googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, April 5, 2017
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    Advisory Council Round Table Breakfast: The Cost and Consequence of Insider Threats – (VIP / INVITE ONLY)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: Strafford

    This session is for Advisory Council members only.

    8:00 am
    [SecureWorld PLUS] Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Keynote Theater

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 1 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    President, CISSP, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Berwyn

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    8:30 am
    EU General Data Protection Regulation: Review of the IT Security Requirements and Changes
    • session level icon
    speaker photo
    Partner, Park Legal LLC
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Malvern

    The EU General Data Protection Regulation (GDPR) becomes mandatory on May 25, 2018. It will have a sweeping impact on the data protection requirements and enforcement for multinationals, including in relation to data security. This presentation will describe the changes, with a focus on those relating to IT security, and will provide practical advice for organizations to prepare.

    8:30 am
    Data Mapping
    • session level icon
    Understanding How Your Data Moves Within and Without Your Organization
    speaker photo
    CISO & CPO, Cooper University Health Care
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Villanova

    One essential component of health IT interoperability and improved care is the exchange of information. Data mapping plays a key role in not only moving data but also in understanding where and how the data moves.

    8:30 am
    Security That’s Actually Suitable for Physician Practices and Other Small Businesses
    • session level icon
    speaker photo
    VP Standards & Analytics, HITRUST
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Haverford

    Small businesses are often financially and resource-constrained, and find it difficult to implement and maintain a robust information protection program. CSFBASICs leverages the HITRUST CSF and CSF Assurance Program and defines a relaxed but certifiable “good hygiene” approach to patient privacy and the security of their PHI.

    8:30 am
    Trend Micro: Anatomy of a Ransomware Attack and Why It Matters
    • session level icon
    Using a layered security approach ensures a better way to prevent, detect, and respond to threats.
    speaker photo
    Director, Global Threat Communications, Trend Micro
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Wayne

    Cyber criminals can hijack your business by encrypting your data and holding your systems hostage until you pay up. Hackers use ransomware like CryptoLocker and CryptoWall to target a wide range of organizations like yours, demanding thousands of dollars. Find out how you can protect your business from ransomware security threats. Join Jon Clay, Director of Global Threat Communications at Trend Micro, as he outlines the latest criminal underground threats and best practices to protect your data and systems.

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    OPENING KEYNOTE: Fighting Cybercrime – A Team Effort
    • session level icon
    speaker photo
    Senior Counsel, U.S. Dep't of Justice, Criminal Division, Computer Crime and Intellectual Property Section
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Jared Hosid, a prosecutor with the U.S. Department of Justice’s Computer Crime and Intellectual Property Section, will discuss the current cyber threat environment and address how the private sector can work collaboratively with law enforcement to reduce the cyber threat, mitigate loss, and catch the criminals.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable – The Threat of IoT to the Corporate Environment (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Strafford
    11:15 am
    Surviving the Siege: Medieval Lessons in Modern Security
    • session level icon
    Discover the 2017 SecureWorld Theme
    speaker photo
    President, CISSP, O'Leary Management Education
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Villanova

    Warfare and the arts of intrusion have advanced considerably since the Middle Ages, but in many ways the principles of fortification we use today remain the same. The great castles of antiquity were ingeniously designed with multiple layers of physical security to protect their inhabitants from persistent, even advanced enemy threats. Their carefully planned and creative defensive measures provide rich metaphors, both positive and negative, for today’s cyber guardians. On the other hand, clever, daring, sometimes brilliant offensive strategies and tactics have historically breached battlements thought to be unassailable. Come join us as we examine lessons that can be applied to securing our own sophisticated digital fortresses.

    11:15 am
    Cisco: Stories of the Bad Within the Good – Illuminating Threats Deep Within a Network
    • session level icon
    speaker photo
    Systems Engineering Manager, Cisco
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Wayne

    Cisco Security expert Jeff Moncrief has identified zero day and insider threats within dozens of organizations leveraging netflow analysis and network behavioral anomaly detection.  

    11:15 am
    [Radware] Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Sales Engineer, Gigamon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Haverford

    Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    11:15 am
    How to Develop an Effective Cyber-Response Program
    • session level icon
    A white paper with steps to develop an incident response program and a checklist for forensic support.
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Malvern

    Despite our best efforts to detect and deflect attacks, the attack is inevitable. Lets walk through the steps to build an Incident Response Plan and the actions needed at the time of an event.

    12:00 pm
    Advisory Council LUNCH Roundtable: Growing the Future Cybersecurity Workforce – (VIP / Invite Only)
    • session level icon
    Advisory Council Members Only
    speaker photo
    VP Information Security & Compliance, Ascensus
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Strafford

    Lunch Served
    Moderator: Peter Kurek

    12:15 pm
    LUNCH KEYNOTE: Cisco – Integrate, Adapt, Overcome: Building Effective Security Architectures
    • session level icon
    speaker photo
    Field Product Manager, Cisco
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    1:15 pm
    Panel: Access Control – The End of the Password?
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    “Open Sesame!” Whether you recognize the term coming from Ali Baba or one of the forty thieves, this timeless password ranks up there with “password123” or “admin” on your home wireless router. Passwords were created to keep us safe or keep something safe for us. Back in the day you were able to look the person in the eye when they said the password. You knew (roughly) what you were getting, and you could perform a risk assessment (of sorts) on the speaker. Now, with some many ways at getting our information, the password is going the way of the dodo.  Is 2FA good enough? Zero Trust? Pass phrases? Perhaps your own voice is the password? I don’t know the answer, but I’d be willing to bet that some of the experts on this panel will be able to help you decide what to do with the password dilemma.
    Panelists:
    Joeseph Walsh, DeSales
    George Makin, Federal Reserve
    Nancy Hunter
    George Makin
    Moderator: Bob McCosky

    1:15 pm
    Panel: Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Villanova

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
    Panelists:
    Ron Schlect, BTB Security
    Eric Bucher, Cequence
    Matthew Cilento, Securonix
    Hassanain Kapadia, Palo Alto Networks
    John Maloney, AccessIT Group
    Moderator: Frank Piscitello

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    EU-U.S. and Swiss-U.S. Privacy Shield Certification: IT Security Requirements, Preparation and Risk Minimization
    • session level icon
    speaker photo
    Partner, Park Legal LLC
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Malvern

    The E.U.-U.S. and Swiss-U.S. Privacy Shield frameworks replace the outdated (and invalidated) Safe Harbor framework for transfers of personal data pertaining to European and Swiss residents to the U.S. This presentation will provide an overview of the Privacy Shield framework and principles, with a focus on the requirements and regulator expectations for fulfilling and sustaining on a go-forward basis the Security requirements that are part of that framework. The presenter will also provide practical advice and recommendations for the attendees, based upon her assistance to many organizations certifying to these frameworks.

    3:00 pm
    IoT Threat Analysis
    • session level icon
    Gain a better understanding of the risks involved with IoT devices.
    speaker photo
    Director of Cybersecurity / CISO, The Bancorp Bank
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Villanova

    This session will review the current threat landscape, identify security concerns, provide examples and offer recommendations on securing the devices.

    3:00 pm
    Lock Pick Village
    • session level icon
    A Better Understanding of Locks and How to Compromise Them
    speaker photo
    Professor, Drexel University
    speaker photo
    Electrical Engineer, Security Consultant
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Wayne

    Attendees will learn basic locking theory and then put it into practice by picking real locks.

    3:00 pm
    Cylance: Hitchhiker’s Guide to Ransomware – From Genesis to Current Menace
    • session level icon
    speaker photo
    VP, Global Enterprise Solutions, BlackBerry
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: Haverford

    This presentation will cover: ransomware, ransomware infection vectors, the history & evolution of ransomware, business model for ransomware and what the best ways to detect and prevent ransomware.

    3:00 pm
    [SecureWorld PLUS] Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Keynote Theater

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:00 pm
    SecureWorld PLUS Part 2 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    President, CISSP, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Berwyn

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

  • Thursday, April 6, 2017
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    [SecureWorld PLUS] Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Keynote Theater

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 3 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    President, CISSP, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Berwyn

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    8:30 am
    Gaining Better Visibility Into Risk – The Future of GRC
    • session level icon
    speaker photo
    Experienced Manager, Grant Thornton’s Risk Advisory Services
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Wayne

    In this session we will be discussing the general achievements and failings that clients have experienced utilizing GRC platforms and processes, where the market is headed, and how integration of different data sources and risk correlation techniques are starting to be utilized to get a better picture of risk.

    8:30 am
    Data Breach Digest – Perspective is Reality
    • session level icon
    speaker photo
    Head of Research, Development, Innovation, Verizon Threat Research Advisory Center
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Villanova

    Data breaches are complex affairs. Response activities are proportionately complex involving various stakeholders with slightly different perspectives. This presentation covers the 2017 “Data Breach Digest – Perspective is Reality”; a compendium of data breach scenarios told from different stakeholder points of view covering their decisions, actions and crucial lessons learned.

    8:30 am
    Keeping Information Security Simple
    • session level icon
    speaker photo
    vCISO, Salem Medical Center
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Malvern

    The greatest problems for Information Security are the pervasive fear, uncertainty and doubt many business leaders feel about the costs and benefits surrounding cyber security, leading many to ignore or underinvest in even the most basic risk assessment and mitigation that could save their businesses. But even a simple risk assessment can highlight and quantify enormous risks, which are sometimes easily and cheaply remedied. Frameworks and questionnaires for assessing risk are readily available and straightforward to apply. Opportunities for improvements will be highlighted with compelling examples.

    8:30 am
    Jumping the Canyon from Technical to Leadership and Landing Successfully
    • session level icon
    speaker photo
    Chief Information Security Officer, Kennedy Health System
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Haverford

    Making the jump from a technical role to a leadership role, and lessons learned from the other side. Technology is easy—security in principle is not difficult. The challenge is working with other people, understanding the culture, and determining who you are and want to be.

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    OPENING KEYNOTE: Phishing Dark Waters – Don’t End Up on the Hook
    • session level icon
    speaker photo
    CEO, Social-Engineer, Inc.
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Phishing – is it really that dangerous? Can it really create havoc in your organization? I have sent, seen and analyzed some of the most effective and dangerous phish in the world. Learn how to dissect and defend so you don’t get hooked.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable – Understanding the Business Viability of Your Security Solution Vendors (VIP / Invite Only)
    • session level icon
    speaker photo
    CIO, Morgan, Lewis & Bockius LLP
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Strafford
    11:15 am
    An Introduction to Statistical Anomaly Detection
    • session level icon
    speaker photo
    Director - Isaac L. Auerbach Cybersecurity Institute, Drexel University
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Villanova

    An introduction and overview of the mathematical ideas underlying statistical anomaly detection, focusing on principal component analysis (PCA) based detection.

    11:15 am
    Securonix: Solving Compliance and Security Crisis with Big Data Analytics
    • session level icon
    speaker photo
    CISO and Chief Security Strategist, Securonix
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Wayne
    11:15 am
    SecureAuth: Moving Beyond Passwords
    • session level icon
    speaker photo
    SVP, Identity Strategy, SecureAuth
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Malvern

    In 2016, almost two-thirds of breaches involved the use of stolen or default credentials. Even the strongest and most complex passwords will never be enough if they are compromised. While there is no denying that we need to remove our dependency on the password as a primary method of authentication, the question remains how to we get there? Join Robert Block as we discuss whether the world is ready to relinquish its love for the password, the challenges involved in moving to a password-free world, and enabling technologies that will get us there.

    11:15 am
    OSINT and Social Engineering
    • session level icon
    speaker photo
    Partner, Information Security, DFDR Consulting
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Haverford

    Session will outline Open Source Intelligence gathering, social engineering attacks and information leakage for the purposes of attacks against a given target

    12:00 pm
    Advisory Council Roundtable LUNCH – Top Down-Bottom-up Risk Assessment (VIP / Invite Only)
    • session level icon
    Gourmet Lunch Served
    speaker photo
    IT Policy Risk & Compliance Manager, Fulton Financial
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Strafford
    12:15 pm
    [LUNCH KEYNOTE] Radware: The 10 Immutable Security Facts for 2020
    • session level icon
    speaker photo
    Security Evangelist, North America, Radware
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    A presentation of top 10 security facts that will disrupt established application and infrastructure security practices. A discussion centered around questions everyone is or should be asking in 2020:

    • What is the attack surface of the public cloud?
    • Why are NIDs, HIDs, and flow collectors not adapted for cloud based infrastructure and applications?
    • How to protect APIs and cloud native applications running in dynamic, end-to-end encrypted service meshes?
    • What is Next Gen WAF and when should I consider it?
    • What are automated threats and how to protect against the 4th generation bots?
    • Is deep learning an inexorable technology as attackers get automated and attacks more sophisticated?
    • What will be the impact of 5G on application security and availability?

    Presentation outline
    A top 10 is subjective in nature, but it wasn’t just pulled out of thin air. The 10 facts are based on trends in recent threats, my own security research, and discussions with CISOs and security leaders.

    The Top 10 security facts for 2019/2020:

    1. The Attack Surface of the Public Cloud is defined by Permissions
    2. The Insider thread of the Public Cloud is the Outsider
    3. HIDs, NIDs, and Flow Collectors are pointless for Securing Cloud-based Applications
    4. WAF does not keep up with Cloud Native Applications
    5. East-West Traffic is getting Encrypted
    6. Attackers are getting Automated
    7. Attacks are getting more Sophisticated
    8. APIs are the new Front-end
    9. Machine and Deep Learning become essential for Threat Detection
    10. 5G will fuel the next IoT Explosion

    Starting the discussion with an overview of the current threat landscape, illustrating with real-world incidents in following categories:

    1. Cloud infrastructure abuse
    2. Data breaches through publicly exposed S3 buckets
    3. Ransom of poorly secured cloud data services
    4. Cloud Infrastructure owning and wiping
    5. Cloudification of DDoS attacks
    6. Automated threats

    A quick run through of the top 10 security facts.

    The rest of the discussion will lead to the 10 facts and is organized in 4 chapters, each centering around a top of mind topic:

    1. Migrating to the cloud
    2. Cloud Native Applications
    3. Automated Threats
    4. 5G/IoT Intersection

    Each chapter is summarized with the top security facts that were demonstrated throughout the discussion

     

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Villanova

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
    Panelists:
    Scott Register, Ixia
    John McClurg Cylance
    Mike Rogers Symantec
    Tim Miller, Trend Micro
    Moderator: Dan Reither

    1:15 pm
    Panel: Cloudy With a Chance of Breach
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Everything old is new again. Migrating to the cloud certainly is not a new thing. It is for some smaller companies that are just now able to afford making the move to the cloud. Cloud boasts a secure, disaster proof option for companies to store their data offsite with access to that data from practically anywhere. So, who’s fault is it when the data is compromised? What if your information is stolen from the cloud because another user’s data was at fault? At the end of the day, isn’t the cloud just someone else’s computer? Join this panel discussion as they guide you through the pros and cons in migrating to the cloud.
    Panelists:
    John DiLullo,Lastline
    Gus Coronel,Check Point
    Pete Molett, AccessIT Group
    Dwayne Wenger, Big Switch
    Mike Piscopo,Delta Risk
    Moderator: Anahi Santiago

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Security and Medical Devices
    • session level icon
    speaker photo
    Chief Security Architect, Vaxient
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Wayne

    Since, medical devices are critical to providing care and treatment, this talk will address three key issues: 1) identify specific threats to providers and medical devices, 2) present some practical, cost-effective mitigations, and 3) provide a strategy for the future.

    3:00 pm
    Compliance with the New York DFS Cybersecurity Regulations
    • session level icon
    Do These Rules Apply to My Company?
    speaker photo
    Data Privacy, Security, and Management Attorney
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Haverford

    The New York Department of Financial Services (DFS) cybersecurity regulations have partially gone into effect as of March 1, 2017. And, you may wonder … do these rules apply to my company and if so, what do I need to do to be compliant? The rules require more than simple changes in policy. We will discuss the requirements in-depth as well as the additional staggered compliance deadlines. This presentation will be particularly helpful for financial institutions, other NY DFS regulated entities (for example, insurers, check cashers, money transmitters, lenders and virtual currency businesses) and those that are vendors of financial services institutions.

    3:00 pm
    Next Generation Application and Infrastructure Management
    • session level icon
    speaker photo
    Director of Cloud Security, Financial Services
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Villanova

    Application and cloud security vulnerability management tools consider only vulnerabilities and don’t deal with workflow and assisting security professionals build their program in an agile fashion. Defect Dojo, an Open Source tool from OWASP, is built on enabling security programs.

Exhibitors
  • AccessIT Group
    Booth: 100

    AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.

    AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.

  • Alert Logic
    Booth: 314

    Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.

  • Alpine Security
    Booth: 216

    Alpine Security is a Service Disabled Veteran owned Small Business. We have extensive experience with security audits, regulatory compliance audits, vulnerability assessments, penetration testing (network, application, web application, and physical), social engineering, incident response, digital forensics, and user awareness & technical training.  Our team members are Industry Certified, bring vast project experience, highly educated, trusted, and experienced.  We have been on United States government red teams and have experience with military cyber operations – offensive and defensive.  Our team is also well-versed and experienced with commercial security assessments, audits, penetration testing, risk assessments, and incident response.  We have performed penetration tests and assessments for numerous industries, including aerospace & defense, education, healthcare, financial, energy, and oil & gas.  Our extensive experience in high-risk and complex environments ensures we are prepared to test your environment, regardless of the risk-level or complexity.  We’ve been tested under fire.

  • Arctic Wolf Networks
    Booth: 304

    Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOC™ service is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting, and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit  https://www.arcticwolf.com.

  • ASIS
    Booth: TBD

    ASIS International is the world’s largest membership association for security professionals. With hundreds of chapters across the globe, ASIS is recognized as the premier source for learning, networking, standards, and research. ASIS ensures its members and the security community have access to the intelligence and resources necessary to protect their people, property, and information assets. www.asisonline.org

  • CensorNet
    Booth: 216

    CensorNet provides a multi-channel, multi-layered approach to securing the cloud via its purpose-built platform. CensorNet delivers integrated web security, email security, CASB and multi factor authentication to provide security focused visibility and control of an organization’s assets.

  • Check Point Software Technologies
    Booth: 100

    Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • Cisco
    Booth: 316

    Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.

  • CloudPassage
    Booth: 206

    CloudPassage® Halo® is the world’s leading agile security platform that provides instant visibility and continuous protection for servers in any combination of data centers, private clouds and public clouds. Halo uses minimal system resources; so layered security can be deployed right at every workload – servers, instances and containers.

  • CrowdStrike
    Booth: 101

    CrowdStrike sets the standard for cybersecurity in the cloud era. The CrowdStrike Falcon® platform protects and enables the people, processes, and technologies that drive modern enterprise, delivering superior protection, better performance, reduced complexity, and immediate time-to-value. CrowdStrike secures the most critical areas of enterprise risk—endpoints and cloud workloads, identity, and data—to keep organizations ahead of today’s adversaries and stop breaches.

  • Cylance
    Booth: 300

    Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.

  • Darktrace
    Booth: 112

    Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.

    The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.

  • Booth: 108
  • DeSales University Cyber Security Program
    Booth: 212

    DeSales University offers an exciting digital forensics certificate program, composed of four courses, that teaches students how to recover evidence from various types of electronic devices. Students receive hands-on experience with popular forensic tools and are prepared to address the legal and investigative issues involved with seizing and handling digital evidence. Graduates of the certificate program can add more courses toward a master’s degree in criminal justice or information systems. All courses are online, allowing students with busy schedules greater flexibility.

  • Electronic Crimes Task Force
    Booth: 404

    The role of the U.S. Secret Service has gradually evolved since the agency’s 1865 inception, from its initial mandate — suppressing the counterfeiting of U.S. currency — to protecting the integrity of the nation’s financial payment systems. During this time, as methods of payment have evolved, so has the scope of the Secret Service’s mission. Computers and other chip devices are now the facilitators of criminal activity or the target of such, compelling the involvement of the Secret Service in combating cyber crime. The perpetrators involved in the exploitation of such technology range from traditional fraud artists to violent criminals – all of whom recognize new opportunities to expand and diversify their criminal portfolio.

  • Fidelis Cybersecurity
    Booth: 104

    Fidelis Cybersecurity is a leading provider of threat detection, hunting and response solutions. Fidelis combats the full spectrum of cyber-crime, data theft and espionage by providing full visibility across hybrid cloud / on-prem environments, automating threat and data theft detection, empowering threat hunting and optimizing incident response with context, speed and accuracy.

    By integrating bi-directional network traffic analysis across your cloud and internal networks with email, web, endpoint detection and response, and automated deception technology, the Fidelis Elevate platform captures rich metadata and content that enables real-time and retrospective analysis, giving security teams the platform to effectively hunt for threats in their environment. Fidelis solutions are delivered as standalone products, an integrated platform, or as a 24×7 Managed Detection and Response service that augments existing security operations and incident response capabilities. Fidelis is trusted by Global 1000s and Governments as their last line of defense. Get in the hunt. For more information go to www.fidelissecurity.com.

  • GuidePoint Security LLC
    Booth: 101

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

  • HTCIA Delaware Valley Chapter
    Booth: 402

    The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge, about methods, processes, and techniques relating to investigation and security in advanced technologies among its membership.

    By becoming a member of the HTCIA you will affiliate yourself with a professional organization which will help you fully understand and address issues associated with investigations, apprehensions and methodologies associated with the newest breed of high tech criminals. With the explosion in use of computers and the Internet, there is an uprising in criminal activities that utilize these powerful tools. From computer viruses to data processing fraud, there are many growing threats that expose our society to a new kind of criminal activity.

  • Philadelphia InfraGard Members Alliance
    Booth: 406

    InfraGard is a partnership between the FBI and the private sector. It is an association of people from businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. Philadelphia InfraGard Members Alliance (IMA) provides a forum for the exchange of information between the government, the owners and operators of the national infrastructure, and others concerned with the protection of the national infrastructure. Philadelphia IMA supports eastern Pennsylvania and southern New Jersey. Membership is free and new members are welcome.

  • ISACA Philadelphia
    Booth: 322

    The Philadelphia Chapter of ISACA has a membership base of more than 1,600 individuals primarily located in the Philadelphia and the surrounding suburbs, extending into Delaware and Southern New Jersey. The membership of the Chapter includes professionals working in various industries and capacities. From students through experienced C-level executives, the Philadelphia Chapter provides, training, networking and social events to this diverse group who share the common goal of providing expertise in IT audit, security, risk, and governance topics to their colleagues. The Chapter conducts events on a monthly basis led by an active, vibrant and dedicated group of volunteers and is actively seeking business partners to help provide value and knowledge to its members.

  • ISC2
    Booth: TBD

    ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, ISC2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation, The Center for Cyber Safety and Education™.

  • ISSA Delaware Valley
    Booth: 502

    Our chapter serves the Delaware Valley and Mid-Atlantic region. This is comprised of Eastern Pennsylvania, Northern Maryland, Southern New Jersey, and Delaware.
    We are making history as we continue to grow the chapter with your membership, and bring exciting programs to you. If you have not already been involved in the membership meetings, we encourage you to do so. Hopefully, you will walk away with more ideas to take back to your organizations, or you may come away with a sense of – “Hey, we had that same problem”, or “Our company is not alone in dealing with these issues.”

  • LogRhythm
    Booth: 208

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • OWASP
    Booth: 320

    The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

  • PACT
    Booth:

    Philadelphia Alliance for Capital and Technologies (PACT)’s vision is to be the go-to resource for fast growing companies, and a driver of entrepreneurship and innovation in the Philadelphia region. PACT provides its members with valuable content and connections to capital, coaching, and customers that will accelerate their growth and success, and to collaborate with other organizations to drive innovation and entrepreneurship in the region. Visit www.philadelphiapact.com for more information.

  • Preempt Security
    Booth: 101

    Preempt delivers a modern approach to authentication and securing identity in the Enterprise. Using patented technology for Conditional Access, Preempt helps Enterprises optimize Identity hygiene and stop attackers and insider threats in real-time before they impact business. Preempt continuously detects and preempts threats based on identity, behavior and risk across all cloud and on-premises authentication & access platforms. This low friction and more prescriptive approach empowers security teams more visibility & control over accounts and privileged access, achieve compliance and auto-resolve incidents. Learn more:  www.preempt.com.

  • Radware
    Booth: 210

    Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.

  • Reduxio
    Booth: 308

    There has been no fundamental innovation in data management for primary storage for the last two decades. In 2012, a group of storage industry veterans founded Reduxio with the vision to redefine data management and protection by taking advantage of new processing, networking and media technologies.

    Reduxio’s new line of enterprise flash storage solutions based on the revolutionary TimeOS storage operating system, provides breakthrough storage efficiency and performance, and the unique ability to recover data to any second, far exceeding anything available today.

    Headquartered in South San Francisco, CA, Reduxio is backed by Seagate Technology, Intel Capital, JVP and Carmel Ventures.

  • RSA a Dell Technologies Company
    Booth: 101

    RSA Business-Driven Security™ solutions provide organizations with a unified approach to managing digital risk that hinges on integrated visibility, automated insights and coordinated actions.  With solutions for rapid detection and response, user access control, consumer fraud protection, and integrated risk management, RSA customers can thrive and continuously adapt to transformational change.

  • SailPoint
    Booth: 310

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • Santander
    Booth: 118

    We are Santander Bank, N.A.– one of the country’s top retail banks by deposits and a wholly owned subsidiary of one of the most respected banks in the world: Banco Santander. Our parent company, Santander Group, serves more than 100 million customers in the United Kingdom, Latin America, and Europe. Here in the Northeast, we are a team of 9,800 individuals all committed to a single mission: to help you make progress toward your goals. We aim to make your banking hassle-free by providing simple ways for you to spend, save and manage your money.

  • SecureAuth
    Booth: 302

    SecureAuth enables the most secure and passwordless, continuous authentication experience for everyone, everywhere. The patented AI/ML technology allows frictionless access to any file and any application across your heterogenous environment. The platform extends the security of your IdP or it can be used as an end-to-end solution.

  • Securonix
    Booth: 306

    Securonix is redefining threat detection and response for today’s hybrid cloud, data-driven enterprise. Securonix Next-Gen SIEM and XDR are powered by the most advanced analytics and built on a scalable, flexible cloud native architecture. Securonix leverages behavioral analytics technology that pioneered the UEBA category to reduce noise, prioritize high fidelity alerts, and enable fast and precise response to insider and cyber threats.

  • Splunk
    Booth: 101

    Splunk helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application incidents from becoming major issues, absorb shocks from digital disruptions and accelerate digital transformation.

  • Varonis
    Booth: 101

    Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • Synopsys
    Booth: 214

    Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

  • TechTarget
    Booth: TBD

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Trend Micro
    Booth: 202

    Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.

  • Unisys
    Booth: 208

    Unisys is a global information technology company that specializes in providing industry-focused solutions integrated with leading-edge security to clients in diverse markets. Unisys combines experienced security consulting, Stealth micro-segmentation security solutions and efficient managed security services to deliver dramatic improvement in security posture and operational efficiencies.
    Visit http://unisys.com/security for more information.

  • Venafi
    Booth: 312

    Venafi is the cybersecurity market leader in machine identity management, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, SSH, code signing, mobile and IoT. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise—on premises, mobile, virtual, cloud and IoT—at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.

    With more than 30 patents, Venafi delivers innovative solutions for the world’s most demanding, security-conscious Global 5000 organizations and government agencies, including the top five U.S. health insurers; the top five U.S. airlines; the top four credit card issuers; three out of the top four accounting and consulting firms;  four of the top five U.S. retailers; and the top four banks in each of the following countries: the U.S., the U.K., Australia and South Africa. Venafi is backed by top-tier investors, including TCV, Foundation Capital, Intel Capital, QuestMark Partners, Mercato Partners and NextEquity.

    For more information, visit: www.venafi.com.

  • WatchGuard
    Booth: 204

    WatchGuard offers industry-leading network security, secure Wi-Fi, and multi-factor authentication solutions to businesses around the world. In a world where the threat landscape is constantly evolving, and new threats emerge each day, WatchGuard provides robust security in a simple, easy-to-manage way.

  • EC-Council
    Booth: TBD

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    John O'Leary
    President, CISSP, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award.

  • speaker photo
    Joan Antokol
    Partner, Park Legal LLC

    Joan has experience as an in-house global privacy officer for a Fortune 500 company, and also served as a Partner and chair of the data privacy practice for a large international law firm. Since 2010, she has operated her own law firm, Park Legal, LLC, with offices in New Jersey and Indianapolis. Since 2003, Joan has been invited to be a member of the International Working Group on Data Protection in Technology (IWGDPT), which is an international group of data protection regulators chaired by the Berlin Data Protection Commissioner. Joan has also presented multiple times at the International Data Protection Commissioners' Conferences and has written a number of articles on data protection and security topics.

  • speaker photo
    Phil Curran
    CISO & CPO, Cooper University Health Care

    Phil Curran has more than 25 years of experience in information security and privacy in the military, government and private sectors. As the Chief Information Assurance Officer and Chief Privacy Officer at Cooper University Health Care in Camden NJ, he is responsible for managing governance and regulatory compliance, risk assessment and management, threat intelligence and vulnerability assessment, privacy and security investigations, business continuity, and awareness and training. He has served on the Health Information Trust Alliance (HITRUST) task force to integrate privacy controls in the Common Security Framework and the development of the ISC2 Health Care Information Security and Privacy Practitioner. Phil serves on the Executive Committee for Secure World – Philadelphia and the Philadelphia and New Jersey Chapters of the CISO Executive Network. He has spoken on Information Security and Privacy issues at Secure World and HIMSS Privacy and Security.

  • speaker photo
    Dr. Bryan S. Cline
    VP Standards & Analytics, HITRUST

    As the VP of Standards and Analytics at HITRUST, Dr. Bryan S. Cline provides thought leadership for the continuing development of the HITRUST CSF and related methodologies—healthcare’s de facto information protection standard and basis for NIST Cybersecurity Framework implementation in the industry—and the ‘Father’ of (ISC)2’s HCISPP credential.

  • speaker photo
    Jon Clay
    Director, Global Threat Communications, Trend Micro

    Jon Clay has worked in the cybersecurity space for over 21 years. He is responsible for managing marketing messages and external publication of all the threat research and intelligence within Trend Micro as well as different core technologies. As an accomplished public speaker with hundreds of speaking sessions around the globe, Jon focuses on the threat landscape and the use of big data in protecting against today’s sophisticated threats. Jon is also a volunteer speaker for the Trend Micro Internet Safety for Kids and Families program.

  • speaker photo
    Jared S. Hosid
    Senior Counsel, U.S. Dep't of Justice, Criminal Division, Computer Crime and Intellectual Property Section

    Jared Hosid is Senior Counsel in the U.S. Department of Justice’s Computer Crime and Intellectual Property Section, where he focuses on cybersecurity, electronic surveillance, and the growing challenge in obtaining lawful access to electronic evidence in criminal investigations. Jared also investigates cases involving various types of cybercrime and has been involved in DOJ’s application of the Cybersecurity Information Sharing Act. Jared previously clerked in DC federal court and was a litigator at Dechert and Crowell & Moring.

  • speaker photo
    John O'Leary
    President, CISSP, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award.

  • speaker photo
    Jeff Moncrief
    Systems Engineering Manager, Cisco

    Jeff Moncrief is a Systems Engineering Manager at Cisco. Jeff has over 17 years of Information Security Industry experience, holding leadership roles in Support, Sales Engineering and Pre/Post-Sales Technical Account Management.  Jeff’s specializations include compliance, vulnerability management, incident response and security architecture.  

  • speaker photo
    Steven Dougherty
    Sales Engineer, Gigamon
  • speaker photo
    Alex Petrow
    VP Information Security & Compliance, Ascensus
  • speaker photo
    Chris Hoff
    Field Product Manager, Cisco

    Chris Hoff is a Field Product Manager with over 20 years in network and information security operations, sales and marketing. During this time Chris has helped numerous organizations build and manage their IT operations. In his current role, he helps educate organizations on the current threat landscape and understand how they can pro-actively mitigate and manage risk.

  • speaker photo
    Joan Antokol
    Partner, Park Legal LLC

    Joan has experience as an in-house global privacy officer for a Fortune 500 company, and also served as a Partner and chair of the data privacy practice for a large international law firm. Since 2010, she has operated her own law firm, Park Legal, LLC, with offices in New Jersey and Indianapolis. Since 2003, Joan has been invited to be a member of the International Working Group on Data Protection in Technology (IWGDPT), which is an international group of data protection regulators chaired by the Berlin Data Protection Commissioner. Joan has also presented multiple times at the International Data Protection Commissioners' Conferences and has written a number of articles on data protection and security topics.

  • speaker photo
    Tony Meholic
    Director of Cybersecurity / CISO, The Bancorp Bank

    Anthony is currently Director of Cybersecurity, Chief Security Officer at The Bancorp Inc. in Wilmington, Delaware. He has worked extensively with application development including creation of simulation software for emergency medical providers, work with local government agencies on EMS trending and metrics and customized user interfaces for medical diagnostic software. His experience in Information Security at The Bancorp, JPMorgan Chase, Citibank and Republic Bank in Philadelphia included detailed work on encryption key management, security reviews, risk assessments and security testing for financial institutions. He has been responsible for the creation and implementation of numerous information security programs such as: Mapping of the Cybersecurity program to the NIST Cybersecurity Framework and FFIEC Self-Assessment Tool, Vendor Management, project security reviews, customized encryption key management, establishment of an internal penetration testing program, comprehensive risk assessment, and vulnerability management. Anthony is a graduate of Michigan State University and has over 20 years of IT experience. He is a regular speaker at international information security conferences and is a frequent trainer for a variety of federal agencies. Anthony has authored numerous articles for Tech Target, Information Security Magazine and Hackin9 Magazine.

  • speaker photo
    Ralph DeFrangesco
    Professor, Drexel University

    Ralph is a professor at Drexel University and a cybersecurity consultant.

  • speaker photo
    Stephanie J. DeFrangesco
    CEO, DataTech

    Stephanie is the CEO of DataTech, a cybersecurity company providing security analysis

  • speaker photo
    Gerardo Cruz
    Electrical Engineer, Security Consultant

    Gerardo is an Electrical Engineer and security consultant.

  • speaker photo
    Thomas Pace
    VP, Global Enterprise Solutions, BlackBerry

    Thomas Pace has an extensive background in building incident response programs, policies, procedures and playbooks at multiple top-tier organizations. Thomas has 11 years of security experience in various fields including physical security, intelligence gathering and analysis, sensitive site exploitation, incident response, intrusion analysis, and endpoint and network forensics. Thomas also has extensive experience in conducting assessments against various NIST special publications such as 800-53 and 800-171. Thomas is also currently an Adjunct Professor at Tulane University where he has developed a portion of the Homeland Security Studies program curriculum centered on cybersecurity. Thomas also currently provides guidance and expertise to the New Orleans cloud security community as the Louisiana Cloud Security Alliance Co-Chair.

    Thomas served as a Senior Cybersecurity Engineer at Fluor Federal Petroleum Operations, a Department of Energy contractor supporting the Strategic Petroleum Reserve worth billions of dollars. In this role, Thomas was the lead incident response official and was responsible for ensuring all incidents were appropriately identified, contained and remediated in a timely manner and reported to proper authorities if necessary. Additionally, Thomas was responsible for conducting intrusion analysis and threat hunting on a daily basis to ensure the organization was not breached. While conducting a multitude of analyses based on intrusions and incidents, Thomas built a multitude of playbooks and processes so junior technical personnel could also conduct analyses in an efficient manner.

    Thomas served in the United States Marine Corps as an infantryman and intelligence specialist. During this time, Thomas deployed to both Iraq and Afghanistan as part of the Marine Corps.

    Thomas holds an M.S. in Information Science with a concentration in Information Assurance. Thomas also possesses multiple certifications such as GIAC GCIH, GCFA, GCIA, GICSP and GCWN. Thomas also is a Sourcefire certified professional, CISSP, and possesses CNSS 4011, 4012, 4013, 4014 and 4015.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    John O'Leary
    President, CISSP, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    John O'Leary
    President, CISSP, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award.

  • speaker photo
    Matthew Perry
    Experienced Manager, Grant Thornton’s Risk Advisory Services

    Matt has over 25 years Information Technology (IT) experience; 12 years in Information and Cyber Security. Prior to joining Grant Thornton, Matt served 8 years as the Director of Information and Cyber Security for a global manufacturing and energy production company. While there he was responsible for the design, application and oversight of the company’s Information Security Management System (ISMS), implementation and management of a fully functional 24x7/365 cyber security operations center, security tools evaluation and purchase, policy and procedure development, critical design reviews, and employee security awareness and training.

  • speaker photo
    John Grim
    Head of Research, Development, Innovation, Verizon Threat Research Advisory Center

    John has over 17 years of experience investigating, and leading teams investigating, data breaches and cybersecurity incidents within the government and civilian security sectors. Currently, John heads the Verizon Threat Research Advisory Center (VTRAC) research, development, and innovation effort. In this role, he focuses on researching cybersecurity incidents, performing digital forensic examinations, advising on data breach containment and eradication efforts, and creating data breach response preparedness training and breach simulation exercises for customers worldwide. Prior to joining Verizon, John served 12 years with the U.S. Army investigating security-related incidents with eight years specifically focused on network intrusion investigations and forensic examinations.

  • speaker photo
    Chris Shull
    vCISO, Salem Medical Center

    Chris Shull (CISSP, CIPP/E, CIPP/US, CIPM, FIP) is the vCISO for Salem Medical Center, vCISO and vDPO for several other organizations, and an Information Security and Privacy consultant and advisor.

    With over 35 years in IT, information security, and privacy, Chris specializes in Keeping Information Security Simple so businesses can understand and manage their real-world risks. He has a B.A. in Economics and Mathematics from the University of Pennsylvania, and an M.A. in Operations and Information Management from the Wharton School.

    In his free time, Chris is redecorating his office, gardening, trying to stay fit, volunteering on community non-profit boards, and reading science fiction, fantasy, and westerns. He is looking forward to us all getting past or on top of COVID-19 so he can resume playing and refereeing soccer, practicing Shotokan Karate and Jujitsu, and taking square dancing lessons.

  • speaker photo
    Thomas Handlon
    Chief Information Security Officer, Kennedy Health System

    Thomas Handlon - Chief Information Security Officer at Kennedy Health System, NJ. Thomas (Tom) Handlon is the chief information security officer at Kennedy Health System in NJ. Prior to Kennedy, he was director of information security at American Realty Capital, a financial investment firm. Tom has almost 20 years’ experience in information technology and holds a MS in Information Assurance and Cybersecurity from Western Governors University.

  • speaker photo
    Christopher Hadnagy
    CEO, Social-Engineer, Inc.

    Christopher Hadnagy, is the founder and CEO of Social-Engineer, LLC. Chris possesses over 16 years experience as a practitioner and researcher in the security field. His efforts in training, education, and awareness have helped to expose social engineering as the top threat to the security of organizations today.

    Chris established the world’s first social engineering penetration testing framework at www.social- engineer.org, providing an invaluable repository of information for security professionals and enthusiasts. That site grew into a dynamic web resource including a podcast and newsletter, which have become staples in the security industry and are referenced by large organizations around the world. Chris also created the first hands-on social engineering training course and certification, Advanced Practical Social Engineering, attended by law enforcement, military, and private sector professionals.

    A sought-after writer and speaker, Chris has spoken and trained at events such as RSA, Black Hat, and various presentations for corporate and government clients. Chris is also the best-selling author of three books; Social Engineering: The Art of Human Hacking, Unmasking the Social Engineer: The Human Element of Security and Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails.

    Chris has been invited to the Pentagon to debrief 30+ general officers and government officials on social engineering and its effect on the United States.

    Chris specializes in understanding how malicious attackers exploit human communication and trust to obtain access to information and resources through manipulation and deceit. His goal is to secure companies by educating them on the methods used by attackers, identifying vulnerabilities, and mitigating issues through appropriate levels of awareness and security.

    Chris is a certified Expert Level graduate of Dr. Paul Ekman’s Micro Expressions courses, having made the study of non-verbal behaviors one of his specialties. In addition, he holds certifications as an Offensive Security Certified Professional (OSCP) and an Offensive Security Wireless Professional (OSWP).

  • speaker photo
    Steve Naphy
    CIO, Morgan, Lewis & Bockius LLP

    Steve Naphy serves as Morgan Lewis's Chief Information Officer. In his role, Steve concentrates on leveraging data analytics and process to drive efficiency and effectiveness in both business operations and the delivery of legal services. He has over 20 years of experience working in information technology (IT), including previously running information security at the firm for six years. Prior to joining Morgan Lewis, Steve held significant InfoSec roles in the retail and distribution industry. He holds an M.S. in information systems from Widener University and a B.S. from Drexel University.

  • speaker photo
    Steven Weber
    Director - Isaac L. Auerbach Cybersecurity Institute, Drexel University

    Steven Weber is professor in the Department of Electrical and Computer Engineering, founding director of the Isaac L. Auerbach Cybersecurity Institute, and founding director of the Modeling and Analysis of Networks Laboratory (MAN Lab) at Drexel University.

  • speaker photo
    Michael Lipinski
    CISO and Chief Security Strategist, Securonix

    Michael J. Lipinski is CISO and chief security strategist at Securonix. He has over 28 years of experience in risk and information security, digital forensic investigations including HR interrogation, legal process support and testimony. Lipinski has helped organizations of all sizes design, build and run risk, IT governance and information security programs. He has held IT executive roles in the end user space and numerous roles in IT hardware and software organizations.

    Lipinski spent the last 8 years serving as CISO of an acquisition driven, rapidly growing marketing services and business process outsourcer. He was responsible for the development of the information security, risk, IT governance, IT CERT and insider threat programs. Prior to his role as CISO, Lipinski consulted for 15 plus years in the information security, risk and business continuity space, helping large organizations in diverse industries solve their risk and information security challenges.

    Lipinski has started and owned several IT and IT security companies. He created a new, disruptive technology that defends organizations from insider threats and took to market a patented set of insider threat focused risk analysis tools that detect unauthorized network communications from large data sources such as network flow, firewall and IDS/IPS systems.

  • speaker photo
    Robert Block
    SVP, Identity Strategy, SecureAuth

    As a Senior Vice President of Identity Strategy at SecureAuth, Robert Block is responsible for helping execute on SecureAuth’s strategic vision. Considered a thought leader in IAM, Robert interacts with customers, vendors, and leading industry analysts on the state of Identity and Access Management on a regular basis. Robert has over 19 years of results-oriented Information Technology experience - of which 15 years have been focused on Identity Management, Access Management and Access Governance solutions. Robert has an in-depth understanding of various Information Security and IT challenges and requirements across multiple industries, and has worked with a diverse set of clients ranging from Global Fortune 500s to privately held small businesses.

  • speaker photo
    Ken Pyle
    Partner, Information Security, DFDR Consulting

    Ken Pyle is a partner of DFDR Consulting specializing in Information Security, Computer Forensics, Enterprise Virtualization, and Network Engineering. Ken has an extensive background in Network Penetration and Remediation, Compliance, and exploit development. Ken has published exploit research and vulnerabilities for a large number of companies, including Dell, Cisco, Sonicwall, Sage Software, and DATTO. Ken’s academic work includes social engineering research, election interference,, application of sociology and psychological factors to phishing campaigns, and technical work on next generation attacks.

  • speaker photo
    Uday Shah
    IT Policy Risk & Compliance Manager, Fulton Financial
  • speaker photo
    Ron Winward
    Security Evangelist, North America, Radware

    As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America.
    Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
    Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
    Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
    Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation.

  • speaker photo
    Bill Kwak
    Chief Security Architect, Vaxient

    Bill Kwak has almost 20 years of combined IT and Information Security experience in the healthcare, banking & financial, government, and consulting sectors.

  • speaker photo
    Amy Mushahwar
    Data Privacy, Security, and Management Attorney

    Amy Mushahwar is a data privacy, security, and management attorney with over 15 years of experience in the technology industry in legal and engineering capacities. Amy defends companies in privacy-related matters as well as assists clients in the development of integrated digital platforms, such as cloud computing and database APIs.

  • speaker photo
    Aaron Weaver
    Director of Cloud Security, Financial Services

    Aaron Weaver has over 20 years' experience specializing in application and cloud security and providing training sessions at various international industry events. His work includes security consulting, penetration testing, threat modeling, and code reviews. Aaron also enjoys honey bees and recently has been experimenting with hive designs.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes