- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, March 23, 20227:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 3:00 pmLocation / Room: Registration Counter / LobbyCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 amAdvisory Council Roundtable Breakfast – (VIP / Invite only)Topic: Security Awareness After the PandemicOwner, Carmel Consulting LLCRegistration Level:- VIP / Exclusive
7:30 am - 8:20 amLocation / Room: Revolution Chophouse (Mezzanine)This roundtable discussion is for our Advisory Council members only. Discussion will be moderated by Cheryl Carmel.
7:30 am[PLUS Course] Privacy & Security by Design & Default: Understanding the Convergence of Law, Policy & TechnologyPart 1: Trends in the Law: An Overview of the Regulatory & Legal LandscapeFounding Partner & Owner, Fischer Law, LLCRegistration Level:- SecureWorld Plus
7:30 am - 8:30 amLocation / Room: MagnoliaAttendees are eligible to receive 18 CPE credits (including 12 CPEs from the Conference Pass).
Increasingly, each country, and even each state, is providing unique legal solutions to data privacy and security. For businesses that cross borders, both national and domestic, this creates distinct challenges to building effective solutions. These evolving privacy, security and technology requirements are impacting the growth and innovation within companies, requiring strategic decisions regarding risk, legal liability, and strategic planning.
Often, the concepts of security and privacy by design and by default are built into these legal requirements. But, understanding the requirements of the law, and translating those requirements into technological solutions can be challenging. This workshop will provide in-depth understanding of those legal requirements, and provide a framework to help the industry incorporate these core concepts of design within technology.
The course will start with an overview of general privacy and security legal and policy principles, and then will focus on two key laws that are pushing the privacy and security laws: the European Union’s General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”). Using these laws, we will discuss case studies, and how to communicate, plan, and strategize on products and solutions that incorporate privacy and security requirements.
The course will include both lecture and hands-on exercises. The goal is for attendees to take away tools and strategies to bring this conversation to their teams and departments.
7:30 am[PLUS Course] Hands-on Introduction to Digital ForensicsPart 1: Electronic EvidenceM.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales UniversityRegistration Level:- SecureWorld Plus
7:30 am - 8:30 amLocation / Room: MapleAttendees will learn how to properly seize and analyze electronic evidence. The course will cover protecting the integrity of digital evidence, maintaining the chain of custody, creating forensic images, analyzing evidence, and reporting relevant findings. Students will have the opportunity to participate in practical exercises to gain hands-on experience with handling electronic evidence and using digital forensics tools. Attendees will be provided with resources that they can use when handling incidents that involve electronic evidence.
Part 1: Electronic Evidence
- Crimes involving electronic devices
- Introduction to electronic evidence
- Introduction to digital forensics
- Differences in digital forensics involving criminal cases, civil cases, and administrative issues
Part 2: Preparing to Conduct Forensic Examinations
- Hardware requirements
- Digital forensics software tools
- Open source tools vs. commercial tools
- Setting up a forensic lab
Part 3: Acquiring Forensic Evidence
- Techniques for properly seizing electronic evidence
- Managing chain of custody
- Maintaining the integrity of evidence and preventing evidence destruction
- Creating a forensic image
- Forensic imaging tools
- Capturing volatile memory
Part 4: Analyzing Forensic Evidence
- Analyzing evidence
- Recovering deleted files
- Useful forensic artifacts
- Creating forensic reports
- Testifying in court
8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 3:00 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:30 am[Opening Keynote] Three CISOs Walk into a BarCISO, CSCCISO, TrinseoVP, CISO, TE ConnectivityCISO, ChristianaCare Health SystemRegistration Level:- Open Sessions
8:30 am - 9:15 amLocation / Room: Keynote TheaterLet’s face it, cyber is tough and the need to be always on is, well, always on. However, come pull up a chair and join in on the conversation as three local CISOs across three verticals discuss best practices across a wide range of topics to include personal branding, executive messaging, tech implementation tips, and more.
9:15 amNetworking BreakRegistration Level:- Open Sessions
9:15 am - 9:45 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
9:45 amHow to Remediate at Scale with Zero Impact on Your Configuration Security GapsDirector of Security Services, NovacostCo-Founder & CEO, CISO, GytpolRegistration Level:- Open Sessions
9:45 am - 10:30 amLocation / Room: Laurel EastYour endpoints are the entry points for threat actors. How to implement a Configuration Security Management platform which automatically remediates with zero impact your misconfigurations and human errors. Finally, maintaining better cyber hygiene is no longer a costly or timely chore.
9:45 amBuilding a Better TeamDirector of Information Security, ChristianaCareRegistration Level:- Conference Pass
9:45 am - 10:30 amLocation / Room: Laurel WestKey take-away:
An understanding of what it takes to create an excellent information security team.Presentation Level:
MANAGERIAL (security and business leaders)9:45 amA Floppy Disk, the Internet, and a Threat HunterSr. Sales Engineer Manager, GigamonSr. Manager, Customer Success Security Team, GigamonRegistration Level:- Open Sessions
9:45 am - 10:30 amLocation / Room: Parkview BallroomA brief overview of the history of ransomware, going from one of the first initial known attacks to modern day. Giving you an understanding how the model has changed from an opportunistic smash and grab method to a low and slow targeted approach, to include ransomware-as-a-service. Discussing assets that are needed by the threat hunter in the organization to identify and resolve the threat in an environment before and after an organization is targeted by a ransomware organization.
10:40 amSocial Media & Security: What Are the Risks for Security Staff?Chief Risk and Innovation Officer, MRS BPO, LLCRegistration Level:- Conference Pass
10:40 am - 11:25 amLocation / Room: Laurel East10:40 amContinuous Security ComplianceDirector of Cloud Security, Financial ServicesRegistration Level:- Conference Pass
10:40 am - 11:25 amLocation / Room: Parkview BallroomOne of the least exciting tasks in security is providing compliance evidence to auditors and periodically validating security controls manually. Surely we can do better than taking screenshots and uploading evidence to a compliance portal. This talk focuses on using an open source tool that utilizes drag and drop API integration to automate common security compliance tasks. There will be a demo and link to integrations with common security tools so that you can start automating your compliance tasks today.
10:40 amPCI 4.0: What Is Coming?Director, Audit and Compliance, CipherTechs, Inc.Registration Level:- Open Sessions
10:40 am - 11:25 amLocation / Room: Laurel WestPCI 4.0 is coming out at the end of first quarter 2022. There are many changes that are involved with wording, testing, and the forms for submission. This session will talk about some of the changes that may affect you for the SAQs and the ROCs, such as what additional documentation and activities you will need prior to having PCI 4.0 implemented by the end of 2024 going into 2025.
11:30 am[Lunch Fireside Chat] BEC Attacks, Crypto, and the Investigative Powers of the Secret ServiceAssistant to the Special Agent in Charge, United States Secret ServiceFinancial Fraud Investigator, Global Investigative Operations Center, U.S. Secret ServiceAssistant to the Special Agent in Charge, U.S. Secret ServiceFounding Partner & Owner, Fischer Law, LLCRegistration Level:- Open Sessions
11:30 am - 12:30 pmLocation / Room: Keynote Theater11:30 amAdvisory Council Lunch Roundtable (VIP / Invite Only)Topic: Evaluating Today's Threats and Security ControlsSr. Security Architect, SecureWorks12:30 pmNetworking BreakRegistration Level:- Open Sessions
12:30 pm - 1:00 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:00 pm[Panel] Cloud: Doing More with LessSenior Sales Engineer, Open SystemsGlobal Director, Channel Solutions Engineering, CyberArkSr. Sales Engineer, Orca SecuritySecurity Engineering Manager, Check PointSr. Solutions Architect, SecuronixRegistration Level:- Open Sessions
1:00 pm - 1:50 pmLocation / Room: Laurel EastThe cloud saved many businesses when the pandemic hit. Some were already there and found new ways to thrive. For others, it was their first jump. It’s been almost two years now. Our panel will share what we’ve learned in this journey to the cloud—from doing more with less, to the ever-present insider threat risk, to supporting our DevOps teams like never before.
1:00 pm[Panel] The Current Threat LandscapeArea Vice President, Security Strategy, DeepwatchSr. Account Executive, HoxhuntDirector, Solutions Engineering and Alliances, AutomoxPrincipal Security Engineer, Salt SecurityField CISO, Abnormal SecurityRegistration Level:- Open Sessions
1:00 pm - 1:50 pmLocation / Room: Keynote TheaterIf we’ve learned one thing from the pandemic it’s that cybercriminals do not take breaks. They are constantly retooling and trying new approaches. They collaborate—often better than we do. It is time for us to join forces, identify the most likely of risks to our organizations, and strengthen our networks. We’ve got to get our developers on board, as well, as it’s got to be secure before it goes to market. And what about all the careless clicking from employees?
It’s a huge task, but we don’t have to do it alone. Join our panel of experts as they unpack the current threat landscape and offer ideas on how to start making effective changes within your organization.
2:00 pmCloud Security Alliance Member MeetingTopic: Cloud Security Certification | Open to all attendeesSr. Solutions Architect, Security Specialist, Cloud Security Alliance Delaware ValleyRegistration Level:- Open Sessions
2:00 pm - 2:45 pmLocation / Room: Parkview BallroomSpecial presentation on Cloud Security Certification by Vana Khurana, Board Member and Director of Training for CSA Delaware Valley Chapter
2:00 pmBenchmarking Your Cybersecurity ProgramLeader in Cybersecurity Strategy, Innovation, and EconomicsRegistration Level:- Conference Pass
2:00 pm - 2:45 pmLocation / Room: Laurel WestKey take-away:
The audience will learn how to measure the benefits and costs of its cybersecurity program.For years, enterprises have recognized the need for a cybersecurity program, but it can be very difficult to measure its value. Implementing “best practices” is often an exercise in futility, compliance audits are too general and subjective, and everybody seems to have their own notion of what works. Using data from the audience, this session will review the ways an organization can benchmark its security program to gain deeper insight into its functional costs and benefits.
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)2:00 pmMITRE ATT&CK FrameworkCISO, Flagship Credit AcceptanceRegistration Level:- Conference Pass
2:00 pm - 2:45 pmLocation / Room: Laurel EastThis powerful tool provides a language to define, track, and categorize attacker tactics, techniques, and procedures (TTPs). It can also be used to gain a deeper understanding of how, why, and when attackers may abuse a technique. By combining threat actor intelligence with the ATT&CK “dictionary,” you can add critical context to your detections to increase the effectiveness of your security controls tests and the fidelity of your results.
2:45 pmNetworking BreakRegistration Level:- Open Sessions
2:45 pm - 3:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
3:15 pmAccessIT - How Does Your Crisis Management Playbook Stack up During a Real-World Conflict?CISO, AfinitiVP, Professional Services, AccessIT GroupVP, CISO, TE ConnectivityPresident, The Palatin Group LTDManaging Director, Palatin Group SKRegistration Level:- Open Sessions
3:15 pm - 4:00 pmLocation / Room: Keynote TheaterWith the threat of cyberwarfare looming stateside, is your company prepared for the possible digital infrastructure and data attacks against them? Hear Andrew Smeaton, CISO for DataRobot, share his experiences of executing a crisis management plan in the midst of real-time warfare. Andy will be joining us to share what he has witnessed happen on the ground in Ukraine and discuss with fellow CISO panelists how InfoSec executives are pivoting their cyber skills to aid in humanitarian efforts and why your organization should be reviewing your crisis management playbook to adapt to conflict in real-time.
3:15 pmISACA Philadelphia Chapter MeetingOpen to all attendeesCEO, SEVN-XRegistration Level:- Open Sessions
3:15 pm - 4:00 pmLocation / Room: Parkview BallroomCome join chapter members to network, learn about ISACA, and meet your local chapter board members.3:15 pm[PLUS Course] Privacy & Security by Design & Default: Understanding the Convergence of Law, Policy & TechnologyPart 2: Privacy by Design & by Default: The Legal & Policy RequirementsFounding Partner & Owner, Fischer Law, LLCRegistration Level:- SecureWorld Plus
3:15 pm - 4:30 pmLocation / Room: MagnoliaIncreasingly, each country, and even each state, is providing unique legal solutions to data privacy and security. For businesses that cross borders, both national and domestic, this creates distinct challenges to building effective solutions. These evolving privacy, security and technology requirements are impacting the growth and innovation within companies, requiring strategic decisions regarding risk, legal liability, and strategic planning.
Often, the concepts of security and privacy by design and by default are built into these legal requirements. But, understanding the requirements of the law, and translating those requirements into technological solutions can be challenging. This workshop will provide in-depth understanding of those legal requirements, and provide a framework to help the industry incorporate these core concepts of design within technology.
The course will start with an overview of general privacy and security legal and policy principles, and then will focus on two key laws that are pushing the privacy and security laws: the European Union’s General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”). Using these laws, we will discuss case studies, and how to communicate, plan, and strategize on products and solutions that incorporate privacy and security requirements.
The course will include both lecture and hands-on exercises. The goal is for attendees to take away tools and strategies to bring this conversation to their teams and departments.
3:15 pm[PLUS Course] Hands-on Introduction to Digital ForensicsPart 2: Preparing to Conduct Forensic ExaminationsM.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales UniversityRegistration Level:- SecureWorld Plus
3:15 pm - 4:30 pmLocation / Room: MapleAttendees will learn how to properly seize and analyze electronic evidence. The course will cover protecting the integrity of digital evidence, maintaining the chain of custody, creating forensic images, analyzing evidence, and reporting relevant findings. Students will have the opportunity to participate in practical exercises to gain hands-on experience with handling electronic evidence and using digital forensics tools. Attendees will be provided with resources that they can use when handling incidents that involve electronic evidence.
Part 2: Preparing to Conduct Forensic Examinations
- Hardware requirements
- Digital forensics software tools
- Open source tools vs. commercial tools
- Setting up a forensic lab
4:00 pmHappy HourSponsored by AccessIT GroupRegistration Level:- Open Sessions
4:00 pm - 5:00 pmCome by the AccessIT Partner Pavilion on the Exhibitor Floor to pick up your drink ticket. The onsite location will be announced during the lunch keynote.
Join your peers for complimentary hors d’oeuvres, beverages, and conversation following the first day of SecureWorld. This is a great opportunity to network with other security professionals from the area, and to discuss the hot topics from the day.
- Thursday, March 24, 20227:00 amRegistration openRegistration Level:7:00 am - 3:00 pmLocation / Room: Registration Counter / Lobby
Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 amInfraGard Chapter MeetingOpen to all attendeesRetired U.S. Army, former member of the Intelligence CommunityRegistration Level:- Open Sessions
7:30 am - 8:20 amLocation / Room: Parkview BallroomDelbert Roll will provide a preview of the session he will be delivering at the Philadelphia InfraGard all-day training event in June 2022. At that session, Mr. Roll will discuss how the intelligence community supports national security, the protection of U.S. critical infrastructure, and how partnerships are invaluable to the mission of the intelligence community.
7:30 am[PLUS Course] Privacy & Security by Design & Default: Understanding the Convergence of Law, Policy & TechnologyPart 3: Operationalizing Privacy by Design & by DefaultFounding Partner & Owner, Fischer Law, LLCRegistration Level:- SecureWorld Plus
7:30 am - 8:30 amLocation / Room: MagnoliaIncreasingly, each country, and even each state, is providing unique legal solutions to data privacy and security. For businesses that cross borders, both national and domestic, this creates distinct challenges to building effective solutions. These evolving privacy, security and technology requirements are impacting the growth and innovation within companies, requiring strategic decisions regarding risk, legal liability, and strategic planning.
Often, the concepts of security and privacy by design and by default are built into these legal requirements. But, understanding the requirements of the law, and translating those requirements into technological solutions can be challenging. This workshop will provide in-depth understanding of those legal requirements, and provide a framework to help the industry incorporate these core concepts of design within technology.
The course will start with an overview of general privacy and security legal and policy principles, and then will focus on two key laws that are pushing the privacy and security laws: the European Union’s General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”). Using these laws, we will discuss case studies, and how to communicate, plan, and strategize on products and solutions that incorporate privacy and security requirements.
The course will include both lecture and hands-on exercises. The goal is for attendees to take away tools and strategies to bring this conversation to their teams and departments.
7:30 am[PLUS Course] Hands-on Introduction to Digital ForensicsPart 3: Acquiring Forensic EvidenceM.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales UniversityRegistration Level:- SecureWorld Plus
7:30 am - 8:30 amLocation / Room: MapleAttendees will learn how to properly seize and analyze electronic evidence. The course will cover protecting the integrity of digital evidence, maintaining the chain of custody, creating forensic images, analyzing evidence, and reporting relevant findings. Students will have the opportunity to participate in practical exercises to gain hands-on experience with handling electronic evidence and using digital forensics tools. Attendees will be provided with resources that they can use when handling incidents that involve electronic evidence.
Part 3: Acquiring Forensic Evidence
- Techniques for properly seizing electronic evidence
- Managing chain of custody
- Maintaining the integrity of evidence and preventing evidence destruction
- Creating a forensic image
- Forensic imaging tools
- Capturing volatile memory
8:00 amExhibitor Hall openRegistration Level:8:00 am - 3:00 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:30 am[Opening Keynote] Demystifying the Partnership with the FBISpecial Agent, FBIRegistration Level:- Open Sessions
8:30 am - 9:15 amLocation / Room: Keynote Theater9:15 amNetworking BreakRegistration Level:- Open Sessions
9:15 am - 9:45 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
9:45 amProduct Security at Scale: Lessons from ComcastVP, Product Security and Privacy, ComcastRegistration Level:- Conference Pass
9:45 am - 10:30 amLocation / Room: Laurel WestProduct security programs are intense;running a successful program at a large-scale organization like Comcast is complexity at the next level. This deep dive into the nuances of the program at Comcast will describe how tools, experts and gamification enable secure development at the scale of a Fortune 50 organization.
Attendees will hear about Comcast’s implementation of a robust product security framework and lessons learned, which are applicable to organizations of various sizes and with a range of people, process and technology challenges.
9:45 amSeize the Breach with Automation and ML-Driven AnalyticsPrincipal Security Engineer, ExabeamRegistration Level:- Open Sessions
9:45 am - 10:30 amLocation / Room: Laurel EastBreaches happen and 2021 was a record-breaking year for them. According to Identity Theft Resource Center (ITRC) research, there were 1,291 breaches publicly reported in 2021 as of Sept. 2021 compared to 1,108 breaches in 2020;that’s a 17% year-over-year increase. Meanwhile, millions are spent on security operations centers that aren’t stopping the breaches from happening.
In this session, you will learn:
- Why SOC and security teams are way too limited by legacy SIEM
- How Exabeam machine learning-driven analytics and automation technologies provide unmatched threat detection, investigation, and response (TDIR) capabilities so security teams can respond more quickly and accurately to seize the breach and mitigate damage
- What to do to make security operations more successful using a simple maturity model based on outcomes and use cases
9:45 amRemediating Critical Vulnerabilities in 12 Hours or Less: Lessons Learned from Log4jRegional Vice President, QualysRegistration Level:- Open Sessions
9:45 am - 10:30 amLocation / Room: Parkview Ballroom10:40 amIncident Response: Look Who's TalkingAmericas Lead for Human Cyber Risk and Education, EYRegistration Level:- Conference Pass
10:40 am - 11:25 amLocation / Room: Laurel WestKey Takeaway:
Learn the essential elements of crisis communications and reputation control for the cybersecurity team and the elements not exercised in most Incident Response plans.The ability to control the narrative during a cyber event will shape public perception of the company’s preparedness for a cyber event. In a cyber crisis, for everyone outside of the technical teams, perception is reality, and that reality may affect the company’s reputation long after the incident is over. Businesses have a significant reliance on technology; a breach of customer trust can be just as devastating as a network breach. Employees who are unsure of the circumstances will not hesitate to share on social media. Does the Incident Response plan account for reputation control? How will the company handle crisis communications during a cyber incident?
10:40 amDriving Business Strategy and Growth Using CybersecuritySr. Demand and Delivery Director, Data ProtectionRegistration Level:- Conference Pass
10:40 am - 11:25 amLocation / Room: Parkview BallroomTraditionally, cybersecurity is often viewed as a means to reducing risks to an organization, thwarting the attacks of threat actors and securing company assets and infrastructure. When we examine the strategic goals and objectives that organizations undertake to promote their growth and success, we can often identify the interlinkage between business objectives and the services cybersecurity provides. By shifting the focus on how cybersecurity could enable an organization to bring products to market faster, make it easier for customers to conduct business with the company, create an environment to attract and retain employees and become the vendor of choice to our customers, we can strengthen our relationship with executive leadership and board of directors, become a trusted partner to the business, serve as a trusted advisor to line of business owners and shift the paradigm of cybersecurity from risk reduction cost center to a business enablement service line. 10:40 amDeveloping Cybersecurity Programs with Framework & Architecture ConsiderationsManaging Principal - Security Services, InsightRegistration Level:- Open Sessions
10:40 am - 11:25 amLocation / Room: Laurel EastInsight’s Darren Carroll offers critical perspective on today’s most important cybersecurity concerns. He explains how organizations can begin to build a measurable, monitorable, repeatable approach to a preventive security posture with respect to both framework and architecture. Learn how an all-in approach to enterprise risk management can prevent your organization from being caught off guard—and mitigate the risks, costs, and chaos of pivoting cybersecurity on the fly.
11:30 am[Lunch Keynote] Suing the CISO and BeyondWhat's Next? And How Worried Should C-Suite Executives Be?Co-Founder & Managing Partner, XPAN Law PartnersChief Security Officer & Technology Lead, Trexin GroupRegistration Level:- Open Sessions
11:30 am - 12:30 pmLocation / Room: Keynote TheaterStarting at the end of 2020, the information security sector saw what could fairly be characterized as a seismic shift in the world of data privacy and cybersecurity as a result of the SolarWinds hacking incident. While cybersecurity and data privacy professionals hoped this would signal a change in the way organizations view that part of their business operations, it appears something different happened instead. A lawsuit arguably had been brewing for years in the industry, waiting for the right circumstances, and was finally filed against the C-Suite of SolarWinds, notably the Chief Information Security Officer (CISO). The complaint specifically, and maybe predictably, alleged in very direct language that the C-Suite intended to deceive investors into believing that SolarWinds was impenetrable against cyberattacks. The reality, we now know, is somewhat different but could nonetheless dramatically alter the way companies, and their appointed officers, view and react to assigned liability. So, there are several immediate and overarching questions currently idling, perhaps loudly, at the starting gate. Is it fair? Is this the future of cybersecurity litigation? How unpredictable will this terrain now be for information security leaders? Or better yet, for how long?
This keynote will unpack the ramifications of the SolarWinds lawsuit—along with other litigation involving the C-Suite—will have on the entire information security community, who will see long-reaching consequences to already-established practices and possibly unsettling legal fallout. We will discuss the diverse internal CISO versus outside attorney perspectives, contrasting what is fact versus fiction and hype. Lastly, we will also discuss how both organizations and industry leaders can prepare themselves to mitigate risks not related to a cyberattack while being diligent in addressing potential new liabilities wrapped with increased litigation worries in the legal sphere.
11:30 amAdvisory Council Roundtable Lunch (VIP / Invite Only)Registration Level:- VIP / Exclusive
11:30 am - 12:30 pmLocation / Room: Revolution Chophouse (Mezzanine)Moderated discussion for SecureWorld Advisory Council members. By invite only.
12:30 pmNetworking BreakRegistration Level:- Open Sessions
12:30 pm - 1:00 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:00 pm[Panel] The Battle to Control the EndpointsSr. Sales Engineer Manager, GigamonSales Engineer, ArmisVP, Professional Services, AccessIT GroupSecurity Principal, InsightCISO, UGI CorporationRegistration Level:- Open Sessions
1:00 pm - 1:50 pmLocation / Room: Laurel EastIn a recent survey, the SecureWorld media team uncovered that a whopping 30% of IT professionals admitted they didn’t actually know if they had visibility on all the endpoints within their organizations! With close to a thousand endpoints (in the majority of those surveyed) that included: servers, office PCs, printers, employee-owned devices, smart watches, IoT—the list goes on and on. What does the cloud do to impact this count? What was missed? Join our experts as they help us gain better visibility into the battle to control ALL the endpoints.
1:00 pm[Panel] Prioritizing the ThreatsDirector, Cyber Evangelist, CymulateCloud Systems Engineer, FortinetPlatform Marketing & Strategy Director, Recorded FutureHead of Product, CheckmarxPrincipal Architect, Sales Engineering, ImpervaRegistration Level:- Open Sessions
1:00 pm - 1:50 pmLocation / Room: Keynote TheaterRansomware, Business emails compromise, Cloud mis-configurations, Social Engineering, Insider Threats… the list goes on and on. The threats are everywhere. Some are new but the old ones work just as well. How do you decide which ones are of the most concern to your organization? Do you report all of these to the board? How do you provide the resources necessary to minimize the risks and still enable the business? Join our experts as they tackle how to prioritize the threats.
2:00 pmThe Intersection of Cyber Crime + Cyber Defense and What IT Practitioners Can DoBoard President/Strategic Development Committee Chair, Philadelphia InfraGardRegistration Level:- Conference Pass
2:00 pm - 2:45 pmLocation / Room: Parkview BallroomIT practitioners and cybersecurity professionals contend with cyber incidents daily. On occasion, these incidents rise to the level where they become criminal acts that require intervention over and above standard defensive measures. As part of this session, Chris Quintanilla will explore four real-life examples of criminal acts, how cybersecurity intervention either foiled the crime or identified the perpetrators, lessons that were learned, and what issues still need to be addressed by service providers and lawmakers.
2:00 pm[Panel] Cyber Resiliency in Today's Ever-Changing Threat LandscapeDevSecOps Engineering Coach, ComcastBoard President, WiCyS Delaware Valley AffiliateAssociate CISO, St. Luke's University Health NetworkSr. Consultant, North America, CSCNational Sales Executive, BTB Security, LLCEnterprise Cloud Security — Product Lead, UnitedHealth GroupRegistration Level:- Open Sessions
2:00 pm - 2:45 pmLocation / Room: Keynote TheaterKey Takeaway: Different approaches and perspectives to cyber resilience
This panel will discuss cyber resilience best practices. Why is building a cyber resilient organization important? How do you assess an organization’s cyber resilience?
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)2:45 pmNetworking Break and Dash for PrizesRegistration Level:- Open Sessions
2:45 pm - 3:15 pmLocation / Room: Exhibitor HallVisit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.
Participating sponsors will announce their Dash for Prizes winners. Must be present to win.
3:15 pmUnderstanding and Managing the Risk of Emerging TechnologyPresident, ISSA Delaware Valley ChapterRegistration Level:- Conference Pass
3:15 pm - 4:00 pmLocation / Room: Parkview BallroomTechnology is evolving at a record pace and continuing to speed up. Emerging technology such as Artificial Intelligence (AI), Robotic Process Automation (RPA), Blockchain, Internet of Things (IoT), and Quantum computing are enabling efficiency gains and business value never before imagined. More and more frequently these technologies sit on a cloud foundation which enables a considerable level of scalability and resiliency. These new technological capabilities also carry unique risks which are still being uncovered and subsequently understood. Many of these technologies require new control models while a lack of standards present the challenge of where to look for guidance.
The session will explore the risks presented by emerging technologies, as well as controls that can be employed to manage the risks, while still harnessing the unique benefits of these technological advances.
3:15 pm[PLUS Course] Privacy & Security by Design & Default: Understanding the Convergence of Law, Policy & TechnologyPart 4Founding Partner & Owner, Fischer Law, LLCRegistration Level:- SecureWorld Plus
3:15 pm - 4:30 pmLocation / Room: MagnoliaIncreasingly, each country, and even each state, is providing unique legal solutions to data privacy and security. For businesses that cross borders, both national and domestic, this creates distinct challenges to building effective solutions. These evolving privacy, security and technology requirements are impacting the growth and innovation within companies, requiring strategic decisions regarding risk, legal liability, and strategic planning.
Often, the concepts of security and privacy by design and by default are built into these legal requirements. But, understanding the requirements of the law, and translating those requirements into technological solutions can be challenging. This workshop will provide in-depth understanding of those legal requirements, and provide a framework to help the industry incorporate these core concepts of design within technology.
The course will start with an overview of general privacy and security legal and policy principles, and then will focus on two key laws that are pushing the privacy and security laws: the European Union’s General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”). Using these laws, we will discuss case studies, and how to communicate, plan, and strategize on products and solutions that incorporate privacy and security requirements.
The course will include both lecture and hands-on exercises. The goal is for attendees to take away tools and strategies to bring this conversation to their teams and departments.
3:15 pm[PLUS Course] Hands-on Introduction to Digital ForensicsPart 4: Analyzing Forensic EvidenceM.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales UniversityRegistration Level:- SecureWorld Plus
3:15 pm - 4:30 pmLocation / Room: MapleAttendees will learn how to properly seize and analyze electronic evidence. The course will cover protecting the integrity of digital evidence, maintaining the chain of custody, creating forensic images, analyzing evidence, and reporting relevant findings. Students will have the opportunity to participate in practical exercises to gain hands-on experience with handling electronic evidence and using digital forensics tools. Attendees will be provided with resources that they can use when handling incidents that involve electronic evidence.
Part 4: Analyzing Forensic Evidence
- Analyzing evidence
- Recovering deleted files
- Useful forensic artifacts
- Creating forensic reports
- Testifying in court
- Abnormal SecurityBooth: 218
Abnormal is the most precise human behavior security engine for blocking all email attacks, including phishing, malware, ransomware, social engineering, executive impersonation, supply chain compromise, internal account compromise, spam, and graymail.
Secure email gateways and built-in Microsoft and Google security struggle to block email attacks that pass reputation checks, have no URLs or attachments, and appear to come from trusted sources.Only Abnormal uses behavioral AI to profile known good behavior and analyzes over 45,000 signals to detect anomalies that deviate from these baselines, delivering maximum protection for global enterprises.
- AccessIT GroupBooth: 220
AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.
AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.
- ASIS Greater PhiladelphiaBooth: n/a
ASIS International is the preeminent organization for security professionals, with more than 38,000 members worldwide. Founded in 1955, ASIS is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programs and materials that address broad security interests.
- Armis, IncBooth: 260
Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust Armis’ unique out-of-band sensing technology to discover and analyze all managed and unmanaged devices, analyze endpoint behavior to identify risks and attacks, and protect information and systems.
- AuthomizeBooth: 330
Authomize continuously monitors your identities, access privileges, assets, and activities, in order to secure all your apps and cloud services. Our granular visibility across IaaS, SaaS, and various data services enables organizations to ensure effective control over their access privileges and the security of their assets.
- AutomoxBooth: 336
Automox tackles one of today’s biggest cybersecurity challenges: misconfigured and out-of-date systems that can easily be exploited. Legacy tools simply cannot remediate known vulnerabilities as efficiently as modern IT demands. Automox is rewriting those rules with a cloud-native endpoint hardening platform that delivers unprecedented speed, simplicity, and automation—whether it is on-prem, in the cloud, or on the move.
- Check Point Software TechnologiesBooth: 205
Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.
- Checkmarx Inc.Booth: 311
Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.
- Cloud Security Alliance Delaware Valley Chapter (CSA-DV)Booth: 236
Cloud Security Alliance Delaware Valley Chapter (CSA-DV) is a not-for-profit organization for people interested in education, training and possible certification in cloud security. We seek to improve the understanding of cloud security and to promote the interaction of both professionals and students in order to discuss current trends and topics within the industry.
OUR PURPOSE:To promote cloud security best practices within the Greater Philadelphia region, to educate about cloud computing, identify its risks, methods to secure it, and to continually provide opportunities for the development of cloud security professionals.
- Contrast SecurityBooth: 220
Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast’s patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.
- CorelightBooth: 245
Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com
- Cyber Fraud Task Force – U.S. Secret ServiceBooth: 105
Cyber Fraud Task Forces (CFTFs), the focal point of our cyber investigative efforts, are a partnership between the Secret Service, other law enforcement agencies, prosecutors, private industry, and academia. The strategically located CFTFs combat cybercrime through prevention, detection, mitigation, and investigation.
- CyberArk SoftwareBooth: 220
CyberArk (NASDAQ: CYBR) is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including 50 percent of the Fortune 500, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.
- Cybercrime Support NetworkBooth: N/A
Cybercrime Support Network (CSN) is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime. CSN’s mission is to improve the plight of Americans facing the ever growing impact of cybercrime by bringing together national partners to support cybercrime victims before, during, and after.
- CymulateBooth: 235
Cymulate SaaS-based continuous security validation makes it simple to measure and improve your security posture across the full attack kill-chain. Every assessment is scored and includes actionable remediation guidance to mitigate risk and optimize security control effectiveness. Cymulate enables you to take data-driven decisions and manage your security resources efficiently.
- CynetBooth: 155
Cynet 360 is the world’s first autonomous breach protection platform. Cynet eliminates the need of complex multi-product stacks, making robust breach protection within reach for any organization.
- deepwatchBooth: 242
deepwatch’s cloud SecOps platform and relentless customer focus are redefining the managed security services industry. Designed to be different, deepwatch provides customers with world-class managed security services and unrivaled value by extending their cybersecurity teams, curating leading technologies into deepwatch’s cloud SecOps platform, and proactively driving their SecOps maturity.
- DeSales University Cyber Security ProgramBooth: 135
DeSales University offers an exciting digital forensics certificate program, composed of four courses, that teaches students how to recover evidence from various types of electronic devices. Students receive hands-on experience with popular forensic tools and are prepared to address the legal and investigative issues involved with seizing and handling digital evidence. Graduates of the certificate program can add more courses toward a master’s degree in criminal justice or information systems. All courses are online, allowing students with busy schedules greater flexibility.
- ExabeamBooth: 200
Exabeam is a global cybersecurity leader that adds intelligence to every IT and security stack. The leader in Next-gen SIEM and XDR, Exabeam is reinventing the way security teams use analytics and automation to solve Threat Detection, Investigation, and Response (TDIR), from common security threats to the most critical that are difficult to identify. Exabeam offers a comprehensive cloud-delivered solution that leverages machine learning and automation using a prescriptive, outcomes-based approach to TDIR. We design and build products to help security teams detect external threats, compromised users and malicious adversaries, minimize false positives and best protect their organizations.
- FortinetBooth: 265
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.
- WithSecureBooth: 331
WithSecure™ (formerly F-Secure Business) is cybersecurity’s reliable partner. IT service providers, MSSPs and businesses—along with the largest financial institutions, manufacturers, and thousands of the world’s most advanced communications and technology providers—trust us for outcome-based cybersecurity that protects and enables their operations. Our AI-driven protection secures endpoints and cloud collaboration, and our intelligent detection and response are powered by experts who identify business risks by proactively hunting for threats and confronting live attacks. Our consultants partner with enterprises and tech challengers to build resilience through evidence-based security advice. WithSecure™ is part of F-Secure Corporation, founded in 1988, and listed on NASDAQ OMX Helsinki Ltd.
- GigamonBooth: 300
Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com.
- HTCIA Delaware Valley ChapterBooth: n/a
The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge, about methods, processes, and techniques relating to investigation and security in advanced technologies among its membership.
By becoming a member of the HTCIA you will affiliate yourself with a professional organization which will help you fully understand and address issues associated with investigations, apprehensions and methodologies associated with the newest breed of high tech criminals. With the explosion in use of computers and the Internet, there is an uprising in criminal activities that utilize these powerful tools. From computer viruses to data processing fraud, there are many growing threats that expose our society to a new kind of criminal activity.
- ImpervaBooth: 220
Imperva is a leading provider of data and application security solutions that protect business-critical information in the cloud and on-premises. Cybercriminals constantly change their tactics. But what they are after, and how they ultimately make money, doesn’t change. They are after data. They make their money through extortion, via DDoS and ransomware, and through theft via data breaches. Today, data and applications are the fundamental assets of any enterprise. Data are the intellectual property and apps are what run the business. Imperva has a singular purpose: protect these critical assets from the ever-changing attacks of the cybercrime industry.
- Philadelphia InfraGard Members AllianceBooth: 142
InfraGard is a partnership between the FBI and the private sector. It is an association of people from businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. Philadelphia InfraGard Members Alliance (IMA) provides a forum for the exchange of information between the government, the owners and operators of the national infrastructure, and others concerned with the protection of the national infrastructure. Philadelphia IMA supports eastern Pennsylvania and southern New Jersey. Membership is free and new members are welcome.
- InsightBooth: 342
Insight is a comprehensive solutions integrator that helps organizations transform technology, operations, and service delivery to meet challenges and future-proof the business. With a client-focused approach to delivery, we recommend the most appropriate solutions to drive digital transformation and modernization for innovation. As clients look for ways to optimize data for better business, empower speed and scale of service, and drive next-gen security, Insight delivers expertise that is grounded, unbiased, and refreshingly straightforward.
- ISACA PhiladelphiaBooth: 175
The Philadelphia Chapter of ISACA has a membership base of more than 1,600 individuals primarily located in the Philadelphia and the surrounding suburbs, extending into Delaware and Southern New Jersey. The membership of the Chapter includes professionals working in various industries and capacities. From students through experienced C-level executives, the Philadelphia Chapter provides, training, networking and social events to this diverse group who share the common goal of providing expertise in IT audit, security, risk, and governance topics to their colleagues. The Chapter conducts events on a monthly basis led by an active, vibrant and dedicated group of volunteers and is actively seeking business partners to help provide value and knowledge to its members.
- ISC2Booth: 124
ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, ISC2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation, The Center for Cyber Safety and Education™.
- ISSA Delaware ValleyBooth: 118
Our chapter serves the Delaware Valley and Mid-Atlantic region. This is comprised of Eastern Pennsylvania, Northern Maryland, Southern New Jersey, and Delaware.
We are making history as we continue to grow the chapter with your membership, and bring exciting programs to you. If you have not already been involved in the membership meetings, we encourage you to do so. Hopefully, you will walk away with more ideas to take back to your organizations, or you may come away with a sense of – “Hey, we had that same problem”, or “Our company is not alone in dealing with these issues.” - MyotaBooth: 145
Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.
- NetskopeBooth: 325
The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.
- NovacoastBooth: 212
A uniquely positioned IT services and solutions company, Novacoast is less defined by our broad range of expertise and services than by a perspective rooted in our cooperative environment of adaptable problem solving.
Beyond security specialists, software developers or network engineers, we are guides, allies, and problem solvers.
From implementation services, license fulfillment and technical training to software development, staffing services and custom or emerging solutions, Novacoast is an experienced and comprehensive IT business resource empowered on every level by our flexible and fearless perspective.
- OktaBooth: 148
Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.
- Open SystemsBooth: 125
The escalated threat level, the cyber talent shortage, and the sheer complexity of deploying and managing a multitude of security solutions, are the perfect storm for security and IT teams. We are deeply passionate about protecting organizations from that storm.
We provide a set of AI-based, cloud-delivered security solutions that are simple to deploy and manage, and provide the highest level of protection. And Mission Control, our integrated NOC and SOC, is staffed by experts, not only in threat hunting and cyber hygiene, but also in the proper configuration and maintenance of the Microsoft security stack. So we can leverage what you already own.
The combination is changing the lives of our customers, giving them security traditionally reserved for only the largest organizations. We give them “shelter from the storm”. That is our passion.
- Orca SecurityBooth: 220
We’re on a mission to make it fast, easy, and cost effective for organizations to address the critical security issues in their AWS, Azure, and GCP estates so that they can operate in the cloud with confidence.
- OWASPBooth: n/a
The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
- PACTBooth: n/a
Philadelphia Alliance for Capital and Technologies (PACT)’s vision is to be the go-to resource for fast growing companies, and a driver of entrepreneurship and innovation in the Philadelphia region. PACT provides its members with valuable content and connections to capital, coaching, and customers that will accelerate their growth and success, and to collaborate with other organizations to drive innovation and entrepreneurship in the region. Visit www.philadelphiapact.com for more information.
- Qualys, Inc.Booth: 335
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 120 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.
- Recorded FutureBooth: 315
Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.
- Red CanaryBooth: 100
Red Canary was founded to create a world where every organization can make its greatest impact without fear of cyber attacks. As a security operations ally, we arm businesses of all sizes with outcome-focused solutions to quickly identify and shut down attacks from adversaries. Security teams can make a measurable improvement to security operations within minutes.
- Salt SecurityBooth: 375
Salt Security delivers an API Threat Protection solution focused on securing the ubiquitous APIs connecting everything from web and mobile applications to microservices and IoT devices. These are the APIs that you develop and own and are at the core of connecting your applications and data.
Salt Security was founded in 2016 by alumni of the Israeli Defense Forces (IDF) to deliver the first, patented API Protection platform to secure APIs. Salt Security deploys in minutes, automatically learns your unique APIs, and requires no configuration or customization to help you protect and improve your API security.
- SecuronixBooth: 230
Securonix is redefining threat detection and response for today’s hybrid cloud, data-driven enterprise. Securonix Next-Gen SIEM and XDR are powered by the most advanced analytics and built on a scalable, flexible cloud native architecture. Securonix leverages behavioral analytics technology that pioneered the UEBA category to reduce noise, prioritize high fidelity alerts, and enable fast and precise response to insider and cyber threats.
- SecureworksBooth: 355
Dell Secureworks is a global provider of intelligence-driven information security solutions exclusively focused on protecting its clients from cyberattacks. Dell SecureWorks’ solutions enable organizations to fortify their cyber defenses to prevent security breaches, detect malicious activity in real time, prioritize and respond rapidly to security breaches and predict emerging threats.
- SentinelOneBooth: 106
SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.
- TechTargetBooth: N/A
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- WiCyS Delaware ValleyBooth: 112
Women make up only 11% of the cyber security workforce. With such low representation, it is essential that we advocate for and assist women as they navigate through the cyber security industry.
Philadelphia Women & Cyber Security’s Mission: To provide opportunities to advance careers for professionals in Cyber Security through education, mentoring, and networking. A Supportive community for women in cyber security that works to promote and encourage women to develop their careers. We are open to any support for our mission from any gender. Come to the next Philadelphia Women and Cyber Security’s event to get to know other like-minded, female cyber security professionals in the area. We will discuss industry best practices, the latest security trends and solutions, and share lessons we’ve learned over the years. For more information, contact wicysdelawarevalley@wicys.org.
- Cheryl Carmel, ModeratorOwner, Carmel Consulting LLC
Ms. Carmel is a member of (ISC)2 where she holds her CISSP, and IAPP where she holds her CIPT. She is a member of InfraGard and has been on the Advisory Council for SecureWorld for many years.
Ms. Carmel began her career in technology with experience in application development, infrastructure operations, technical support, and teaching. She pivoted to focus on security in 1999. Her most recent role was VP of Security, Privacy, and Compliance at OnSolve where she was responsible for maturing the program to enable successfully implement security controls to meet the rigors of FedRAMP, while maintaining the controls for ISO 27001, HIPAA, and privacy laws. Before that, she was the BISO at FIS (SunGard Financial Systems).
- Jordan Fischer, InstructorFounding Partner & Owner, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP) - Moderator: Joe WalshM.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University
Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for 13 years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor's degree in Information Systems, a master's degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D. in Information Systems with a concentration in Cybersecurity.
- Mark Eggleston, CISSP, GSEC, CHPSCISO, CSC
Mark Eggleston is the chief information security officer (CISO) for CSC, responsible for the global security and privacy program design, operations and continual maturation. As a senior executive specializing in security and privacy program development and management, Mark’s unique background and expertise in information technology, program, and people management have positioned him as a thought leader and frequent industry speaker.
Mark started his career as a program manager and psychotherapist at a hospital serving children and adolescents. Later, Mr. Eggleston helped develop an internal compliance approach—complete with policies and tools—ensuring a geographically dispersed health care provider organization (across 19 states) complied with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Mr. Eggleston then transitioned to applying his HIPAA expertise at an HMO where he has implemented many successful security controls and technologies, including single sign-on (SSO), Identity and Access Management (IAM), Cloud Access security broker (CASB), and a vulnerability assessment program.
Mark received his Bachelor of Science in psychology from Radford University. Later, Mark received both his Master of social work and his post-baccalaureate certificate in management information systems from Virginia Commonwealth University. In addition, Mark holds CHPS, CHPS, and CISSP certifications.
- Tammy Klotz, ModeratorCISO, Trinseo
Tammy Klotz is a vibrant and accomplished executive with over three decades of diverse experience in the manufacturing industry, specializing in cybersecurity and transformational leadership. She offers keen expertise in navigating mergers, acquisitions, and divestitures within both publicly-traded and privately-held companies and is seasoned in security, risk, and compliance leadership. Tammy brings a dynamic and positive approach to problem solving, excelling in simplifying intricate IT and cybersecurity concepts and facilitating pragmatic, non-technical dialogues that resonate with business executives. She is recognized as a strong, knowledgeable, thoughtful security executive who excels in public speaking and thought leadership, striving to empower others through knowledge sharing.
- Todd BearmanVP, CISO, TE Connectivity
Todd Bearman is the Chief Information Security Officer for TE Connectivity with responsibility for Information Security globally across nearly 150 countries with 75,000 employees.
Todd is responsible for ensuring collaboration and risk management across the corporate functions and business units where he leverages his leadership, technical, and business expertise to manage information and business risks. He manages the global Information Security Program defining strategy and executing on security initiatives.
Todd has over 25 years of information systems experience and has been involved with various aspects of Information Security for over 18 years.Prior to working at TE Connectivity, Todd was CISO at Towers Watson, as well as Director of Information Security at Commerce Bank (now TD Bank). Previously, Todd has spent much of his career as a consultant, helping global companies implement and improve their security programs.
- Anahi SantiagoCISO, ChristianaCare Health System
Anahi Santiago is the Chief Information Security Officer at ChristianaCare Health System, the largest healthcare provider in the state of Delaware. Prior to CCHS, she spent over 10 years as the Information Security and Privacy Officer at Einstein Healthcare Network. In her role as CISO, Anahi has overall responsibility for the organization's cybersecurity and assurance program. She leads a team of information security professionals in supporting CCHS's strategic initiatives by collaborating with clinical and business leaders, managing cybersecurity risks, implementing policies and controls, generating overall awareness, and fostering a culture of security and safety.
- Michael HowdenDirector of Security Services, Novacost
Michael Howden brings broad and deep experience in technology, strategy, and security with almost 30 years of experience focusing on global upgrades, migrations, and consolidations for several hundred large enterprises. He is a transformational change agent, leading teams of top tier consultants, building world-class cybersecurity programs for high-profile global companies throughout a wide range of industries. In addition to becoming a leading expert in the field for Microsoft on-premises and cloud security, Michael has developed a passion for safeguarding data, leading massive projects, helping companies mature their data privacy and protection programs into a well-managed and automated state.
- Tal KollenderCo-Founder & CEO, CISO, Gytpol
Tal is the CEO and co-founder of Gytpol. In her teenage years, she was a professional hacker, always on the hunt to crack open what seemed impossible, always on the lookout for IT challenges. As part of her army service, she was recruited to the Israel Air-Force having her sights set on becoming a fighter pilot. Later, the IDF re-assigned her to the IT Corp Cyber Security-Systems Division, where she served as an ICT cyber specialist. Her professional career took her to Dell EMC where she was cyber expert and System Security Architect before creating Gytpol with her co-founders.
- Vince FitzpatrickDirector of Information Security, ChristianaCare
Vince Fitzpatrick is a 20-year information security professional in the fields of healthcare and finance. Currently, he is the Director of Information Security at Christiana Care Health System (CCHS), one of the largest healthcare providers in the mid-Atlantic region, serving all of Delaware and parts of PA, MD, and NJ.
- Peter SteyaertSr. Sales Engineer Manager, Gigamon
- Michael MeyerChief Risk and Innovation Officer, MRS BPO, LLC
Michael Meyer, MPSTM, CISSP, CIPP/US, CIPM, FIP, CISM, CRVPM II, CRISC, CISA, is the Chief Risk and Innovation Officer of MRS BPO. He is responsible for overseeing the company’s enterprise innovation, risk management and security initiatives for its Fortune clients. Michael has been with MRS for over 20 years and previously served in the Chief Security and Chief Information Officer roles. He has a Master’s degree in Technology Management from Georgetown University and a Bachelor’s degree in Computer Science from Rutgers University. Prior to MRS, he owned a consulting company, taught secure government systems globally and was in Military Intelligence.
- Aaron WeaverDirector of Cloud Security, Financial Services
Aaron Weaver has over 20 years' experience specializing in application and cloud security and providing training sessions at various international industry events. His work includes security consulting, penetration testing, threat modeling, and code reviews. Aaron also enjoys honey bees and recently has been experimenting with hive designs.
- Sandy BacikDirector, Audit and Compliance, CipherTechs, Inc.
Sandy Bacik, CISSP, ISSMP, CGEIT, CISA, CDPSE, PCI QSA, is CipherTechs’ Director Audit & Compliance, has over 20 years’ direct information security and operational experience in the areas of IT Audit and Compliance, BCP/DR, Incident Response, Physical security, Privacy, Regulatory Compliance and Audit, Policies/Procedures, Operations, and Management and is a former CISO. With an additional 15 years in Information Technology Operations. Ms. Bacik has been heavily involved with local, national, and international security industry events. Ms. Bacik is the author of Building an Effective Security Policy Architecture and a contributing author to the past years of Information Security Management Handbook.
- Hazel CerraAssistant to the Special Agent in Charge, United States Secret Service
Assistant to the Special Agent in Charge (ATSAIC) Hazel Cerra is a twenty-two year veteran with the United States Secret Service. ATSAIC Cerra was assigned to the Former President William Clinton Protective Detail in Chappaqua, NY, where she spent four years traveling around the world in support of the Clinton Global Initiative (CGI).
ATSAIC Cerra serves as a supervisor in the Philadelphia Field Office, Financial Crimes Squad, where she is responsible for leading a team of Special Agents in the latest trends in cyber fraud investigations.
She earned a Bachelor of Science in Criminal Justice from New Jersey City University and she has also earned her MBA in Finance from Johns Hopkins University.
Lastly, ATSAIC Cerra volunteers her time coaching a CyberPatriot team in the Civil Air Patrol, where she is also the Aerospace Education Officer.
- Stephen DoughertyFinancial Fraud Investigator, Global Investigative Operations Center, U.S. Secret Service
Stephen Dougherty has over a decade of investigative experience. His career as a Financial Fraud Investigator in support of the federal government has played a pivotal role in criminal investigations, surrounding cyber-enabled financial crime, money laundering, human trafficking, identity theft, healthcare fraud, embezzlement, tax/government program fraud, dark web crimes, among others. Stephen’s main area of expertise is combatting money laundering in all its forms. Aside from this, Stephen has been proactive in identifying new and future trends in the world of financial crime. Such trends include the cyber security nexus of financial crimes and its ever-growing relationship in major financial crimes such as Business Email Compromise and the rise of the dark web and the use of virtual currency as a vehicle for facilitation of financial crimes. Stephen has been a leader and a mentor to other investigators teaching them how to uncover fraud internally and externally. Stephen is currently an investigator contracted to the U.S. Secret Service’s Global Investigative Operations Center (GIOC) in Washington D.C.
- Casey McGeeAssistant to the Special Agent in Charge, U.S. Secret Service
Casey McGee is an Assistant to the Special Agent in Charge in the New York Field Office of the U.S. Secret Service. He leads efforts to increase public and private partnership in the investigation of complex transnational criminal investigations involving the use of digital assets. In an executive developmental role, ATSAIC McGee served as the Advisor to the Vice President of Global Intelligence at Coinbase where he identified opportunities for joint USSS/Coinbase initiatives and partnered with various leaders across both organizations to implement cross functional programs. He holds a Juris Doctor from Vermont Law School and a Bachelor of Science from the University of Notre Dame.
- Jordan Fischer, InstructorFounding Partner & Owner, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP) - Moderator: Phread CichowskiSr. Security Architect, SecureWorks
Phread Cichowski has over 35 years of experience ranging from software development to data center management. Having worked for some of the leading technology companies in the world, his broad range of experience allows him to provide a well-balanced perspective leveraging bleeding-edge technology in critical high-availability IT environments. Currently focused on protecting his clients with threat intelligence-driven software and related services that Secureworks has developed over its 23 years of helping customers protect their corporate data.
- Michael MeltzSenior Sales Engineer, Open Systems
Mike Meltz has worked in the IT Security and infrastructure space for over 25 years and he specializes in the design and implementation of enterprise-level Cybersecurity technologies and business process improvements. His goal is to remain focused on creating a secure and quality-driven user experience while helping the organization grow and thrive. In his current role, Mike continues to help our clients manage and secure their organizations by designing SASE and MDR systems that meet the complex challenges of today's enterprise organizations.
Before joining Open Systems as a Senior Sales Engineer, Mike held various technology and strategy leadership roles at companies throughout the United States managing enterprise Infrastructure and Security teams as well as multiple roles as the designated CISO.
- Nick DulavitzGlobal Director, Channel Solutions Engineering, CyberArk
Nick Dulavitz, Global Director of Channel Solutions Engineering, has been with CyberArk for the past 8 years. Nick has worked with some of the largest global organizations helping them to achieve their identity security goals. In his current role, he is responsible for leading a global team that focuses on technical go to market enablement for the CyberArk partner network. This includes building and leading a team of regionally focused channel solutions engineers, advocating for partner specific technical solutions, developing and delivering partner focused technical sales certifications and trainings, and enabling partners on new solution offerings.
- Mike RomanSr. Sales Engineer, Orca Security
Mike is a Senior Sales Engineer at Orca Security who is responsible for helping organizations identify risks in their cloud environments and enhance their cloud security posture. Prior to joining Orca, Mike spent five years at Splunk where he partnered with organizations on their cloud journey in areas that included Security and Observability strategy. Outside of tinkering in the Clouds, Mike enjoys golfing with friends and playing guitar.
- Winston LalgeeSecurity Engineering Manager, Check Point
Winston has almost 20 years of experience in the ICT industry; designing and implementing network security solutions for large enterprise environments. Today, he is a Security Engineering Manager with Check Point Software and is currently supporting a unique set of strategic accounts. He provides thought leadership; helping his customers understand the changing threat landscape and finding solutions to manage risk and mitigate security breaches.
- Sean RaffettoSr. Account Executive, Hoxhunt
Sean works with organizations across the globe partnering with them to provide tailored Consulting security services enabling security teams to keep up with the rapid pace of change in the cyber threat landscape. With over a decade of experience working with enterprise level solutions, Sean specializes in implementing proactive and defense cyber programs across finance, media, and critical national infrastructure. Sean is a lifelong soccer fan and enjoys staying active by hiking and snowboarding.
- Katherine ChipdeyDirector, Solutions Engineering and Alliances, Automox
Katherine Chipdey has spent her career in Cybersecurity, consulting on how to simplify our understanding of the threat landscape and building programs for thousands of customers around EDR, SOAR, and MDR. At Automox, she helped build out the Solutions Engineer Team, where she focused on automating IT operations, reducing risk, and bridging that gap between security and IT for prospects and customers alike. Katherine now manages the technical channel relationships, enabling other IT and Security experts on how to use Automox in order to help their customers meet business needs and critical security goals like never before. Katherine has most enjoyed the opportunity to use her background and experiences in the the field to meet security/ IT teams, and enable them to be as successful as possible with their initiatives. Where a relationship can be made, she will try, as those meaningful interactions and the growth, learning, and connection they bring are invaluable to her. Outside of work, she could spend forever talking about her travels, archery, and pups.
- Sean BoulterPrincipal Security Engineer, Salt Security
Sean Boulter is a technical leader with Salt Security where he helps his customers protect their APIs from abuse and keep their customers’ data secure. His career in IT and consulting spans three decades and covers a wide variety of infrastructure platforms and several industries including fintech, finserv, insurance, healthcare, medtech, and retail. He lives in the Minneapolis area with his wife, and shares a passion for bicycling and wilderness expeditions with his two grown children.
- Mick LeachField CISO, Abnormal Security
Mick Leach is Field CISO of Abnormal Security, where he is responsible for threat hunting and analysis, customer engagement, and speaking at global industry conferences. Previously, he led security operations organizations at Abnormal, Alliance Data, and Nationwide Insurance, and also spent more than eight years serving in the U.S. Army’s famed Cavalry Regiments.
A passionate information security practitioner, Mick holds seven SANS/GIAC certifications, coupled with 20+ years of experience in the IT and security industries.
- Vana KhuranaSr. Solutions Architect, Security Specialist, Cloud Security Alliance Delaware Valley
Vana Khurana is CISSP, AWS Certified Architect (A), CCSP, CCSK, GSEC, and TOGAF certified. Vana serves as Director of Training and a Board Member of Cloud Security Alliance Delaware Valley Chapter. She is also an Adjunct Faculty at Temple University, Philadelphia. Vana has authored the book "IT Process Management," available on Amazon.
- Pete Lindstrom, InstructorLeader in Cybersecurity Strategy, Innovation, and Economics
Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.
- Bryan BechardCISO, Flagship Credit Acceptance
Bryan is a 20+ year InfoSec career professional currently serving as CISO for an auto finance company and teaching the next generation of InfoSec pros.
- Andrew SmeatonCISO, Afiniti
Andrew holds over 22 years of experience in the banking, financial services, and healthcare industries. He is experienced in all facets of IT/IS Security & Risk Management including acquisitions and disaffiliations, and has a track record of developing and implementing security strategies from inception through execution. In addition to his corporate experience, Andrew has also served on the executive boards for international conferences and advised government agencies on information security subjects. Andrew’s regulatory compliance experience includes FSA, PRA, FDIC, ISO 27K, COBIT, HIPAA, PCI-DSS, GLBA, Mass 201 CMR 17.00, SOX 404.SAMA, and NYDFS.
- Jim BearceVP, Professional Services, AccessIT Group
James Bearce is Vice President of Professional Services at AccessIT Group. Jim brings more than 20 years of information technology and cybersecurity development, operations and leadership experience in the financial services industry, and in cybersecurity advisory and managed services.
Prior to joining AccessIT Group, Jim was responsible for leading client engagements to build global security capabilities, served as an Interim Chief Information Security Officer for clients across multiple industries, and advised client Boards of Directors regarding technology and security challenges facing their organizations.
Jim has built and led security teams distributed across North & South America, Europe and the Asia/Pacific regions focused on the detection of cyberthreats, investigation of cybersecurity incidents, and reduction of attack vectors in complex organizations. In a previous role with Vigilant, Inc., he was responsible for the development of security managed services capabilities that contributed to the acquisition of Vigilant by Deloitte & Touche LLP.
Jim holds a Master of Science degree in Information Security & Assurance from Norwich University as well as multiple information security certifications
- Todd BearmanVP, CISO, TE Connectivity
Todd Bearman is the Chief Information Security Officer for TE Connectivity with responsibility for Information Security globally across nearly 150 countries with 75,000 employees.
Todd is responsible for ensuring collaboration and risk management across the corporate functions and business units where he leverages his leadership, technical, and business expertise to manage information and business risks. He manages the global Information Security Program defining strategy and executing on security initiatives.
Todd has over 25 years of information systems experience and has been involved with various aspects of Information Security for over 18 years.Prior to working at TE Connectivity, Todd was CISO at Towers Watson, as well as Director of Information Security at Commerce Bank (now TD Bank). Previously, Todd has spent much of his career as a consultant, helping global companies implement and improve their security programs.
- Christopher SandersPresident, The Palatin Group LTD
Mr. Sanders is currently the President of The Palatin Group LTD, an intelligence and corporate security advisory headquartered in Arlington, VA with offices in Bratislava, Slovakia and Zurich, Switzerland with partner offices around the globe. A seasoned security management consultant and executive with over 25 years of domestic and international management and consulting experience across a broad spectrum of professional disciplines in both the public and private sectors. Mr. Sanders primary responsibility at The Palatin Group is to lead diverse teams of technology, security and corporate professionals supporting clients in the functional areas of Corporate Security; Business Intelligence; Security Technology Integration; Professional Services and Management Consulting; Global Investigations; Diligence; Risk Management, Policy Development and Vulnerability Assessments.
As a member of the firm’s senior leadership team, Mr. Sanders directs the development, implementation and execution of strategic solutions and corporate strategy, global business development, and compliance.
Mr. Sanders’ government experience includes over 15 years providing Senior Operations and Program Management consultant services to the US Government across numerous national and international programs. Served as a US Department of Defense senior advisor/mentor to Iraqi Ministry of Interior and Defense Joint Chiefs of Staff, managing technology acquisition and integration in support of international military, intelligence, and law enforcement efforts. These efforts supported countering insurgent networks internally and trans-nationally utilizing specialized methods and technologies to effectively integrate information sharing amongst direct action units. Mr. Sanders also advised senior leadership of the US Customs and Border Protection (CBP) Border Patrol in Tucson, Arizona on program management of border control issues involving technology integration in support of counter-smuggling and counter-terrorism operations.
Mr. Sanders is a retired Lieutenant from the Metropolitan Police Department (MPD) in Washington DC. His duties included commander of Special Operations units to include criminal intelligence unit dealing with recruitment of human sources, As a member of the international efforts in Kosovo, Iraq, Afghanistan, East Timor and Kuwait, designed and managed implementation of complex criminal intelligence gathering, counter intelligence, anti-smuggling and crime prevention programs with UN and NATO and host nation government clients, as well as directing design and execution of adult learning management systems and programs for local and international forces.
In the private sector, Mr. Sanders served in international management consulting and advisory capacities for clients in the banking, finance, energy, legal, hospitality and technology industries to include Credit Suisse, St. James Place Bank, Gaylord Entertainment, Saudia Airlines, DynCorp International, Sargent & Lundy, and numerous other SMBs and NGOs internationally.
Mr. Sanders has an MBA in Business Management and BSBA in International Business Finance from the American University in Washington, DC and studied abroad at the University of North London and London School of Economics. He is a Project Management Institute (PMI) certified Project Management Professional (PMP) while being experienced in best practices of program and project management. Previous public sector clients have included the United Nations, NATO, US Departments of State, Justice, Defense, Homeland Security, Energy and the National Nuclear Security Administration.
Fluent in English, Conversant in Spanish and Slovak.
- Nick WormserManaging Director, Palatin Group SK
Mr. Wormser has over 20 years of military and international security experience. He spent a decade in the French military where he was deployed to a host of foreign countries, serving as a team leader of a long-range reconnaissance and patrol unit (LRRP), conducting counter-narcotics and anti-terrorism operations, and training of host-country personal. Following which, he entered the private sector consulting for various international law enforcement agencies and military units. Mr. Wormser has also acted as a senior advisor to the CEOs of several multinational corporations as well as high net-worth individuals on security issues and risk management. Mr. Wormser is fluent in English, German, and French.
- Matt BarnettCEO, SEVN-X
Matt is the Chief Executive Officer at SEVN-X. As a certified forensic analyst, former Law Enforcement Officer, and expert field operator, Matt lead's SEVN-X's Incident Response, Forensics, and Physical Security practices.
- Jordan Fischer, InstructorFounding Partner & Owner, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP) - Moderator: Joe WalshM.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University
Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for 13 years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor's degree in Information Systems, a master's degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D. in Information Systems with a concentration in Cybersecurity.
- Happy Hour
- Delbert A. RollRetired U.S. Army, former member of the Intelligence Community
Del is a recently retired, senior leader with 20 years of Federal Government service having served in Washington, D.C. and internationally. Concurrently, he served 23 years as a commissioned Army officer in austere and hostile environments around the globe. Command assignments in both conventional and special operations forces. He is recognized for consistently achieving results against strategic objectives in challenging conditions and dynamic environments. He leads and develops high-impact teams through empathy-centric, servant leadership and is adept in securing partnerships with various stakeholders, developing medium- and long-term strategies, and mentoring teams. He has extensive experience managing complex multi-organizational programs with global reach.
- Jordan Fischer, InstructorFounding Partner & Owner, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP) - Moderator: Joe WalshM.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University
Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for 13 years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor's degree in Information Systems, a master's degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D. in Information Systems with a concentration in Cybersecurity.
- Cerena CoughlinSpecial Agent, FBI
FBI Special Agent Cerena Coughlin is the Employment Recruiter and Applicant Coordinator for the Philadelphia Field Office and local Private Sector Coordinator overseeing InfraGard, a public/private partnership between the FBI and representatives of critical infrastructure. She was a member of the Los Angeles Innocent Images SAFE Team, where she participated in investigations of child exploitation, and was assigned to Counterterrorism squads in Los Angeles and Baltimore and Cyber in Philadelphia. Prior to joining the FBI in March 2001, Coughlin served as Director of Operations for an LA-based non-profit supporting students and educational institutions across the United States.
- Sandra CavazosVP, Product Security and Privacy, Comcast
Sandra Cavazos serves as VP, Product Security and Privacy at Comcast. She leads Secure Development Lifecycle (SDL), including threat modeling, pen testing, SDL coaching, DevSecOps tooling, security developer training, and executive reporting. Sandra began her career as an engineer at Intel’s largest wafer manufacturing facility, improving quality and yield for Pentium 3 and Pentium 4 chips. She transitioned to leading cybersecurity initiatives for Intel’s manufacturing sites. Prior to her current role, she served as Business Information Security Officer for Comcast. Sandra earned a Bachelor of Science from Duke University with a triple major in Biomedical Engineering, Electrical Engineering and German, as well as a Master of Science from Stanford University in Electrical Engineering.
- Abel MoralesPrincipal Security Engineer, Exabeam
Abel Morales is a Senior Security Engineer based in Atlanta, GA. Prior to Exabeam, Abel has over ten years of experience in information security in companies such as Verizon, Syniverse, McKesson and InterContinental Exchange (NYSE). In his previous role, he was responsible for managing incidents, performing technical analysis, and communicating with audiences of various levels. He received a B.S. degree in Information Technology and an MBA from Kennesaw State University. He is passionate about threat hunting, digital forensics, and incident response. He holds industry certifications such as CISSP, GCIH, and MCSA.
- Carlton JonesRegional Vice President, Qualys
Carlton Jones is Vice President of Northeast Enterprise Field Team. Over 20 years of Security leadership experience, in Fusion Centers, Incident Response, Insider Threat, and Attack Surface Management. Carlton designs solutions at scale for the largest brands and technology providers in the world. His background as a practitioner and consultant in the industry provides a unique take on the intersection of People, Process and Technology.
At Qualys, Carlton serves to support Enterprise customers on the expanding attack surface journey.
- Alexandra PanaretosAmericas Lead for Human Cyber Risk and Education, EY
With a background in broadcasting and operational security, Alex specializes in secure communications and education, awareness program development, the psychology of social engineering, human-based risk mitigation, and behavior analytics. She has over 12 years of experience developing and implementing security awareness, communication, and education strategies in Fortune 50/100 companies and other global enterprises. Alex is OPSEC Manager II Certified by the U.S. Army and the Joint Information Operations Warfare Center (JIOWC). She volunteers with local law enforcement agencies educating parents, community groups, and youth organizations on information security and social media safety in her free time.
- Toby ZimmererSr. Demand and Delivery Director, Data Protection
Toby Zimmerer is a Senior Demand and Delivery Director in Optiv’s Data Governance, Privacy, and Protection practice, where he assists organizations with building programs and implementing solutions focused on protecting high value information and assets. He has more than 24 years of professional experience developing information security strategies, designing information security programs, developing information security solutions and leading teams with deploying and operating information security programs. Toby has an MBA, a BS in electrical engineering, a CISSP certification, a CCSK from the Cloud Security Alliance, and is a US Navy veteran.
- Darren CarrollManaging Principal - Security Services, Insight
Darren is a risk management and information security leader with diverse global experience in operational, technical, management, and presales roles. He has had the pleasure to build and lead multiple diverse, dynamic, high-performing teams. Throughout his career, he has provided consultative thought leadership, strategic direction, and tactical response to multiple federal, state, and local agencies, many of the Fortune 100, and hundreds of mid-sized enterprises.
- Rebecca RakoskiCo-Founder & Managing Partner, XPAN Law Partners
Rebecca L. Rakoski is the managing partner at XPAN Law Partners, LLC. Rebecca advises her clients on a proactive, multi jurisdictional approach to identify and address data privacy and cybersecurity compliance gaps and potential liabilities. She uses her extensive experience to work with her clients to create and tailor a security and privacy governance program that fits their specific needs in order to limit their regulatory exposure.
Rebecca counsels and aggressively defends public and private corporations, and their boards, during data breaches and responds to state/federal regulatory compliance and enforcement actions. As an experienced litigator, Rebecca has handled hundreds of matters in state and federal courts. Rebecca skillfully manages the intersection of state, federal, and international regulations that affect the transfer, storage, and collection of data to minimize her client's litigation risks.
Rebecca regularly negotiates complex contractual provisions that are impacted by domestic and international data privacy regulations including the California Consumer Privacy Act of 2018, and the European Union's General Data Protection Regulation. She understands how the nature of the data can affect the role her client plays in the data transaction and uses that knowledge to mitigate corporate liability.
As a thought leader in the area of data privacy and cybersecurity, Rebecca serves on the New Jersey State Bar Association's Cyber Task Force. Rebecca is Vice-Chair Elect for the New Jersey State Bar Association's Bankruptcy Law Section.Rebecca has been appointed and served in multiple highly complex litigation matters by the New Jersey Superior Court as a Special Master in the areas of technology and eDiscovery. She also served on the Complex Business Litigation Committee that drafted and revised the New Jersey Court Rules involving electronic discovery. Rebecca was on the eDiscovery committee of her prior law firm and created its eDiscovery subgroup.
Rebecca is on the Board of Governors for Temple University Health Systems and is also the Acting Dean of Online Learning and an adjunct professor at Drexel University’s Thomas R. Kline School of Law.
- Glenn KapetanskyChief Security Officer & Technology Lead, Trexin Group
Glenn Kapetansky has a passion for building systems, organizations, and teams, and has done so across a number of business sectors, technologies, and roles. For over 20 years, Glenn has advised senior executives and built teams throughout the delivery cycle: strategy, architecture, development, quality assurance, deployment, operational support, financials, and project planning. His credentials were earned in such diverse industries as healthcare, finance, energy, consumer products, and telecommunications. Glenn's current focus areas—as Senior Principal and Chief Security Officer at Trexin Group—are agile management, data protection, and audit/regulatory compliance.
Glenn speaks and publishes on occasion. He has been named numerous times in various Who's Who, and is a repeat recipient of Bell Labs' Arno Penzias Award for Innovation in the Marketplace. He is active in CIO Roundtables, CISO Chicago, the Chicago Life Sciences Consortium, and the Technology Leaders' Association. Glenn's certifications and memberships include IEEE, ISC2 (CISSP), ISACA (CISA), and ITIL (SM).
- Peter SteyaertSr. Sales Engineer Manager, Gigamon
- Rick RutledgeSales Engineer, Armis
Rick Rutledge has been in the Security space for more than 15 years. He has moved from working in the N.O.C. of a fortune 500 company to designing network and security infrastructure of a fortune 20 company to selling security solutions to hundreds of companies across all verticals and sizes. His previous experience with both support and design of some of the largest networks in the world give him a unique insight to a majority of the problems we face today.
- Jim BearceVP, Professional Services, AccessIT Group
James Bearce is Vice President of Professional Services at AccessIT Group. Jim brings more than 20 years of information technology and cybersecurity development, operations and leadership experience in the financial services industry, and in cybersecurity advisory and managed services.
Prior to joining AccessIT Group, Jim was responsible for leading client engagements to build global security capabilities, served as an Interim Chief Information Security Officer for clients across multiple industries, and advised client Boards of Directors regarding technology and security challenges facing their organizations.
Jim has built and led security teams distributed across North & South America, Europe and the Asia/Pacific regions focused on the detection of cyberthreats, investigation of cybersecurity incidents, and reduction of attack vectors in complex organizations. In a previous role with Vigilant, Inc., he was responsible for the development of security managed services capabilities that contributed to the acquisition of Vigilant by Deloitte & Touche LLP.
Jim holds a Master of Science degree in Information Security & Assurance from Norwich University as well as multiple information security certifications
- Moderator: Tracey Brand-SandersCISO, UGI Corporation
- Dave KleinDirector, Cyber Evangelist, Cymulate
21+ year veteran high tech leader with a proven track record of revenue generation in sales and demand generation in marketing. Successful in creating and conveying solution messaging for business and technical decision makers, analysts and channel partners. Energized teacher for field enablement.
- Tony AllegratiCloud Systems Engineer, Fortinet
Tony Allegrati is an experienced Sales Engineer with over 15 years of sales in both medium and enterprise accounts. Specialties: Presales demonstrations, evaluation, installations, training and support of IT security technology. 3+ years of work experience with Cloud Technologies and security for Cloud.
- Jake MunroePlatform Marketing & Strategy Director, Recorded Future
Jake has held various roles across the security space in consulting, marketing, and sales. Prior to joining the private sector, Jake served as a Navy Intelligence Analyst with an extensive background in counterterrorism, cyber threat intelligence, and open-source intelligence investigations.
- Steve BooneHead of Product, Checkmarx
Over the last decade, Steve Boone has helped hundreds of global clients with their strategic adoption of secure DevOps best practices. A frequent speaker at DevOps Enterprise Summit, and DevOps World, Steve has shared his expertise on Secure Continuous Delivery, Value Stream Management, and Agile best practices. Today, Steve is the Head of Product Management at Checkmarx, where his focus is on helping customers solve modern application security challenges with Open Source, APIs, and Supply Chain.
- Luke BabarindePrincipal Architect, Sales Engineering, Imperva
Luke Babarinde is a Principal Solutions Architect at Imperva with over 15 years of experience in cybersecurity. He is passionate about building effective solutions to assist organizations seeking to holistically address data challenges of which security is critical.
- Chris A. Quintanilla, CISSPBoard President/Strategic Development Committee Chair, Philadelphia InfraGard
Chris has over 25 years’ experience in the IT field and is a Certified Information Systems Security Professional (CISSP). He has served as a senior project manager and engineer for several federal and municipal governments’ IT projects, as a network and systems engineer for IBM's Education and Training Division, and as an adjunct faculty member at the Pennsylvania Institute of Technology. Chris leverages his associations with federal law enforcement along with his IT background to advise clients on matters of information security, works with them to implement best practices to safeguard critical systems and sensitive information, and assists victims and law enforcement after malicious acts occur. Chris has been appointed by three different U.S. Presidents and two different Governors as a US Selective Service Board Member. He is also an information systems officer in the US Coast Guard Auxiliary.
- Rosemary ChristianDevSecOps Engineering Coach, Comcast
Rosemary Christian is Co-President for WiCyS Critical Infrastructure and a Board Member for WiCyS Delaware Valley. She has demonstrated passion, knowledge and proven ability to engage others in the emerging market needs for cybersecurity initiatives. She leverages her experience, communications skills and interpersonal savvy across all levels to facilitate multiple security control systems, encryption and authentication protocols. She has a deep understanding of the importance of protection and maintenance of information and data security protocols in collaborative team environments. At Comcast as a DevSecOps Transformation Coach she fosters continuous improvement and sustained adoption of Secure Development Lifecycle practices.
- Nancy Hunter, ModeratorBoard President, WiCyS Delaware Valley Affiliate
Nancy Hunter is the VP, CISO and Data Privacy Security Officer at the Federal Reserve Bank of Philadelphia. With more than 25 years of experience in technology including 15 years in Information Security, Nancy joined the Federal Reserve Bank in 2017 where is accountable for Information Security Operations and Consulting, Information Risk Management, Records Management, and guides the implementation of the Bank’s data and system privacy program and serves as Bank representative in System data privacy policy setting. Nancy is certified in Risk and Information Systems Controls (CRISC) and holds a B.A. in Mathematics from Temple University.
- Krista ArndtAssociate CISO, St. Luke's University Health Network
Krista Arndt is the Associate CISO at SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day to day operational effectiveness. Krista has been working in information security in various capacities for more than 15 years. In her previous roles, Krista assisted with developing and leading security programs in national healthcare, crypto, finance, and the Department of Defense. She currently holds her CISM and CRISC certifications and NHRA competition driver's license.
Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council, and is Marketing Committee Chair for Women in CyberSecurity (WiCyS) Delaware Valley Affiliate. Through this service, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.
When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.
- Elizabeth SylvesSr. Consultant, North America, CSC
Elizabeth Sylve is Senior Business Consultant for Enterprise Businesses at CSC where she helps and advises Senior IT and Cyber Security Professionals mitigate risk in front of the firewall. She is also a speaker for Global Antifraud and Phishing Solutions, former 8-year VP of IT Technology consultant at FuturTech Consulting, LLC, and has 24 years of consulting businesses.
- Mike McKeownNational Sales Executive, BTB Security, LLC
A 1980 graduate of St. Joseph's University, Mike has a 30+ year career of marketing and selling technology goods and services to SMB and Fortune 500 clients. While resident in the Great Philadelphia area, Mike has sold services nationwide. After owning his own business for 18+ year in technology services, Mike has been selling incident response, penetration testing & assessments, CISO Advisory services and MDR services for BTB Security, a wholly owned subsidiary of Netrix, LLC.
- Vijaya RaoEnterprise Cloud Security — Product Lead, UnitedHealth Group
Vijaya Rao is a Senior executive with over 25 plus years of experience in the Engineering and Cybersecurity space. She has worked for different fortune 100 companies such as CenturyLink, AOL, JP Morgan Chase, and Google. She also founded the last mile Technology enabled platform called DeliveryCircle, raised multiple rounds of funding and currently serves as the Chairman of the board. In her current role as the Product Leader at UnitedHealth Group, she leads Enterprise Cloud Security. Vijaya is also a Certified CISO.
Vijaya is an expert at synergizing teams, by setting the vision for excellence and building out team alignment, while ensuring that members have the information, support, and tools necessary for success. She has steered technology organizations of over 200 people, maintaining team cohesion amid significant change while boosting performance and fostering a team culture of collaboration, innovation, and shared success. Vijaya’s core belief is that innovative technology-based solutions should be at the core of every business model. This helps companies achieve a strong ROI and leads to sustainable growth.
Vijaya loves travelling and volunteering time mentoring young girls into STEM programs. She currently also serves as an advisor for technology start-ups at the University of Delaware (Horn Entrepreneurship program).
- Scott Laliberte, ModeratorPresident, ISSA Delaware Valley Chapter
Scott Laliberte, President of ISSA Delaware Valley Chapter for over 10 years, has grown the chapter significantly by creating a collaborative community for Cyber Security professionals to share their knowledge and experience and satisfy their CPE needs. Scott also leads Protiviti’s Emerging Technology practice where he enables clients to leverage emerging technologies to solve complex business problems and manage risk. His team specializes in many technology areas including Artificial Intelligence (AI) and Machine Learning, Internet of Things (IoT), Cloud, Blockchain, and Quantum Computing. In previous roles, Scott was the Global leader of Protiviti’s Cyber Security Practice.
- Jordan Fischer, InstructorFounding Partner & Owner, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP) - Moderator: Joe WalshM.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University
Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for 13 years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor's degree in Information Systems, a master's degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D. in Information Systems with a concentration in Cybersecurity.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes