems Auditor (CISA) • Certified Internal Auditor (CIA) • Certificate of Cloud Security Knowledge (CCSK) • Certified Information Privacy Professional – United States (CIPP/US)

Josh Tomkiel is a Managing Director on Schellman’s Penetration Testing Team based in the Greater Philadelphia area with over a decade of experience within the Information Security field. He has a deep background in all facets of penetration testing and works closely with all of Schellman's service lines to ensure that any penetration testing requirements are met. Having been a penetration tester himself, he knows what it takes to have a successful assessment. Additionally, Josh understands the importance of a positive client experience and takes great care to ensure that expectations are not only met but exceeded.

Howard Goodman, with a distinguished career spanning two decades, has emerged as a pivotal figure in cybersecurity, seamlessly integrating strategic planning with hands-on cybersecurity applications across numerous sectors. His significant contributions to organizations like Skybox Security highlight his prowess in navigating through the intricate realms of cybersecurity. A U.S. Navy veteran and holder of a Ph.D. in Cyber Operations, specializing in meticulously formulating and implementing security strategies.

Throughout his journey, he has consistently demonstrated a steadfast ability to deliver tangible results, adeptly crafting strategies while precisely evaluating the risks, issues, and benefits of long-term initiatives. His unique talent lies in skillfully communicating complex technical concepts to both senior executives and non-technical stakeholders, ensuring a thorough understanding of the projects and strategies under his leadership. Dr. Goodman's trajectory in the field reveals a leader who not only navigates through the complexities of the digital and cybersecurity domain but also stands as a reliable guide, ensuring strategic and secure operations in all his endeavors.

Morphisec CTO Michael Gorelik leads the malware research operation and sets technology strategy. He has extensive experience in the software industry and leading diverse cybersecurity software development projects. Prior to Morphisec, Michael was VP of R&D at MotionLogic GmbH, and previously served in senior leadership positions at Deutsche Telekom Labs. Michael has extensive experience as a red teamer, reverse engineer, and contributor to the MITRE CVE database. He has worked extensively with the FBI and US Department of Homeland Security on countering global cybercrime. Michael is a noted speaker, having presented at multiple industry conferences, such as SANS, Gartner, DefCon, RSA, and GovWare. Michael holds BSc and MSc degrees from the Computer Science department at Ben-Gurion University, focusing on sychronization in different OS architectures. He also jointly holds seven patents in the IT space.

With over eight years of experience at Netwrix, Dan McLaughlin currently serves as the Solutions Engineering Team Lead, where he leverages his extensive knowledge in Data, Identity, and Infrastructure. Prior to this role, Dan honed his skills in post-sales and product management, ensuring that clients achieve optimal security solutions tailored to their needs. Passionate about safeguarding data and enhancing security practices, Dan is committed to driving innovation and excellence in the field of cybersecurity.

Paul has more than 30 years of experience working in the Information Security space including 8 years with the US Air Force. Paul was a principal at Digital Signature Trust back in the 90’s working on Public Key Cryptography utilizing Hardware Security Modules to create Root certificates for the Browsers for trusted Root Certificates including the first Entrust Root Certificate to be published in a browser. His experiences have led him to be a knowledgeable and experienced Trusted Security advisor for many fortune 500 customers over the years.

Arlenee Lopez-Ferguson is a dynamic cybersecurity professional with proven expertise in strategizing, developing, and leading change across organizations.

She is currently the Chief Information Security Officer at Pendulum Holdings, LLC, a strategic investment and advisory platform that seeks to accelerate opportunity and value creation for founders and leaders of color. Prior to Pendulum, she served as the CISO and Compliance Administration Manager at Summit Trail Advisors, LLC, a Registered Investment Advisory firm. At Summit Trail, Ms. Lopez-Ferguson was responsible for the governance and oversight of the compliance and cybersecurity programs including the development, implementation, and enforcement of the firm's policies and procedures. Further, in 2010, she acted as the Chief of Staff to the Chief Operating Officer of Barclays Wealth, and Secretary to the Global Wealth Investment Committee. She earned a BA in Criminal Justice from John Jay College and, most recently, a Certificate of Cyber Security Risk Management from Harvard.

Beyond her professional achievements, Arlenee embraces her roles as a wife and proud "boy mom" of two. As a New Yorker, she is passionate about giving back to her often-underserved community. She is an avid mentor, dedicating much of her free time to guiding and supporting young women aspiring to enter the financial, tech, legal, and compliance fields.

John P. Durkin is the Regional Director for Region 2 within the Cybersecurity and Infrastructure Security Agency (CISA), where he leads the effort to protect and enhance the resilience of the nation’s physical and cyber infrastructure for New York, New Jersey, Puerto Rico, and the U.S. Virgin Islands. Prior to this position, he was CISA’s Chief of Protective Security for Region 2 and a Protective Security Advisor assigned to New York City.

Before joining CISA, Mr. Durkin served as the Supervisory Air Marshal in Charge of the Newark Field Office of the Federal Air Marshal Service for six years, where he was named SAIC of the year in 2015. Mr. Durkin is a 24-year veteran of the New York City
Police Department, where he spent most of his career in the Emergency Service Unit of the Special Operations Division and retired as a Deputy Inspector in command of the Aviation Unit. Other assignments during his tenure at NYPD included Commanding Officer of the Intelligence Division’s Protective Intelligence Unit and of the Threat Assessment Unit.

Mr. Durkin holds a Bachelor of Science degree in Criminal Justice from the State University of New York, a Certificate in Police Management from the Columbia University Graduate School of Business, and a Master of Science degree in Homeland Security Management from Long Island University. He is a contributing author to “Leadership in Dangerous Situations,” a textbook used by cadets at the United States Military Academy, and to “Only as Strong as Its Weakest Link: Resilience of the Healthcare Supply Chain in New York,” for Homeland Security Today, which outlined the findings of the New York City Healthcare Regional Resiliency Assessment Project. Mr. Durkin is a retired U.S. Army Reserve Intelligence Officer, a veteran of Operations Iraqi and
Enduring Freedom, and served at the tactical, combatant command, and strategic levels.

Meet Dillon White, a Solutions Engineering whiz and the driving force behind sales engineering at KMicro Tech. With a knack for hybrid cloud solutions and services, Dillon combines his extensive industry experience with a dash of innovation to spark business growth. Before diving into the tech world, Dillon served eight impactful years in the United States Coast Guard, adding a unique perspective to his expertise.
From cybersecurity to Microsoft Dynamics 365, Azure, and Modern Work, Dillon has seen it all. He's your go-to guide for digital transformation, helping businesses—big and small, retail and federal—navigate the tech maze and come out on top. His strategic insights and customer-first approach have consistently empowered organizations to hit new heights.

Or Shoshani is the co-founder and CEO of Stream Security. After serving in an elite IDF cyber unit, Or founded a startup that was acquired by NVIDIA, where it played a key role in advancing AI technology security.
Today, Or leads Stream Security, a leader in cloud detection and response. His vision drives the company's mission to help security teams gain real-time capabilities into the cloud attack surface, enabling them to outpace the adversary.

Following an 18 year career in software design, development, leadership, and architecture, Erik Klein embarked on a 7 year journey (2007 - 2014) as a pre-sales engineer to evangelize, help develop, and help mature the value of first generation software security tools (SAST, DAST) from obscurity to dominance in order to begin the process of hardening software. From 2014 - 2021, he repeated this process with the second generation of software security tools (IAST, RASP, SCA) to bring far more accurate and actionable security findings to prevention and incidence response teams. Currently in his role as Director of Americas Security Solution Engineering at Dynatrace, Erik and his team bring highly accurate and contextually aware security findings using IAST, RASP, Runtime SCA, Security investigation, and other capabilities to the security masses without the need to scan or install agents by activating security features, at-scale in production, within existing observability solutions.

Todd has been providing IT services nationally for over 25 years and draws inspiration and insight from participation in a wide range of executive boards and industry associations. He has an extensive background in strategic planning and implementation of business technology solutions, and founded his firm Envision Technology Advisors. As a presenter, Todd speaks throughout the country on a variety of technology and business topics including: Modern Workplace, Digital Transformation, Cybersecurity, and Evolving Digital Culture to fit the Modern Workforce.

In his free time, Todd works with several non-profits and is also an avid sailor, wood worker, and scuba diver.

Micah McCutchan is Managing Director at PinnacleOne, SentinelOne’s strategic advisory service, where he helps large companies in the critical infrastructure value chain leverage geopolitical intelligence to enhance their digital security and resilience strategies. Prior to this, Micah was President and Chief Operating Officer of the Krebs Stamos Group, following his role at Argonne National Laboratory, where he advised the Cybersecurity and Infrastructure Security Agency (CISA) on national resilience and risk management related to natural disasters, terrorism, and cybersecurity for critical infrastructure. A serial entrepreneur with 20 years of experience in security risk management, Micah has successfully led the growth, operation, and sale of two high-profile advisory firms over the past decade. He lives in the Washington, D.C. area with his wife and two children.

Afzal Khan is a distinguished leader in the field of technology security and risk management, bringing over 26 years of expertise to his role. Currently serving at OPKO, he provides strategic direction and guidance on technology risk management, IT, OT, and cybersecurity, ensuring compliance with IT regulatory standards across domestic and international entities. Afzal's extensive experience includes notable positions such as the Global Head of IT Security, Risk Management & Compliance at Everest Reinsurance, where he led critical projects and built robust organizational teams. He holds 7 security and risk management certifications, including CISSP, CISA, and CRISC, underscoring his deep knowledge in the field. Afzal is renowned for his visionary approach, aiming to establish a secure technology platform aligned with business objectives, emphasizing a business-focused and risk-based approach to security decisions. His dedication to operational excellence and adaptability in the face of disruptive technologies have made him a trusted leader in the industry.

Tom Brennan is the CIO of the national law firm Mandelbaum Barrett PC and leads the U.S. arm of CREST International. In this role, he works with government and commercial organizations to optimize the value of CREST as a cybersecurity accreditation body and industry standards advocate, particularly for companies in the Cybersecurity & Infrastructure Security Agency’s 16 critical infrastructure sectors which are vital to U.S. security, national economy, and public health and safety. As CREST USA Chairman, Brennan spearheads strategic plans for CREST USA’s organizational growth while also serving as an industry evangelist and educator on the value of using accredited cybersecurity products and professionals to improve consumer privacy, security, and protection worldwide.

As a proud U.S. Marine veteran, Brennan became involved with CREST International in 2016 while serving the Global Board of Directors for the Open Web Application Security Project (OWASP). Seeing similar goals, he became more active in the CREST organization and was nominated to lead the organization’s U.S. Advisory in 2019. Over his career, Brennan has amassed security expertise across the cybersecurity spectrum, including penetration testing, vulnerability assessment, application security, threat intelligence, and more. In addition to being CREST USA Chairman, he is the Chief Information Officer of the national law firm Mandelbaum Barrett, overseeing critical infrastructure, privacy, and security operations. He is also an Advisory Board Member of the information services advisory Gerson Lehrman Group, a Cyber Fellows Advisory Council Member, a Member of the Information Technology Advisory Committee of the County College of Morris, a Senior Advisor and Industry Advisory Board Member of the New Jersey Institute of Technology, and a Cyber Fellows Advisory Council Member of the NYU Tandon School of Engineering.

Allan Reyes is a Staff Security Engineer at Vanta, leading application security, cloud security, and detection and response. Allan built several programs and initiatives at Vanta, including the product security, static analysis, and sensitive log filtering programs. He has a decade of experience working in software, security, and reliability, working at startups like Robinhood and Udacity. He was previously a United States Army paratrooper and a veteran of the wars in Iraq and Afghanistan. Allan holds a B.S. in Mechanical Engineering from MIT and M.S. degrees in Computer Science, Analytics, and Cybersecurity from Georgia Tech.

Niv Goldenberg is an experienced product leader with more than 20 years of technology leadership experience in cybersecurity in startups, enterprises and the IDF. Niv is the Chief Product Officer and co-founder of Linx Security. Prior to Linx, Niv was the VP of Product for Transmit Security, the head of product and group product manager of Microsoft Cloud App Security, and led multi-million dollar projects at the IDF and later for Fortune 500 companies. Niv is a graduate of the elite Talpiot military academy, holds a M.Sc. in Electronic Engineering from the Tel Aviv University, and a B.Sc. in Physics and Math Science from the Hebrew University.

With more than two decades of experience in the cybersecurity field, I possess a unique blend of sales soft skills and deep technical acumen, making me a well-rounded individual who is at ease working in both technical and non-technical environments. My keen understanding of the cyber threat landscape allows me to communicate potential threats and vulnerabilities, as well as complex security issues and possible countermeasures, to any audience with ease.

Currently, my focus is on developing innovative ways to advance the state of the art in cyber threat intelligence, while managing a team of researchers and engineers. Our goal is to identify new attack vectors and develop proactive intelligence to protect against them. To help me achieve this mission, I am driving our partnership with MITRE CTID and participating in projects that are augmenting the state of the art when it comes to threat intelligence standards, tools, and response. We are also deploying these tools and standards across Fortinet's products and systems.

My vast experience, technical expertise, and communication skills have enabled me to excel in the cybersecurity industry, and I look forward to continuing to drive innovation and progress in this field.

Alpesh is an information security leader with a comprehensive background in cyber security architecture, cloud security, service delivery, physical and IoT security. With more than fifteen years of experience and expertise in requirements gathering, development of complex cyber security solutions, testing, production support, project management, pre-sales engineering, process re-engineering and implementation over different industries has helped enabling business objectives and reduce operational risk.

Alpesh has a unique strength of identifying gaps in security infrastructure and correlate those gaps with business objectives and develop necessary technical and administrative solutions. Alpesh works with companies in all industry verticals that has simple to very complex environments.

As a Cyber Security Practice Director, Alpesh is responsible for developing Go-To-Market (GTM) solutions and set the vision and direction for company's cyber security solutions strategy. Alpesh is responsible for defining the revenue target and achieve the set business goals. Alpesh works very closely with business & technical executives, legal group and balances the expectations & priorities between them.

As a Solutions Architect Manager Alpesh is responsible for managing the team of solution architects. Alpesh is responsible for planning, developing and managing roles and responsibilities for his team to provide a high standard services to the customers.

The passion and obsession for the information security encouraged Alpesh to obtain several technical and business level certifications like CISSP, CISM, CEH, CHP, Security+ and ITILv3 to comprehend his knowledge and display his commitment, skills and ability.

Senior Cyber Security, Technology Risk and Audit Professional with over 18 years of result-oriented experience in financial services and manufacturing focused on Cyber Security, Technology Risk Management, Third Party Risk Management and IT Audits. Problem solver with proven ability for team building, process enhancements, professional mentoring and enhance team value to the business. Cyber Security thought leader and speaker at CISO/Security Conferences.

Paul has more than 30 years of experience working in the Information Security space including 8 years with the US Air Force. Paul was a principal at Digital Signature Trust back in the 90’s working on Public Key Cryptography utilizing Hardware Security Modules to create Root certificates for the Browsers for trusted Root Certificates including the first Entrust Root Certificate to be published in a browser. His experiences have led him to be a knowledgeable and experienced Trusted Security advisor for many fortune 500 customers over the years.

Henry is a seasoned executive with over 20 years of experience in IT and cybersecurity. With a strong vision for disruptive technologies, he has extensive hands-on experience and is a champion for businesses that prioritize risk management. He is able to define and develop KPIs and KRIs to communicate the effectiveness of the cybersecurity program with all reporting levels and report regularly to executive committees and regulatory bodies.

As an expert in information security and technology risk, he excels in identifying and clarifying risks and leading remediation efforts. He is a creative problem solver and strategic decision-maker, capable of leading and directing teams in fast-paced environments. He is an empowering leader who trains and guides my team members to achieve their full potential.

He is involved with the cybersecurity community and loves to contribute, active as a public speaker, author, and mentor. His technical core competencies include proficiency in the domains of cybersecurity frameworks and industry standards, security engineering, and operations, risk assessment, physical security, and secure software development. He is familiar with a wide range of cybersecurity controls, including SIEM, network and system security, identify management such as IAM and PAM, end-point security, DDoS remediation, cyber intelligence information sharing, cloud security, and much more.

Titus Bickel, CISSP, is Information Security's Global head of Cyber Training & Awareness. Titus manages firm-wide messaging of security policies and guidlines and offers annual compliance, virtual, and micro-trainings covering numerous security topics. Prior to his position with BlackRock, Titus produced intelligence and risk assessments for the US government and top fortune 500 companies in his roles with DoD, DHS, and the Analysis and Resilience Center (ARC). Titus’ work has been briefed to top USG and private sector CISOs, CEOs, and the US President on numerous occasions. Titus earned a master’s degree in International Relations from Washington University in St. Louis and majored in Intelligence/Security, with minors in Arabic and Political Science while studying at The Ohio State University.

Adam Mullins is a valued member of the Cyber Administration team at BlackRock, where he applies his educational expertise to the realm of cybersecurity. His responsibilities include crafting annual compliance trainings and micro-trainings on a variety of security topics, drawing on his background in education to enhance the organization's cybersecurity measures.

Before joining BlackRock, Adam's career spanned roles as an instructional designer and project manager, contributing to sectors such as cloud computing, logistics, and global professional services. His academic achievements include a master’s degree in Instructional Technology, which informs his approach to designing effective security training programs.

John Brennan is the Managing Partner of Holly Ventures, a seed stage venture capital fund that exclusively invests in and supports cybersecurity entrepreneurs at their earliest stages. John has invested in over twenty security startups, with a focus on supporting founders from day one. Having previously served as a Senior Partner at YL Ventures, John's past portfolio work includes Axonius, Orca Security, Medigate, Hunters, Cycode, Vulcan Cyber, Spera, and many others. John holds an MBA from the University of Chicago and a Bachelor of Science from Trinity College in Connecticut.

Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.