- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, July 29, 20208:00 amExecutive Roundtable [VIP invite only]Discussion topic: NOW What Are You Including in Your Incident Response Plan?Executive Director, Americas Region, CRESTRegistration Level:
8:00 am - 8:45 am
- VIP / Exclusive
This session is for Advisory Council members only.
The current global threat landscape has shifted dramatically in the past several months due to the COVID-19 pandemic. Security professionals are being tasked with keeping the company’s data safe with an influx of remote workers that we’ve never had to account for. Inevitably something is going to happen. An incident WILL arise. You may have had a great plan in the past, and you probably continuously tested it. But have you tested it now that the IT and InfoSec departments are separated and the employees are everywhere? In either case, it’s time to reevaluate your Incident Response plan to accommodate for this unprecedented shift.8:30 amExhibitor Hall openRegistration Level:
8:30 am - 9:00 amLocation / Room: Exhibitor Floor
- Open Sessions
Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.9:00 am[Opening Keynote] CISO Panel: What Our Security Team Learned Going Through COVID-19Board President, WiCyS Delaware Valley AffiliateCISO, ChristianaCare Health SystemExecutive VP & CISO, Radian GroupCISO, CovantaRegistration Level:
9:00 am - 9:45 am
- Open Sessions
This panel features honest dialogue about securing an organization through the pandemic, so far. What changed at an organizational level that required security to pivot? What kind of immediate impacts did the security team face and how were those overcome? How did security maintain adequate communication and controls in the midst of this rapid change? What are the greatest lessons for security coming out of COVID-19? Where do we go from here?9:45 amNetworking BreakRegistration Level:
9:45 am - 10:00 amLocation / Room: Exhibitor Floor10:00 amIncident Response in a Work from Home WorldRegistration Level:
- Open Sessions
10:00 am - 10:30 am
- Open Sessions
Chris Shull, vCISO of Salem Medical Center and long-time Information Security consultant, will talk about how incident response has changed when so many people are working from home, so you’re ready for when it happens to you.
This presentation will highlight the most critical preparations companies need to ensure they are up to the challenges of an incident when everyone is WFH.
- How can you preparing to detect and respond to incidents using the 1-10-60 rule?
- Who do you need to include in your Incident Response Team?
- How do you prepare your IR Team for the incidents and breaches?
- How do you prioritize between different kinds of incidents?
- What to do if you can’t get interest, attention or resources?
Common-sense processes and best-practices (to the extent they are known) will be discussed.
Who should attend:
Professionals looking to grow, build or enhance their organization’s readiness to respond to and handle cyber incidents.10:00 amChanging Cyber Landscapes: The Battle of AlgorithmsRegistration Level:
10:00 am - 10:30 am
- Open Sessions
Among rapidly evolving technological advancements, the emergence of AI-enhanced malware is making cyberattacks exponentially more dangerous and harder to identify. In the near future, we will begin to see supercharged, AI-powered cyberattacks leveraged at scale. To protect against offensive AI attacks, organizations are turning to defensive cyber AI, which can identify and neutralize emerging malicious activity, no matter when, or where, it strikes.
In this session, learn about:
• Paradigm shifts in the cyber landscape
• Advancements in offensive AI attack techniques
• The Immune System Approach to cyber security and defensive
• Autonomous Response capabilities
• Real-world examples of emerging threats that were stopped with Cyber AI
GENERAL (InfoSec best practices, trends, solutions, etc.)10:00 am[Panel] Humanizing Cybersecurity in an All Virtual WorldDirector of Product Marketing Management, GigamonChief Security Strategist, Tenable, Inc.Global Security Strategist, Check Point Software TechnologiesSr. Sales Engineer, NetskopeRegional Sales Manager and Account Executive, AccessIT GroupRegistration Level:
10:00 am - 10:30 am
- Open Sessions
With the current business landscape upon us, personal business relationships and technology are at a bypass. Connecting cybersecurity initiatives with customers, clients, and partners in a remote world has never been so challenging. In this discussion, we will tackle questions like: How do we connect with customers in a digital world? What can we do to strengthen relationships with the tools available? How can we increase efficiencies and keep current customers happy with limited resources? How do we maintain, strengthen, and foster relationships in an increasingly impersonal business climate.
Join us for this exclusive, featured session brought to you by AccessIT and partners.10:00 amNew Remote Workforce: Privacy and Security Risks and MitigationsRegistration Level:
10:00 am - 10:30 amLocation / Room: 103
- Open Sessions
The sudden growth in the remote workforce exposed critical cybersecurity and privacy concerns that should be considered. This presentation will provide an overview of key legal considerations with remote work when it comes to privacy and security, as well as discuss some solutions to help mitigate risk as your employees work from home.10:30 amNetworking BreakRegistration Level:
10:30 am - 10:45 am10:45 amInsider Threats: A Multi-Pronged Approach to Protecting Your OrganizationRegistration Level:
- Open Sessions
10:45 am - 11:15 am
- Open Sessions
Insider threats are a real danger and cannot be overlooked. While deploying the latest secure system to fight against cyber threats is a decent strategy, you must also implement an effective insider threat system for an overall cybersecurity solution. An insider threat program cannot be brought off the shelf, but is a continuous process to identify and detect an incident as it occurs.
Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)10:45 am[Panel] Women & Cyber: An Insider's Guide to Building a Successful NetworkDevSecOps Engineering Coach, ComcastIT Security and Risk Manager, Chatham FinancialDigital Forensic Examiner, TransPerfect Legal SolutionsRegistration Level:
10:45 am - 11:15 am
- Open Sessions
Join Philadelphia Women & Cyber Security for a panel discussion with some of our board members, where we will discuss how to build a successful network and why it is important in this industry to have strong mentors. Q&A to follow.
Presentation Level: GENERAL (InfoSec best practices, trends, solutions)10:45 amProtecting You from You in the Public CloudRegistration Level:
10:45 am - 11:15 am
- Open Sessions
Using public clouds for enterprise datacenters is now mainstream; the advantages are significant and the gained agility indisputable. However, the number of services and options being offered is daunting. And, with these choices come consequences; one misconfiguration can put your entire organization at risk… or worse.
Another reality you will face as you scale is the challenge of using a “one-size-fits-all”’ interface. Imagine scrolling through lists of assets when the numbers are in the hundreds or even thousands. Just imagine trying to find a misconfigured or exposed S3 bucket when you have thousands; it’s finding a needle in a stack of needles.
And, if you’re like most enterprises, you have a resource gap and don’t have the experienced, trained security professionals maintaining your cloud environment(s). This gap exacerbates risks. The cloud environments available today are extremely comprehensive and powerful, but in unskilled hands, one fat-finger can have dire consequences. And, as you implement ephemeral cloud-native services like Lambda functions and other cloud-native platform components, new challenges will arise when conducting threat-detection and attribution.
In this session, you’ll see your future and what to expect managing your public cloud-based datacenter. You’ll learn why Gartner says, “Through 2023, at least 99% of cloud security failures will be the customer’s fault.” We will highlight the top challenges you will face and show you what you should prepare for before you scale. We will also detail recommended best practices for securing and maintaining compliance in your public cloud data center.10:45 amSecurity for, from, and with Machine Learning and Artificial Intelligence TechnologiesRegistration Level:
10:45 am - 11:15 am
- Open Sessions
As companies look to increase their operational efficiencies and competitive advantage, many are turning to machine learning (ML) and artificial intelligence (AI) to make better decisions faster. With this shift comes new challenges for businesses and security professionals to ensure these technologies remain effective, safe, unbiased, and ethical. Additionally, as AI and ML become more accessible to the masses, there is a growing risk that these technologies could be leveraged to launch sophisticated attacks. In this presentation, we will explore emerging threats related to AI and ML, as well as how security leaders can utilize these emerging technologies to better defend their organizations and respond to sophisticated attacks.
Presentation Level: MANAGERIAL (security and business leaders)11:15 amNetworking BreakRegistration Level:
11:15 am - 11:30 am11:30 am[Mid-Day Keynote] Courting the Cloud: It's Time for a CommitmentRegistration Level:
- Open Sessions
11:30 am - 12:15 pm
- Open Sessions
What is your commitment to the Cloud? Find out where you are and where you’re headed, as Mike Lopez walks you through the five stages of your relationship with the Cloud and helps you start/solidify the process towards commitment.
Director of Cloud Services at AccessIT Group, Mike Lopez has a history of designing cloud architecture with a security focused approach for government and fortune 500 clients. He has worked with private and public cloud environments including AWS, Azure, Oracle and Google Cloud. Because of his mixed background, he bridges the traditional gap between security and development teams, helping them work together in the cloud journey.
Where are you in your relationship with Cloud? AccessIT can give you a complimentary assessment of your current state against Best Practices, CIS benchmarks, or even compliance (HIPPA, PCI, etc.) with the use of our automated tools and provide you a report on how your environment measures up. To request your free security assessment, email: firstname.lastname@example.org and mention SecureWorld in your email!12:15 pmNetworking BreakRegistration Level:
12:15 pm - 12:30 pm12:30 pmCloud Security Career Planning and CertificationRegistration Level:
- Open Sessions
12:30 pm - 1:00 pm
- Open Sessions
Do you cringe when you hear the word ‘Cloud’? Is your security team trying to catch up with the SaaS, PaaS, IaaS platforms your IT and business already started to use? Do you want to jump on the cloud bandwagon (or copter) but don’t know where to start? Then join this discovery session.12:30 pmHow Deception Technology Works to Level the Playing FieldRegistration Level:
12:30 pm - 1:00 pm
- Open Sessions
The greatest threat to an enterprise is the length of time it takes to uncover an attack and then discover what has breached. Deception Technology provides a unique way to find, identify and enable a quick response to hacking without delays. This technology provides an early warning system that can function at multiple levels to serve as a sophisticated trip wire, which helps mitigate or prevent theft of data and associated damage. Discover how using this technology allows the tables to be turned on the attackers, so that they can be watched, their behavior analyzed and their targets identified.
Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)12:30 pmVIPR Report: The Verizon Incident Preparedness and Response Report – Taming the Data BreachRegistration Level:
12:30 pm - 1:00 pm
- Open Sessions
Preparing for and responding to data breaches and cybersecurity incidents is never easy. It takes knowledge of your environment and its unique threats, effective teamwork, and just as importantly, a rigorous Incident Response (IR) Plan. The VIPR Report is a data and scenario-driven approach to incident preparedness and response; it’s based on three years of Verizon’s IR Plan readiness assessments, and our data breach simulation recommendations. John will present findings with the six phases of incident and in doing so, cover five data breach scenarios illustrating the need for that phase of an IR Plan and its underlying components.
GENERAL (InfoSec best practices, trends, solutions, etc.)12:30 pm[Panel] Addressing Weakness: Vulnerability ManagementDirector, MSSP and Channels, Americas, Digital ShadowsPrincipal Global Security Strategist, OktaSolutions Architect, ReliaQuestRegistration Level:
12:30 pm - 1:00 pm
- Open Sessions
NIST defines vulnerabilities as, “Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.” This panel will discuss current vulnerabilities and risk management through proper controls and best practices.1:00 pmNetworking BreakRegistration Level:
1:00 pm - 1:15 pm1:15 pmRansomware and Digital Extortion: Legal Issues and Practical ResponsesRegistration Level:
- Open Sessions
1:15 pm - 1:45 pm
- Open Sessions
Ransomware incidents increased sharply in 2019 due to organizations’ existing security weaknesses and the development of increasingly sophisticated attack mechanisms specifically designed to exploit those weaknesses.
This presentation will examine case studies of how ransomware is evolving, how organizations should prepare and respond to ransomware, and the legal issues surrounding payment of ransom demands, the compromise of sensitive information, and how to recover from an attack.
Presentation Level: MANAGERIAL (security and business leaders)1:15 pm[Panel] No Perimeter: Security in the CloudIdentity and Security Architect, InsightSr. Presales Systems Engineer, Arctic WolfCTO, RedSeal NetworksSr. Security Architect, AccessIT GroupCloud Security Architect, Trend MicroRegistration Level:
1:15 pm - 1:45 pm
- Open Sessions
Worldwide events have accelerated cloud adoption trends. Organizational reliance on the cloud is at an all-time high. This panel will explore cloud security risks, controls, and best practices to help ensure a secure cloud computing environment.1:15 pmThe DoD’s Cybersecurity Maturity Model Certification (CMMC) Is Coming – Are You Ready?Treasurer and Member, Board of Directors, Cybersecurity Maturity Model Certification (CMMC) Accreditation BodyRegistration Level:
1:15 pm - 1:45 pm
- Open Sessions
To achieve better security across the US DIB supply chain, the DoD is developing the Cybersecurity Maturity Model Certification (CMMC). Companies will be required to acquire a CMMC Certification Level ranging from basic hygiene to “State-of-the-Art”. A required CMMC level will be contained in each contract and will be a “go/no-go decision”.
The model architects will present:
• The call to action for the development of CMMC
• A look at included sources and standards
• A detailed explanation of the maturity aspect of CMMC, both technical capability and process institutionalization
• A look at current references available to DIB contractors on CMMCPresentation Level: MANAGERIAL (security and business leaders)1:15 pm[Panel] Threat Landscape in Flux: Emerging ThreatsDirector, Security Operations, Delta RiskPrincipal Risk Management Architect, EurofinsM.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales UniversityVP, Corporate Privacy, and General Counsel, SpirionVP, Global Enterprise Solutions, BlackBerryRegistration Level:
1:15 pm - 1:45 pm
- Open Sessions
The attack surface is shifting, threat actors are adapting, and security teams must also pivot. This panel will take a dive into various attack vectors, security gaps, and emerging threats organizations are now facing.1:45 pmNetworking BreakRegistration Level:
1:45 pm - 2:00 pmLocation / Room: Exhibitor Floor2:00 pm[Closing Keynote] People, Processes, and Tech Strategies: Recruit, Train, and Retain for Success!Registration Level:
- Open Sessions
2:00 pm - 2:45 pm
- Open Sessions
While most security teams leverage these key resources to reduce risk in our programs, how you leverage these resources will ultimately determine your effectiveness and success. Come join a leading security practitioner in a collaborative discussion on tips and landmines to avoid.
- AccessIT GroupBooth: https://www.engagez.net/accessitgroup
AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.
AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.
- Arctic Wolf NetworksBooth: https://www.engagez.net/arctic-wolf-networks
Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOC™ service is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting, and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit https://www.arcticwolf.com.
- Armis, IncBooth: https://www.engagez.net/armis-nyc-phl
Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust Armis’ unique out-of-band sensing technology to discover and analyze all managed and unmanaged devices, analyze endpoint behavior to identify risks and attacks, and protect information and systems.
- ASIS Greater PhiladelphiaBooth: N/A
ASIS International is the preeminent organization for security professionals, with more than 38,000 members worldwide. Founded in 1955, ASIS is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programs and materials that address broad security interests.
- BlackBerry CybersecurityBooth: https://www.engagez.net/blackberry-nyc-phl
BlackBerry Cybersecurity is a leader in endpoint security, endpoint management, encryption, and embedded systems, protecting enterprises and governments around the world. Our end-to-end approach is deeply rooted in Cylance® AI and machine learning, providing continuous preventative protection, detection, and instant response. We extend protection for your organization against current and future cyberthreats by combining network and endpoint telemetry and by delivering innovative solutions in the areas of cybersecurity, safety, and data privacy.
- Check Point Software TechnologiesBooth: https://www.engagez.net/check-point-nycphl
Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.
- Cloud Security Alliance Delaware Valley Chapter (CSA-DV)Booth: N/A
Cloud Security Alliance Delaware Valley Chapter (CSA-DV) is a not-for-profit organization for people interested in education, training and possible certification in cloud security. We seek to improve the understanding of cloud security and to promote the interaction of both professionals and students in order to discuss current trends and topics within the industry.OUR PURPOSE:
To promote cloud security best practices within the Greater Philadelphia region, to educate about cloud computing, identify its risks, methods to secure it, and to continually provide opportunities for the development of cloud security professionals.
Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com
- Critical Infrastructure Association of America (CIAOA)Booth: N/AThe Critical Infrastructure Association of America, Inc. (CIAOA) is a 501(c)6 not for profit shining lights into the dark places of security.
Critical infrastructure describes the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety. The nation’s critical infrastructure provides the essential services that underpin American society.
In order to succeed in our mission we need to:
- CRESTBooth: N/A
CREST is an international not-for-profit accreditation and certification body that represents and supports the technical information security market. CREST provides internationally recognised accreditations for organisations and professional level certifications for individuals providing penetration testing, cyber incident response, threat intelligence, and Security Operations Centre (SOC) services.
- CyberArk SoftwareBooth: https://www.engagez.net/cyberark
CyberArk (NASDAQ: CYBR) is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including 50 percent of the Fortune 500, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.
- DarktraceBooth: https://www.engagez.net/ darktrace-nyc-phl
Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.
The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.
- Delta RiskBooth: https://www.engagez.net/delta-risk
Delta Risk is breaking the mold for managed security, delivering Security Operations Center (SOC)-as-a-Service and security services that bridge the gap to a modern security approach. We enable any size organization to leverage our expert security operations team and respond to endpoint, network, and cloud security threats 24×7. ActiveEye, our proprietary platform, uses Security Orchestration Automation and Response (SOAR) to cut through the noise and address the most critical threats faster. The ActiveEye Portal is the cornerstone of our customer-centric approach, providing clients a transparent view into SOC activities and Key Performance Indicators (KPIs) that demonstrate the value of our co-managed security approach.
- DeSales University Cyber Security ProgramBooth: https://www.engagez.net/desales
DeSales University offers an exciting digital forensics certificate program, composed of four courses, that teaches students how to recover evidence from various types of electronic devices. Students receive hands-on experience with popular forensic tools and are prepared to address the legal and investigative issues involved with seizing and handling digital evidence. Graduates of the certificate program can add more courses toward a master’s degree in criminal justice or information systems. All courses are online, allowing students with busy schedules greater flexibility.
- Digital ShadowsBooth: https://www.engagez.net/digital-shadows
Digital Shadows monitors and manages an organization’s digital risk, providing relevant threat intelligence across the widest range of data sources within the open, deep, and dark web to protect their brand, and reputation.
- Eurofins CybersecurityBooth: https://www.engagez.net/eurofins
Eurofins Scientific through its subsidiaries (hereinafter sometimes “Eurofins” or “the Group”) believes it is the world leader in food, environment and pharmaceutical products testing and in agroscience CRO services. It is also one of the global independent market leaders in certain testing and laboratory services for genomics, discovery pharmacology, forensics, advanced material sciences and for supporting clinical studies. In addition, Eurofins is one of the key emerging players in specialty clinical diagnostic testing in Europe and the USA. With about 45,000 staff in more than 800 laboratories across 47 countries, Eurofins offers a portfolio of over 200,000 analytical methods for evaluating the safety, identity, composition, authenticity, origin and purity of biological substances and products, as well as for innovative clinical diagnostic. The Group objective is to provide its customers with high-quality services, accurate results on time and expert advice by its highly qualified staff.
- EC-CouncilBooth: N/A
International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.
- ECTFBooth: N/A
As a result of the amalgamation of advanced technology and the Internet, both the quantity and sophistication of cybercrimes targeting U.S. financial institutions and critical infrastructure have increased. Today, criminal trends show an increased use of phishing emails, account takeovers, malicious software, hacking attacks and network intrusions resulting in significant data breaches. To protect the nation’s financial infrastructure from cyber and financial criminals, the Secret Service has adopted a multipronged approach.
- F5Booth: https://www.engagez.net/f5
F5 provides solutions for an application world. F5 helps organizations seamlessly scale cloud, data center, telecommunications, and software defined networking (SDN) deployments to successfully deliver applications and services to anyone, anywhere, at any time. F5 solutions broaden the reach of IT through an open, extensible framework and a rich partner ecosystem of leading technology and orchestration vendors. This approach lets customers pursue the infrastructure model that best fits their needs over time. The world’s largest businesses, service providers, government entities, and consumer brands rely on F5 to stay ahead of cloud, security, and mobility trends
- GigamonBooth: https://www.engagez.net/gigamon-sw
Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com.
- Gradient CyberBooth: https://www.engagez.net/gradient
We uniquely visualize an organization’s cybersecurity risks, reduce logs and alert noise to actionable insights and establish a cyber health roadmap for immediate value and long term improvements to its security posture.
- HTCIABooth: N/A
Investigators on the Leading Edge of Technology
The High Technology Crime Investigation Association (HTCIA) was formed to provide education and collaboration to our global members for the prevention and investigation of high tech crimes. As such, we are an organization that aspires to help all those in the high technology field by providing extensive information, education, collective partnerships, mutual member benefits, astute board leadership and professional management. Association Mission: Provide education and collaboration to our global members for the prevention and investigation of high tech crimes.
- InfraGard New York MetroBooth: N/A
The New York City Metro InfraGard Members Alliance (NYM-IMA) is a local program of the INMA. The New York Metro InfraGard Chapter holds regular meetings and provides members with a forum for information sharing within a secure environment, while focusing on protecting the critical infrastructure of New York City and surrounding areas.
Member’s alliance are part of a national network of FBI-vetted volunteers who are critical infrastructure SME in one or more sectors. It provides a trusted forum for the real-time exchange of information, training and expertise related to the protection of critical infrastructure and key resources from both physical and cyber threats.
- Philadelphia InfraGard Members AllianceBooth: N/A
InfraGard is a partnership between the FBI and the private sector. It is an association of people from businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. Philadelphia InfraGard Members Alliance (IMA) provides a forum for the exchange of information between the government, the owners and operators of the national infrastructure, and others concerned with the protection of the national infrastructure. Philadelphia IMA supports eastern Pennsylvania and southern New Jersey. Membership is free and new members are welcome.
- InsightBooth: https://www.engagez.net/insight
Insight is a comprehensive solutions integrator that helps organizations transform technology, operations, and service delivery to meet challenges and future-proof the business. With a client-focused approach to delivery, we recommend the most appropriate solutions to drive digital transformation and modernization for innovation. As clients look for ways to optimize data for better business, empower speed and scale of service, and drive next-gen security, Insight delivers expertise that is grounded, unbiased, and refreshingly straightforward.
- ISACA New York Metropolitan ChapterBooth: N/A
Our Mission: As a leading ISACA chapter, our mission is to serve our membership by providing world-class training, networking opportunities, and guidance while contributing to the profession both locally and internationally. Today, ISACA is a worldwide organization with over 200 chapters and the New York Metropolitan Chapter has grown to be one of the largest ISACA chapters in the world.
Our Membership: The New York Metropolitan Chapter has over 3,800 members, from the information systems audit/assurance, information security, IT risk management, and governance professions. Our members represent a wide array of industries including financial services, accounting and consulting, legal services, education, entertainment, health care, retail, public utilities, and government/regulatory entities – and hold positions ranging from entry level staff to senior management.
- ISACA PhiladelphiaBooth: N/A
The Philadelphia Chapter of ISACA has a membership base of more than 1,600 individuals primarily located in the Philadelphia and the surrounding suburbs, extending into Delaware and Southern New Jersey. The membership of the Chapter includes professionals working in various industries and capacities. From students through experienced C-level executives, the Philadelphia Chapter provides, training, networking and social events to this diverse group who share the common goal of providing expertise in IT audit, security, risk, and governance topics to their colleagues. The Chapter conducts events on a monthly basis led by an active, vibrant and dedicated group of volunteers and is actively seeking business partners to help provide value and knowledge to its members.
- ISC2Booth: N/A
ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, ISC2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation, The Center for Cyber Safety and Education™.
- (ISC)2 New YorkBooth: N/A
(ISC)² is based out of Palm Harbor, Florida and consists of over 80,000 members worldwide. Our chapter program provides members a forum to facilitate the exchange of knowledge and ideas, development of leadership and professional skills, and advancement of information systems security. We also provide our members with access to a variety of industry resource and educational programs to keep our members informed of the latest advances in technology and techniques.
Our members consist of (ISC)² credentialed professionals who hold either a SSCP, CAP, CSSLP, and/or a CISSP or advanced concentration certification. Our chapter program is focused on sharing knowledge and exchanging ideas among security professionals in the local area. Ultimately, we want to advance the field of information security by educating practitioners and the public at large on how to protect and defend against security threats. Learn more about the benefits of becoming a Chapter Member, visit our Membershippage.
- ISSA Delaware ValleyBooth: N/A
Our chapter serves the Delaware Valley and Mid-Atlantic region. This is comprised of Eastern Pennsylvania, Northern Maryland, Southern New Jersey, and Delaware.
We are making history as we continue to grow the chapter with your membership, and bring exciting programs to you. If you have not already been involved in the membership meetings, we encourage you to do so. Hopefully, you will walk away with more ideas to take back to your organizations, or you may come away with a sense of – “Hey, we had that same problem”, or “Our company is not alone in dealing with these issues.”
- NetskopeBooth: https://www.engagez.net/netskope
The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.
- OktaBooth: https://www.engagez.net/okta
Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.
- <Optiv & TripwireBooth: https://www.engagez.net/optiv-tripwire-swvc
Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise – risk mitigation – and builds out from there with strategy, infrastructure rationalization, operations optimization and ongoing measurement. Learn more at https://www.optiv.com.
Tripwire is the trusted leader for establishing a strong cybersecurity foundation. Partnering with Fortune 500 enterprises, industrial organizations and government agencies, Tripwire protects the integrity of mission-critical systems spanning physical, virtual, cloud and DevOps environments. Tripwire’s award-winning portfolio delivers top critical security controls, including asset discovery, secure configuration management, vulnerability management and log management. As the pioneers of file integrity monitoring (FIM), Tripwire’s expertise is built on a 20+ year history of innovation helping organizations discover, minimize and monitor their attack surfaces. Learn more at https://www.tripwire.com.
- OWASPBooth: N/A
The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
- OWASP – New York CityBooth: N/A
OWASP Foundation is a 501(c)3 Not for Profit association with local and global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button.
- PACTBooth: N/A
Philadelphia Alliance for Capital and Technologies (PACT)’s vision is to be the go-to resource for fast growing companies, and a driver of entrepreneurship and innovation in the Philadelphia region. PACT provides its members with valuable content and connections to capital, coaching, and customers that will accelerate their growth and success, and to collaborate with other organizations to drive innovation and entrepreneurship in the region. Visit www.philadelphiapact.com for more information.
- Philadelphia Women in Cybersecurity GroupBooth: N/A
Women make up only 11% of the cyber security workforce. With such low representation, it is essential that we advocate for and assist women as they navigate through the cyber security industry.
Philadelphia Women & Cyber Security’s Mission:
To provide opportunities to advance careers for professionals in Cyber Security through education, mentoring, and networking. A Supportive community for women in cyber security that works to promote and encourage women to develop their careers. We are open to any support for our mission from any gender.
Come to the next Philadelphia Women and Cyber Security’s event to get to know other like-minded, female cyber security professionals in the area. We will discuss industry best practices, the latest security trends and solutions, and share lessons we’ve learned over the years.
- ProofpointBooth: https://www.engagez.net/proofpoint-nyc-phl
Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.
Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.
- Rapid7Booth: https://www.engagez.net/rapid7-nyc-phl
Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.
- RedSealBooth: https://www.engagez.net/redseal-nyc-phl
By focusing on cybersecurity fundamentals, RedSeal helps government agencies and Global 2000 companies measurably reduce their cyber risk. With RedSeal’s cyber terrain analytics platform and professional services, enterprises improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif.
- ReliaQuestBooth: https://www.engagez.net/reliaquest-nyc-phl
ReliaQuest, the force multiplier of security operations, increases visibility, reduces complexity, and manages risk with its cloud native security operations platform, GreyMatter. ReliaQuest’s GreyMatter is built on an open XDR architecture and delivered as a service anywhere in the world, anytime of the day, by bringing together telemetry from tools and applications across cloud, on-premises and hybrid cloud architectures. Hundreds of Fortune 1000 organizations trust ReliaQuest to operationalize security investments, ensuring teams focus on the right problems while closing visibility and capability gaps to proactively manage risk and accelerate initiatives for the business. ReliaQuest is a private company headquartered in Tampa, Fla., with multiple global locations. For more information, visit www.reliaquest.com.
- SailPointBooth: https://www.engagez.net/sailpoint
SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.
- SpirionBooth: https://www.engagez.net/spirion
Spirion is a leading enterprise data management software solution that provides high-precision searches and automated classification of unstructured and structured data with unparalleled accuracy. Spirion helps businesses reduce their sensitive data footprint and proactively minimize risks, costs and reputational damage of cyberattacks by discovering, classifying, monitoring and protecting sensitive data.
- SynopsysBooth: https://www.engagez.net/synopsys
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
- TechTargetBooth: N/A
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- TenableBooth: https://www.engagez.net/tenable
Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.
- Trend MicroBooth: https://www.engagez.net/trend-micro-nyc-phl
Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.
- Women in CyberSecurity (WiCyS)Booth: N/A
Women in CyberSecurity (WiCyS) is the premier nonprofit organization with international reach dedicated to bringing together women in cybersecurity. Founded by Dr. Ambareen Siraj from Tennessee Tech University through a National Science Foundation grant in 2013, WiCyS offers opportunities and resources for its members and collaboration benefits for its sponsors and partners. The organization’s founding partners are Cisco, Facebook and Palo Alto Networks. WiCyS’ strategic partners include Amazon Web Services, Bloomberg, Cisco, Equifax, Facebook, Google, HERE Technologies, IBM, Lockheed Martin, Nike, Optum, Palo Alto Networks, PayPal, SANS Institute, Target, and University of California San Diego. To learn more about WiCyS, visit https://www.wicys.org.
- Tom BrennanExecutive Director, Americas Region, CREST
Tom Brennan is the CIO of the national law firm Mandelbaum Barrett PC and leads the U.S. arm of CREST International. In this role, he works with government and commercial organizations to optimize the value of CREST as a cybersecurity accreditation body and industry standards advocate, particularly for companies in the Cybersecurity & Infrastructure Security Agency’s 16 critical infrastructure sectors which are vital to U.S. security, national economy, and public health and safety. As CREST USA Chairman, Brennan spearheads strategic plans for CREST USA’s organizational growth while also serving as an industry evangelist and educator on the value of using accredited cybersecurity products and professionals to improve consumer privacy, security, and protection worldwide.
As a proud U.S. Marine veteran, Brennan became involved with CREST International in 2016 while serving the Global Board of Directors for the Open Web Application Security Project (OWASP). Seeing similar goals, he became more active in the CREST organization and was nominated to lead the organization’s U.S. Advisory in 2019. Over his career, Brennan has amassed security expertise across the cybersecurity spectrum, including penetration testing, vulnerability assessment, application security, threat intelligence, and more. In addition to being CREST USA Chairman, he is the Chief Information Officer of the national law firm Mandelbaum Barrett, overseeing critical infrastructure, privacy, and security operations. He is also an Advisory Board Member of the information services advisory Gerson Lehrman Group, a Cyber Fellows Advisory Council Member, a Member of the Information Technology Advisory Committee of the County College of Morris, a Senior Advisor and Industry Advisory Board Member of the New Jersey Institute of Technology, and a Cyber Fellows Advisory Council Member of the NYU Tandon School of Engineering.
- Nancy Hunter, ModeratorBoard President, WiCyS Delaware Valley Affiliate
- Moderator: Anahi SantiagoCISO, ChristianaCare Health System
Anahi Santiago is the Chief Information Security Officer at ChristianaCare Health System, the largest healthcare provider in the state of Delaware. Prior to CCHS, she spent over 10 years as the Information Security and Privacy Officer at Einstein Healthcare Network. In her role as CISO, Anahi has overall responsibility for the organization's cybersecurity and assurance program. She leads a team of information security professionals in supporting CCHS's strategic initiatives by collaborating with clinical and business leaders, managing cybersecurity risks, implementing policies and controls, generating overall awareness, and fostering a culture of security and safety.
- Donna RossExecutive VP & CISO, Radian Group
Dynamic leader and board member demonstrating over 20 years of diverse risk, compliance, information security, technology, and operations experience within the manufacturing, insurance, banking, financial services, and retail sector. Adept in developing and implementing strategic technology and risk solutions, performing research and analysis to keep employer advised regarding emerging technologies and management of risk. Security and DEI evangelist.
- Tammy Klotz, ModeratorCISO, Covanta
Prior to Covanta, Tammy was responsible for the cybersecurity program at Versum Materials, which included Information Risk Management, Plant Cybersecurity, as well as IT Security, Risk & Compliance activities. She was with Versum since their start-up in October 2016 and was responsible for standing up all security services required for the new company as part of their spin-off from Air Products & Chemicals.
Prior to her role at Versum, Tammy worked at Air Products & Chemicals for 25 years in a variety of leadership roles. Highlights of her Air Products career include IT Communications, Service & Business Relationship Management, global leadership of multiple IT support teams and IT Audit Manager.
Tammy is a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and is also Certified in Risk and Information Systems Control (CRISC). She is a Governing Body Member of the Philadelphia Chapter of Evanta, participates in Delaware Valley Cloud Security Alliance activities, and is involved with the Philadelphia Women & Cyber Security group. Tammy is also a 2019 Nominee for T.E.N Information Security Executive® of the Year.
- Chris ShullvCISO, Salem Medical Center
Chris Shull (CISSP, CIPP/E, CIPP/US, CIPM, FIP) is the vCISO for Salem Medical Center, vCISO and vDPO for several other organizations, and an Information Security and Privacy consultant and advisor.
With over 35 years in IT, information security, and privacy, Chris specializes in Keeping Information Security Simple so businesses can understand and manage their real-world risks. He has a B.A. in Economics and Mathematics from the University of Pennsylvania, and an M.A. in Operations and Information Management from the Wharton School.
In his free time, Chris is redecorating his office, gardening, trying to stay fit, volunteering on community non-profit boards, and reading science fiction, fantasy, and westerns. He is looking forward to us all getting past or on top of COVID-19 so he can resume playing and refereeing soccer, practicing Shotokan Karate and Jujitsu, and taking square dancing lessons.
- Will MishraCybersecurity Manager, Darktrace
Will Mishra is a Cyber Security Manager at Darktrace, the world’s leading machine learning company for cyber defense. He has worked extensively with clients across numerous industry verticals, from financial services to healthcare, helping them deploy Darktrace’s Enterprise Immune System, the only AI technology capable of detecting and autonomously responding to early-stage cyber-threats. Will graduated with a bachelor’s degree from Washington University in St. Louis and is based out of Darktrace’s New York, NY office.
- Martyn CrewDirector of Product Marketing Management, Gigamon
- Nathan WenzlerChief Security Strategist, Tenable, Inc.
Nathan Wenzler is the Chief Security Strategist at Tenable, the Cyber Exposure company. Nathan has over two decades of experience designing, implementing, and managing both technical and non-technical security solutions for IT and information security organizations. He has helped government agencies and Fortune 1000 companies alike build new information security programs from scratch, as well as improve and broaden existing programs with a focus on process, workflow, risk management, and the personnel side of a successful security program.
Nathan brings his expertise in vulnerability management and Cyber Exposure to executives and security professionals around the globe in order to help them mature their security strategy, understand their cyber risk, and measurably improve their overall security posture.
- Eddie DoyleGlobal Security Strategist, Check Point Software Technologies
Eddie Doyle works with enterprise organizations, university think tanks and corporate leaders to articulate the complex subject of cyber security in an engaging manner, championing his customer’s initiatives to fruition and finding the holy grail of cyber security… making cyber a profit center for the business.
LinkedIn recognizes Eddie’s forté as a keynote speaker and livestreamer of cyber security strategy for the everyday user of technology. Leading Board discussions and attack/defense simulation, Eddie proudly works with executive on disaster recovery planning and holds a global revenue responsibility for a fortune 500 company.
- Jim MenkevichSr. Sales Engineer, Netskope
Jim Menkevich is an Information Security, Privacy, and Risk Management professional with 19+ years of experience. Through his career, he has led teams in Cybersecurity, Enterprise Architecture, Systems Integration, and Application Development. Jim specializes in applying methodologies, frameworks, and ideas outside of the intended domain, which generates new and fresh angles to address industry challenges. When he’s not working, Jim enjoys writing poetry, running, and spending time with his family. Jim served previously as the Director of Data Protection and Security Governance at Health Partners Plans in Philadelphia.
- Mark SpencerRegional Sales Manager and Account Executive, AccessIT Group
- Jordan Fischer, InstructorCyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.
Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.
- Phil CurranCISO & CPO, Cooper University Health Care
Phil Curran has more than 25 years of experience in information security and privacy in the military, government and private sectors. As the Chief Information Assurance Officer and Chief Privacy Officer at Cooper University Health Care in Camden NJ, he is responsible for managing governance and regulatory compliance, risk assessment and management, threat intelligence and vulnerability assessment, privacy and security investigations, business continuity, and awareness and training. He has served on the Health Information Trust Alliance (HITRUST) task force to integrate privacy controls in the Common Security Framework and the development of the ISC2 Health Care Information Security and Privacy Practitioner. Phil serves on the Executive Committee for Secure World – Philadelphia and the Philadelphia and New Jersey Chapters of the CISO Executive Network. He has spoken on Information Security and Privacy issues at Secure World and HIMSS Privacy and Security.
- Rosemary ChristianDevSecOps Engineering Coach, Comcast
Rosemary Christian is Co-President for WiCyS Critical Infrastructure and a Board Member for WiCyS Delaware Valley. She has demonstrated passion, knowledge and proven ability to engage others in the emerging market needs for cybersecurity initiatives. She leverages her experience, communications skills and interpersonal savvy across all levels to facilitate multiple security control systems, encryption and authentication protocols. She has a deep understanding of the importance of protection and maintenance of information and data security protocols in collaborative team environments. At Comcast as a DevSecOps Transformation Coach she fosters continuous improvement and sustained adoption of Secure Development Lifecycle practices.
- Christina GriffinIT Security and Risk Manager, Chatham Financial
Cybersecurity professional specializing in risk management and information security. She holds an MBA, a master’s in information technology leadership, and also has a CISSP certification. She has professional experience working in both higher education and finance industries and is currently employed as an IT Risk and Security Manager at Chatham Financial. As a member of the Philadelphia Women in Cybersecurity, she is currently on the board as the communications chair.
- Devon CampbellDigital Forensic Examiner, TransPerfect Legal Solutions
Devon Campbell is a Digital Forensic Examiner at TransPerfect Legal Solutions in the Forensic Technology and Consulting division. Devon has experience conducting forensic examinations of mobile devices, computers, social media data, cloud-based data, and email data. Prior to joining TransPerfect Legal Solutions, Devon earned her Master's degree in Digital Forensics from DeSales University, then went on to work as a Digital Forensic Examiner with the Philadelphia District Attorney’s Office and the Lehigh County District Attorney’s Office. In these roles, Devon actively analyzed and investigated digital devices of evidentiary value related to active investigations and cases held for court. Devon is considered an expert witness in matters relating to digital forensics. She has testified in numerous court cases involving digital evidence.Devon instructed various digital forensics courses at the graduate and undergraduate level at DeSales University. Now, Devon brings her experience to her role as a member of the TransPerfect Forensic Technology and Consulting team.
- Grant AsplundGrowth Technologies Evangelist, Check Point Software Technologies
For more than 20 years, Grant Asplund has been sharing his insights on how businesses can best protect themselves from sophisticated cyber-attacks in an increasingly complex world. As Check Point’s chief evangelist, he travels the world enthralling audiences with his passionate and relational storytelling at conferences like RSA and Next100 CIOs and numerous media interviews. Grant’s wide range of cyber security experience informs his talks, having served in diverse roles ranging from sales, marketing, business development, and senior management for Dome 9, Blue Coat Systems, Neustar, and Altor Networks. As CEO of MetaInfo, he led its acquisition by Neustar. Grant is the host of the CISO Secrets podcast (cp.buzzsprout.com) and the Talking Cloud Podcast (www.talkingcloudpodcast.com) on Cloud security.
- Joshua CloudDirector of Information Security, NFI
Joshua Cloud is currently serving as the director of information security for NFI. He has over 20 years of infrastructure and security leadership experience spanning professional services, manufacturing, retail, and logistics industries in countries all over the world. Cloud is a transformational security leader with a business focus who evangelizes the value of pragmatic cyber risk management and executive alignment. He currently leads a team of security professionals at the new NFI headquarters on the Camden, NJ, waterfront.
- Michael LopezDirector of Cloud Services, AccessIT Group
Mike Lopez, Director of Cloud Services at AccessIT Group, has a history of designing cloud architecture with a security focused approach for government and fortune 500 clients. He has worked with private and public cloud environments including AWS, Azure, Oracle, and Google Cloud. Mike leads AccessIT Group’s Cloud practice by helping its customers create strategies for their cloud adoption through a vendor agnostic holistic approach to cloud security. Because of his mixed background, he bridges the traditional gap between security and development teams, helping them work together in the cloud journey. Prior to his role at AccessIT Group, Mike was the Lead Consultant of Professional Services at Check Point Software Technologies and served as the subject matter expert for their cloud security products. As a cloud specialist, Mike is AWS and Azure certified and maintains Check Point CCSE and CCVSE certifications.
- Vana KhuranaSr. Solutions Architect, Security Specialist, Cloud Security Alliance Delaware Valley
Vana Khurana is CISSP, AWS Certified Architect (A), CCSP, CCSK, GSEC, and TOGAF certified. Vana serves as Director of Training and a Board Member of Cloud Security Alliance Delaware Valley Chapter. She is also an Adjunct Faculty at Temple University, Philadelphia. Vana has authored the book "IT Process Management," available on Amazon.
- Michael MeyerChief Risk and Innovation Officer, MRS BPO, LLC
Michael Meyer, MPSTM, CISSP, CIPP/US, CIPM, FIP, CISM, CRVPM II, CRISC, CISA, is the Chief Risk and Innovation Officer of MRS BPO. He is responsible for overseeing the company’s enterprise innovation, risk management and security initiatives for its Fortune clients. Michael has been with MRS for over 20 years and previously served in the Chief Security and Chief Information Officer roles. He has a Master’s degree in Technology Management from Georgetown University and a Bachelor’s degree in Computer Science from Rutgers University. Prior to MRS, he owned a consulting company, taught secure government systems globally and was in Military Intelligence.
- John GrimHead of Research, Development, Innovation, Verizon Threat Research Advisory Center
John has over 17 years of experience investigating, and leading teams investigating, data breaches and cybersecurity incidents within the government and civilian security sectors. Currently, John heads the Verizon Threat Research Advisory Center (VTRAC) research, development, and innovation effort. In this role, he focuses on researching cybersecurity incidents, performing digital forensic examinations, advising on data breach containment and eradication efforts, and creating data breach response preparedness training and breach simulation exercises for customers worldwide. Prior to joining Verizon, John served 12 years with the U.S. Army investigating security-related incidents with eight years specifically focused on network intrusion investigations and forensic examinations.
- Davitt J. PotterDirector, MSSP and Channels, Americas, Digital Shadows
Born and raised in the Black Hills of South Dakota, Davitt has over 25 years of experience in the OEM, VAR & MSSP channels realm. From starting as a field services engineer fresh from school at the South Dakota School of Mines and Technology, and eventually defining and managing IT operations and strategy for numerous companies in a CTO capacity, he has a deep understanding of how our increasingly technical sales need to be properly positioned and supported.Davitt has developed and implemented go-to-market strategies including technical and sales enablement which have increased top-line revenue growth and improved efficiencies within the teams and has also developed and managed post-sales & services programs. Still an avowed technologist, he is always looking for what’s coming around the corner next.
- Gurinder BhattiPrincipal Global Security Strategist, Okta
Gurinder Bhatti is a Principal Global Security Strategist for Okta's pre-sales field teams. In his current role, he works with both customers and prospects in helping them understand the value proposition of Identity as a security strategy. Prior to Okta, Gurinder was an AVP of Cyber Security engineering at Moody’s and implemented numerous security solutions, including O365, Okta, Splunk, and enterprise-wide device encryption. He has over two decades of experience in the cybersecurity practice having worked in FinTech and FinServ industries for organizations such as the New York Stock Exchange, Moody’s, and IHS Markit.
- Somer HernandezSolutions Architect, ReliaQuest
- Daniel PepperPartner, BakerHostetler
Dan Pepper is a partner on BakerHostetler's Privacy and Data Protection team. Utilizing 25 years of comprehensive experience in information technology, data privacy, and cybersecurity law, Dan advises clients on proactive data security practices, data breach incident response, and regulatory compliance. He frequently handles security incidents and has interacted with federal and state agencies and forensic service providers, overseen investigations, and designed post-incident response notification and remediation plans.
- Dean GrossIdentity and Security Architect, Insight
- John DaviesSr. Presales Systems Engineer, Arctic Wolf
- Mike LloydCTO, RedSeal Networks
Dr. Mike Lloyd has more than 25 years of experience in the modeling and control of fast-moving, complex systems. He has been granted 21 patents on security, network assessment, and dynamic network control. Before joining RedSeal, Mike Lloyd was Chief Technology Officer at RouteScience Technologies (acquired by Avaya), where he pioneered self-optimizing networks. Mike served as principal architect at Cisco on the technology used to overlay MPLS VPN services across service provider backbones. He joined Cisco through the acquisition of Netsys Technologies, where he was the senior network modeling engineer.
Dr. Mike Lloyd holds a degree in mathematics from Trinity College, Dublin, Ireland, and a PhD in stochastic epidemic modeling from Heriot-Watt University, Edinburgh, Scotland.
- Brian RossmeislSr. Security Architect, AccessIT Group
- Andre AlvesCloud Security Architect, Trend Micro
Andre Alves has been helping companies to achieve safer environments for information exchange for over 10 years. Has always enjoyed tinkering with computers and being on the edge of new technologies, even back as a nerdy teenager in Brazil. Andre is a certified AWS Solutions Architect and Hybrid Cloud Security trainer.
- James GoepelTreasurer and Member, Board of Directors, Cybersecurity Maturity Model Certification (CMMC) Accreditation Body
James Goepel is Treasurer and Member, Board of Directors for the CMMC-AB. He is also an adjunct professor of Cybersecurity at Drexel University and CEO of Fathom Cyber, a trusted agent for senior management and developer of defensible cybersecurity strategies. Jim earned his BSECE from Drexel and his JD and LLM degrees from George Mason University. He worked in the IT and security industries for nearly two decades, including as a Network Administrator for the US House of Representatives and as a lawyer and technologist for a wide range of cybersecurity companies, including system developers, research institutions, and software vendors.
- Joseph AcostaDirector, Security Operations, Delta Risk
- Bob PachecoPrincipal Risk Management Architect, Eurofins
- Moderator: Joe WalshM.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University
Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for 13 years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor's degree in Information Systems, a master's degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D. in Information Systems with a concentration in Cybersecurity.
- Scott M. GiordanoVP, Corporate Privacy, and General Counsel, Spirion
Scott M. Giordano is an attorney with more than 25 years of legal, technology, and risk management consulting experience. IAPP Fellow, CISSP, CCSP, Scott is also former General Counsel at Spirion LLC, where he specialized in global data protection, tech, compliance, investigations, governance, and risk. Scott is a member of the bar in Washington state, California, and the District of Columbia.
- Thomas PaceVP, Global Enterprise Solutions, BlackBerry
Thomas Pace has an extensive background in building incident response programs, policies, procedures and playbooks at multiple top-tier organizations. Thomas has 11 years of security experience in various fields including physical security, intelligence gathering and analysis, sensitive site exploitation, incident response, intrusion analysis, and endpoint and network forensics. Thomas also has extensive experience in conducting assessments against various NIST special publications such as 800-53 and 800-171. Thomas is also currently an Adjunct Professor at Tulane University where he has developed a portion of the Homeland Security Studies program curriculum centered on cybersecurity. Thomas also currently provides guidance and expertise to the New Orleans cloud security community as the Louisiana Cloud Security Alliance Co-Chair.
Thomas served as a Senior Cybersecurity Engineer at Fluor Federal Petroleum Operations, a Department of Energy contractor supporting the Strategic Petroleum Reserve worth billions of dollars. In this role, Thomas was the lead incident response official and was responsible for ensuring all incidents were appropriately identified, contained and remediated in a timely manner and reported to proper authorities if necessary. Additionally, Thomas was responsible for conducting intrusion analysis and threat hunting on a daily basis to ensure the organization was not breached. While conducting a multitude of analyses based on intrusions and incidents, Thomas built a multitude of playbooks and processes so junior technical personnel could also conduct analyses in an efficient manner.
Thomas served in the United States Marine Corps as an infantryman and intelligence specialist. During this time, Thomas deployed to both Iraq and Afghanistan as part of the Marine Corps.
Thomas holds an M.S. in Information Science with a concentration in Information Assurance. Thomas also possesses multiple certifications such as GIAC GCIH, GCFA, GCIA, GICSP and GCWN. Thomas also is a Sourcefire certified professional, CISSP, and possesses CNSS 4011, 4012, 4013, 4014 and 4015.
- Mark Eggleston, CISSP, GSEC, CHPSCISO, CSC
Mark Eggleston is the chief information security officer (CISO) for CSC, responsible for the global security and privacy program design, operations and continual maturation. As a senior executive specializing in security and privacy program development and management, Mark’s unique background and expertise in information technology, program, and people management have positioned him as a thought leader and frequent industry speaker.
Mark started his career as a program manager and psychotherapist at a hospital serving children and adolescents. Later, Mr. Eggleston helped develop an internal compliance approach—complete with policies and tools—ensuring a geographically dispersed health care provider organization (across 19 states) complied with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Mr. Eggleston then transitioned to applying his HIPAA expertise at an HMO where he has implemented many successful security controls and technologies, including single sign-on (SSO), Identity and Access Management (IAM), Cloud Access security broker (CASB), and a vulnerability assessment program.
Mark received his Bachelor of Science in psychology from Radford University. Later, Mark received both his Master of social work and his post-baccalaureate certificate in management information systems from Virginia Commonwealth University. In addition, Mark holds CHPS, CHPS, and CISSP certifications.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes